last executing test programs:

16.056072526s ago: executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15)
r2 = dup(r1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x10)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
write$P9_RVERSION(r1, &(0x7f0000000380)=ANY=[], 0x15)
write$P9_RLERRORu(r2, &(0x7f00000001c0)=ANY=[@ANYBLOB="1700000007"], 0x16)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x6, 0xc}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})

16.032906669s ago: executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001700)=@base={0x16, 0x0, 0xb161, 0x7f}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2, <r3=>0xffffffffffffffff}, 0x0, &(0x7f0000000040)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000200)={r3, 0x0, &(0x7f0000001780)=""/4096}, 0x20)

16.001540925s ago: executing program 0:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x4, &(0x7f0000000280)={{r2}, 0x0, &(0x7f0000000240)}, 0x20)

15.978898458s ago: executing program 0:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7f12ddc1d400"})
r1 = syz_open_pts(r0, 0x0)
r2 = dup3(r0, r1, 0x0)
ioctl$TIOCSLCKTRMIOS(r2, 0x5409, 0x0)

15.9624356s ago: executing program 0:
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x10000, &(0x7f0000000c00), 0x1, 0xb8e, &(0x7f00000017c0)="$eJzs3M9vVNUeAPDvvZ2WQgstLy/vPchLbGIQo3EolGjCClwbNdEFS8Z2SpoOP+yUxDYsCu7VhTEuSAx/gol7ceHKxAUuDP4FxEgM0Q24qLnzo0zoTFthhoP4+SRn7jlzhvl+v3PD3HOSuQ3gH2uqeMgjDkTEmSxiovV8HhEjjd5oxFrzdffvXp4tWhbr6+/8mkUWEffuXp5tv1fWOo61BqMRcfP1LP714ea49ZXVxUqtVl1qjY8sn7t4pL6y+srCucrZ6tnq+eMzrx2feXVmpo+13r743uf//+HNF65e/2j6rc/2fZfFyRhvzXXW0S9TMbXxmXQqRUSl38ESGWrV01lnVkqYEAAAW8o71nD/iYkYigeLt4n49sekyQEAAAB9sT4UsQ4AAAA84zL7fwAAAHjGtX8HcO/u5dl2S/uLhCfrzqmImGzW376/uTlTirXGcTSGI2LPb1l03taaNf/ZY5sqIn31fbVoMaD7kLeydiUi/tft/GeN+icbd3Fvrj+PiOk+xJ96aNy9/m53UffH49R/sg/xd1Y/APTXjVPNC9nm61++sf6JLte/Updr16NIff1rr//ub1r/Pah/qMf67+0dxjj4x0s3e811rv9Of/zTXBG/OD5WUX/BnSsRB0vd6s826s961H9mhzHGZm9fa/bWNy3kivqLetvtSde/fj3iUHSvvy3b6u8THZlfqFWnm489Yhz65vThXvE7z3/RivjtvcCTUJz/PT3q3+78X9xhjMn//nKg19z29ec/j2TvNnojrWc+qCwvLx2NGMne2Pz8sa1zab+m/R5F/S8+v/X//271F98Ja63PodgLXGkdi/HVh2KOHTr25aPXP1hF/XOPeP4/2WGML76+9n6vudT1AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD3kEfEeGR5eaOf5+VyxFhE/Dv25LUL9eWX5y9cOj9XzEVMxnA+v1CrTkfERHOcFeOjjf6D8bGHxjMRsT8iPp3Y3RiXZy/U5lIXDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIaxiBiPLC9HRB4Rv0/kebmcOisAAACg7yZTJwAAAAAMnP0/AAAAPPvs/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABiw/c/duJVFxNqJ3Y1WGGnNDSfNDBi0PHUCQDJDqRMAkimlTgBIxh4fyLaZH+05s6vvuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw9Dp84MatLCLWTuxutMJIa244aWbAoOWpEwCSGUqdAJBMKXUCQDL2+EC2zfxoz5ldfc8FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKfXeKNleTki8kY/z8vliL0RMRnD2fxCrTodEfsi4tLeiGJ8NHXSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9F19ZXWxUqtVl3R0dHQ2Oqm/mQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASKG+srpYqdWqS/XUmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACp1VdWFyu1WnVpgJ3UNQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkM6fAQAA//9A0Qap")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)=0x20)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f00000004c0)={0x1, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})

15.870980964s ago: executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mm_page_alloc\x00', r1}, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x20c9}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000440)={0x0, r2}, 0x10)

8.252186023s ago: executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='module_request\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='module_request\x00', r2}, 0x10)
socketpair(0x0, 0x0, 0x0, &(0x7f00000006c0))

8.235600145s ago: executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x4, 0x7fe2, 0x1}, 0x52)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000500), &(0x7f00000005c0)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000100001c7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r5, 0xffffffffffffffff, 0x0)

8.128167792s ago: executing program 4:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800"/13], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r1, &(0x7f0000000180), 0x2009)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='ext4_begin_ordered_truncate\x00', r2}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)

8.100575787s ago: executing program 4:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xa, 0x4, 0x3, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='scsi_dispatch_cmd_start\x00', r2}, 0x10)
write$cgroup_type(r0, &(0x7f0000000140), 0x9)

8.034537077s ago: executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000008c0)='sys_enter\x00', r1}, 0x10)
pipe(&(0x7f0000005880)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
fsetxattr$security_selinux(r2, &(0x7f00000000c0), &(0x7f0000000040)='system_u:object_r:dhcp_state_t:s0\x00', 0x1e, 0x0)

8.007366271s ago: executing program 4:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f00000000c0), 0x2, 0x0)
r2 = openat$cgroup_procs(r0, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f0000000040), 0x12)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r3=>0xffffffffffffffff})
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
write$cgroup_freezer_state(r1, &(0x7f0000000400)='FROZEN\x00', 0x7)

1.68283756s ago: executing program 3:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000001000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10)
sysinfo(&(0x7f0000000200)=""/32)

1.658669464s ago: executing program 3:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000000)=@req3={0x8000, 0x7, 0x500, 0xaf}, 0x1c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0)

1.641448817s ago: executing program 3:
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x24, &(0x7f00000002c0)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x51}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}, @printk={@d, {0x3, 0x3, 0x3, 0x4, 0x9}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

1.584712585s ago: executing program 3:
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYRES32=r3, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r4}, 0x10)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b0000"], 0x15)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000740)={<r5=>0xffffffffffffffff})
setsockopt$TIPC_SRC_DROPPABLE(r5, 0x10f, 0x8a, 0x0, 0x0)
dup(0xffffffffffffffff)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x4)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})
r6 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
mknodat$loop(r6, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
r7 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0)
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0)
linkat(r7, &(0x7f0000000140)='./file1\x00', r7, &(0x7f00000002c0)='./file0\x00', 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
fsync(r8)

1.581763366s ago: executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000f2fc850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f0000004440)=@base={0x10, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48)

1.500258439s ago: executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000680)={{r0}, &(0x7f0000000600), &(0x7f0000000640)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
request_key(&(0x7f0000000280)='asymmetric\x00', &(0x7f00000002c0)={'syz', 0x0}, &(0x7f0000000300)='@\x9f+^\xbe-@(/[+\x9f{\x00', 0xfffffffffffffffe)

1.470482963s ago: executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="a4010000160001000000000000000000fe8000000000000000000000000000bbfc0100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000aa0000000033"], 0x1a4}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=@allocspi={0xf8, 0x16, 0xe32b7fa974c0285, 0x0, 0x0, {{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @in=@multicast2}, {@in6=@local, 0x0, 0x6c}, @in=@multicast2}}}, 0xf8}}, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c000000120001000000000000000000ac141400000000000000000000000000000000000008000014000d"], 0x3c}}, 0x0)

1.202002255s ago: executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, 0xffffffffffffffff, 0x0)
getrandom(&(0x7f0000000340)=""/4096, 0x412269194f7c77a1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080))
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x0, &(0x7f0000000200))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x0, 0x8, 0x8}, 0x48)
socket$inet6_icmp(0xa, 0x2, 0x3a)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
mkdir(0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f0000000140)=@v1={0x0, @adiantum, 0x0, @desc3})
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000240)={'fscrypt:', @desc3}, &(0x7f00000002c0)={0x0, "615a091a55a8c9a640115d99d981b3886420589c6685d4982a83b71b906769e737201ac6b7a7804454156569cbf3a5be811debc957b5831b89b59d703e748c7c", 0x25}, 0x48, 0xffffffffffffffff)

1.092106712s ago: executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000007900)={0x0, 0x0, &(0x7f0000007840)=[{&(0x7f0000005a00)={0x214, 0x1a, 0x1, 0x0, 0x0, "", [@nested={0x201, 0x0, 0x0, 0x1, [@typed={0x14, 0x2, 0x0, 0x0, @ipv6=@loopback}, @typed={0x14, 0xc}, @typed={0x5, 0x0, 0x0, 0x0, @str='\x00'}, @generic="7ecc16dcf74f252081b01a8de5e587ce2112bf0ecef0ccda814e3057387196aaf611c6c4dd359ab761d5d1c8cc37546f36d8b59314e58c9e4dd891ec0c", @generic="775f7a2c9b0db8f0a55bda14cdd0f849a39de5eee595965032f45590e44959cb2974b9f1d8c5831975bda88035220e7bec753bbd036e217991626fc442de2e1cb8f6b4352ec9021bf8f275b6a74030c106086592a7d82da6e917928cd7bc5cf6dc1339b4b98c42c7cf045bf991a98cc3d7072e2392d9c76f2882b8d89f6d2554f9b0c223142ed6523fdbb54a878adbbe2280afec9ecb812f6384cb9c753e30b27a46adcfb9c59231bf986daddd1617f24691dda526a98c5b586cd279674ccc16b9ef1a8080e3784ebcc720595cfb4bb522ba244b1f533a09dc254bd246d8da248af612ec461db7f1f1c41652f1fd8df581fe9039aa680bd962f8e86e5a", @generic="2a150ce4f2b1f97659826a9b9df4abc71b1638c2f6267eb56c497d4f67f4ac5d3f6d83d7514f87e94aa009389b00f086d261469e81c2600c8254d8300d4c463cf0940cca5e8b35dffb1c3cea74ed3d0c8d1f6266627332a5a1f63312a28f28020f21426a03f4a40b249b76f6e5384509467aa0d31970fac9d7bd7a58f45987c9f73095b395adaf4225b7cb3e7232a0b20398512a828866104f83fb434d1654bdb42686"]}]}, 0x214}], 0x1}, 0x0)

1.055621788s ago: executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000002000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="a903000000000000000032"], 0x1c}}, 0x0)

1.034949061s ago: executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x10)
epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)

1.010008094s ago: executing program 1:
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x24, &(0x7f00000002c0)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x51}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}, @printk={@d, {0x3, 0x3, 0x3, 0x4, 0x9}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

874.906715ms ago: executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x10, 0x4, 0x8, 0x2}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r3}, &(0x7f0000000180), &(0x7f0000000100)=r2}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r3, &(0x7f0000000300), 0x0}, 0x20)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYRES32, @ANYBLOB="14000200fe8000000000000000000000000000aa140006001f00000001f0ffff0000000000000000140001"], 0x54}}, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r4, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
listen(r4, 0x0)
recvmmsg(r4, &(0x7f0000002580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000280)=""/148, 0x94}], 0x1}}], 0x1, 0x0, 0x0)
r5 = socket$tipc(0x1e, 0x5, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
sendmsg$tipc(r5, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f00000001c0)=[{&(0x7f00000000c0)="c4", 0x1}], 0x1}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000080)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000600000008000300", @ANYRES32=r6, @ANYBLOB="140004006e7363766630000000000001010000000800050006000000180017800400040004"], 0x50}}, 0x0)

757.503214ms ago: executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000001040)='smaps\x00')
read$ptp(r0, &(0x7f0000000040)=""/4090, 0xffa)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='devtmpfs\x00', 0x0, &(0x7f0000000380)='source')
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, 0x0)

534.177258ms ago: executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x2, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000880)=ANY=[@ANYBLOB="18000000000000000000000000000000711239000000000095000007000000001b3e13b94404d3a66f365e284b3e74b548c5a287c52226b7f2c3a25d886566d7d42e8a73921d2802de40ecec92e159e133fb694bfdcdcfb5892312d9ce257add51c3409fa3b088c491f5f391758ad8025a8357a61bd07a319bae33c050ad36d73732da573977e7458ae1464641213c4d5253e1d42ae6870c4c8e2a5b9e27b39db25ecca4133837af0eacb0ecc1327e71cf76693a5e6c7c41e02d7bffe6a6ba6d14a06ee0bb7df8ef23d38d88c3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000080007b8af8ff000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0xf)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000000), 0x4)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001100)=ANY=[@ANYBLOB="3400000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000140012800b000100627269646765"], 0x34}}, 0x0)
creat(&(0x7f0000000040)='./bus\x00', 0x0)
open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0)
open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0)

94.432996ms ago: executing program 2:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000b80)={[{@nombcache}, {@abort}, {@dioread_lock}, {@norecovery}, {@discard}, {@lazytime}, {@noload}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy")
chdir(&(0x7f0000000380)='./file0\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000000080)=""/43, 0x2b)
getdents(r0, 0xfffffffffffffffd, 0x58)

90.377677ms ago: executing program 1:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
memfd_create(&(0x7f0000000400)='\x01\fD\xd1\x1e\x803\x00\x00\xbf\xecs \xc5\xb55nVg\x1b\xa3\x8a\xcc\xf2!PmENs\xe5\x83Uz\xc0W\xc1\xcc\x97\xd1\x8e\x81\n\xc0\xb3Ac\xfe(\x00\x13\xaeZ\x8bp\x1e\xdc\x18\xddf\xe9\xe1\t\bR) \xa9P9(\xe1-q \xb3\x80\xb9\xdfj\xed\xc2_o\xa6\x04\xf5\x9f\x04\xf1\xd5\xe3\xfa\xfd\x161\x13r\xc49\x80\x86\x1a\xbf\xf8H\xe8Cc\x84\xa6y\xb7\xbe\xf5\xcc\xc9Z\x9f\xa6\xcbX\x891\xed\a\xf9\xa6\xd8\xd0\x03\x00\x00\x00\x00\x00\x00\x00\']\by\xb5\xbcI\xbf\xacw\xda\xed\xf0^\xd35\xeb=\xc7\x82;\xb32;\xc5\xa3\xc8\xb9\xf2\xe5\xf4\x93[\x91F\x83?\xfe\xd9\x7ffvQ\xff\xc0\x8f\xe4\xb8\xa3\xbf\xceAT\x17\xc6\x81\xc0m}O\xfd\xe0\x05$\xcd\xfdkMu\x9bQ\xd8z\xe0\xd6\xe2\xbe\xf4\xd5\x16\x94\xe0\xbf0\xde\xcaS/\xf7\xeb\x89bmX0\x94T\x10\x9dx@\xce:]\xb68\xa2W\xcb\x86\b#s\xb4q6\xe88\x19\x1a\x14Z\xf3\xd7\x92\xe4bT\x02\x00\x10r\x9b~n`m:]#\x989\xc3psjO\x80n\\\xb9\x9b\xeami\xd1\x9cSL\xb6\x87\t\x9bg\xd3\xcf\xc0F\x8c\x9b\x12O\xac`\xb4\x94IH\xb0\xcd\xe9eC\xb1\x8d{\x19\xde\x19\x8e\xb5l\xa6\x1e\r)j\xec\x02\x19SM\xa6\xcf\xb9b)\xe7\xa8\x03~{\xc5\x9b\xa8I\x19j\xa5g\x877Xa\x91\x144\x064w\xc1\xe7J)\xean\xfd\xc6\xa5Y\x84\x82U\xdc\x1bQ\xd54\x01\x98\x88\xc8\xce\x94\xf8d\x9c\xba\x1e\xf3o\x87\xbc\xbaL\x87\b<\xb8o\xc8nd\xe0\xea-5P\xa0\xc7\x18\xdb\\O\xb8xT\xa1', 0x0)

0s ago: executing program 2:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000004000000000000000000190095"], &(0x7f00000001c0)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
syz_emit_ethernet(0xfdef, &(0x7f0000000780)=ANY=[@ANYBLOB], 0x0)

kernel console output (not intermixed with test programs):

xt4_empty_dir:3099: inode #11: block 32: comm syz-executor.2: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  386.173540][ T8340] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  386.185196][ T8340] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 32: comm syz-executor.2: path /root/syzkaller-testdir4039528670/syzkaller.6pTrWu/80/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  386.211801][ T8340] EXT4-fs error (device loop2): ext4_empty_dir:3099: inode #11: block 32: comm syz-executor.2: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  386.231344][ T8340] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  386.243335][ T8340] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  386.255793][ T8340] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  386.268352][ T8340] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  386.280398][ T8340] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  386.292323][ T8340] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  386.331630][ T1716] usb 1-1: Using ep0 maxpacket: 8
[  386.382831][ T8340] EXT4-fs (loop2): unmounting filesystem.
[  386.452917][ T1716] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  386.462553][ T1716] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.472940][ T1716] usb 1-1: config 0 descriptor??
[  386.552351][ T9604] bridge0: port 1(bridge_slave_0) entered blocking state
[  386.568062][ T9604] bridge0: port 1(bridge_slave_0) entered disabled state
[  386.583135][ T9604] device bridge_slave_0 entered promiscuous mode
[  386.590151][ T9604] bridge0: port 2(bridge_slave_1) entered blocking state
[  386.598769][ T9604] bridge0: port 2(bridge_slave_1) entered disabled state
[  386.606424][ T9604] device bridge_slave_1 entered promiscuous mode
[  386.709018][ T9613] bridge0: port 1(bridge_slave_0) entered blocking state
[  386.716521][ T9613] bridge0: port 1(bridge_slave_0) entered disabled state
[  386.724262][ T9613] device bridge_slave_0 entered promiscuous mode
[  386.743554][ T9613] bridge0: port 2(bridge_slave_1) entered blocking state
[  386.750495][ T9613] bridge0: port 2(bridge_slave_1) entered disabled state
[  386.757869][ T9613] device bridge_slave_1 entered promiscuous mode
[  386.769049][ T9604] bridge0: port 2(bridge_slave_1) entered blocking state
[  386.775928][ T9604] bridge0: port 2(bridge_slave_1) entered forwarding state
[  386.783037][ T9604] bridge0: port 1(bridge_slave_0) entered blocking state
[  386.789819][ T9604] bridge0: port 1(bridge_slave_0) entered forwarding state
[  386.879961][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  386.887993][  T429] bridge0: port 1(bridge_slave_0) entered disabled state
[  386.895953][  T429] bridge0: port 2(bridge_slave_1) entered disabled state
[  386.928848][  T610] device bridge_slave_1 left promiscuous mode
[  386.934883][  T610] bridge0: port 2(bridge_slave_1) entered disabled state
[  386.943036][  T610] device bridge_slave_0 left promiscuous mode
[  386.949166][  T610] bridge0: port 1(bridge_slave_0) entered disabled state
[  386.957233][  T610] device veth1_macvtap left promiscuous mode
[  386.974856][  T436] hub 2-1:0.0: hub_hub_status failed (err = -32)
[  386.981081][  T436] hub 2-1:0.0: config failed, can't get hub status (err -32)
[  387.052470][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  387.060478][  T429] bridge0: port 1(bridge_slave_0) entered blocking state
[  387.067322][  T429] bridge0: port 1(bridge_slave_0) entered forwarding state
[  387.074564][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  387.077239][  T436] usbhid 2-1:0.0: can't add hid device: -32
[  387.082646][  T429] bridge0: port 2(bridge_slave_1) entered blocking state
[  387.088247][  T436] usbhid: probe of 2-1:0.0 failed with error -32
[  387.094929][  T429] bridge0: port 2(bridge_slave_1) entered forwarding state
[  387.108329][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  387.116378][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  387.146523][  T436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  387.158909][ T9604] device veth0_vlan entered promiscuous mode
[  387.171519][  T436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  387.179961][  T436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  387.198877][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  387.206136][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  387.213971][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  387.222076][  T414] bridge0: port 1(bridge_slave_0) entered blocking state
[  387.228948][  T414] bridge0: port 1(bridge_slave_0) entered forwarding state
[  387.237437][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  387.252967][  T414] bridge0: port 2(bridge_slave_1) entered blocking state
[  387.259863][  T414] bridge0: port 2(bridge_slave_1) entered forwarding state
[  387.267145][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  387.277444][ T9604] device veth1_macvtap entered promiscuous mode
[  387.289787][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  387.298494][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  387.306420][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  387.325575][ T9136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  387.334139][ T9136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  387.357971][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  387.374022][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  387.391131][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  387.400456][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  387.409956][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  387.417925][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  387.426770][ T9613] device veth0_vlan entered promiscuous mode
[  387.434986][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  387.442752][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  387.458084][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  387.466843][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  387.481305][ T9613] device veth1_macvtap entered promiscuous mode
[  387.493813][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  387.501679][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  387.511169][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  387.534413][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  387.544794][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  387.641304][ T9649] loop4: detected capacity change from 0 to 40427
[  387.648380][ T9649] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  387.656261][ T9649] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  387.666740][ T9649] F2FS-fs (loop4): Found nat_bits in checkpoint
[  387.698198][ T9649] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  387.705253][ T9649] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  387.723339][   T28] audit: type=1400 audit(2000000098.565:3174): avc:  denied  { execute } for  pid=9648 comm="syz-executor.4" path="/root/syzkaller-testdir1640262727/syzkaller.wwDi8O/2/bus/bus" dev="loop4" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  387.759057][  T561] kworker/u4:4: attempt to access beyond end of device
[  387.759057][  T561] loop4: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  387.832424][ T9681] loop2: detected capacity change from 0 to 1024
[  387.842190][ T9681] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a802c018, mo2=0002]
[  387.858077][ T9681] System zones: 0-1, 3-12
[  387.863120][ T9681] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  387.884762][ T9687] loop4: detected capacity change from 0 to 1024
[  387.891583][ T9687] EXT4-fs: Ignoring removed orlov option
[  387.897295][ T9687] EXT4-fs: Ignoring removed nomblk_io_submit option
[  387.922658][ T9687] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a80ec018, mo2=0002]
[  387.931075][ T9687] System zones: 0-1, 3-36
[  387.936771][ T9687] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  388.069381][ T9698] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  388.078458][ T9698] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  388.088344][ T9698] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  388.097455][ T9698] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  388.106429][ T9698] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  388.115348][ T9698] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  388.124789][ T9698] incfs: Can't find or create .index dir in ./file0
[  388.131466][ T9698] incfs: mount failed -12
[  388.200067][ T9604] EXT4-fs (loop4): unmounting filesystem.
[  388.214811][  T610] device bridge_slave_1 left promiscuous mode
[  388.220830][  T610] bridge0: port 2(bridge_slave_1) entered disabled state
[  388.235372][  T610] device bridge_slave_0 left promiscuous mode
[  388.242511][  T610] bridge0: port 1(bridge_slave_0) entered disabled state
[  388.258046][  T610] device veth1_macvtap left promiscuous mode
[  388.264039][  T610] device veth0_vlan left promiscuous mode
[  388.300041][  T414] usb 2-1: USB disconnect, device number 34
[  388.354209][ T9704] loop4: detected capacity change from 0 to 40427
[  388.361013][ T9704] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  388.368606][ T9704] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  388.378214][ T9704] F2FS-fs (loop4): Found nat_bits in checkpoint
[  388.405159][ T9704] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  388.412065][ T9704] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  388.443031][    T8] kworker/u4:0: attempt to access beyond end of device
[  388.443031][    T8] loop4: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  388.634532][ T9716] bridge0: port 1(bridge_slave_0) entered blocking state
[  388.641501][ T9716] bridge0: port 1(bridge_slave_0) entered disabled state
[  388.648895][ T9716] device bridge_slave_0 entered promiscuous mode
[  388.649795][ T9613] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 32: comm syz-executor.2: path /root/syzkaller-testdir3049340800/syzkaller.f56Z6q/5/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  388.655876][ T9716] bridge0: port 2(bridge_slave_1) entered blocking state
[  388.687973][ T9716] bridge0: port 2(bridge_slave_1) entered disabled state
[  388.695592][ T9613] EXT4-fs error (device loop2): ext4_empty_dir:3099: inode #11: block 32: comm syz-executor.2: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  388.695668][ T9716] device bridge_slave_1 entered promiscuous mode
[  388.714969][ T9613] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  388.732350][ T9613] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 32: comm syz-executor.2: path /root/syzkaller-testdir3049340800/syzkaller.f56Z6q/5/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  388.758571][ T9613] EXT4-fs error (device loop2): ext4_empty_dir:3099: inode #11: block 32: comm syz-executor.2: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  388.777993][ T9613] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  388.789716][ T9613] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 32: comm syz-executor.2: path /root/syzkaller-testdir3049340800/syzkaller.f56Z6q/5/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  388.815589][ T9613] EXT4-fs error (device loop2): ext4_empty_dir:3099: inode #11: block 32: comm syz-executor.2: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  388.835262][ T9613] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  388.846824][  T436] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  388.850463][ T9613] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 32: comm syz-executor.2: path /root/syzkaller-testdir3049340800/syzkaller.f56Z6q/5/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  388.880790][ T9613] EXT4-fs error (device loop2): ext4_empty_dir:3099: inode #11: block 32: comm syz-executor.2: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  388.900791][ T9613] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  388.912516][ T9613] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 32: comm syz-executor.2: path /root/syzkaller-testdir3049340800/syzkaller.f56Z6q/5/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  388.938374][ T9613] EXT4-fs error (device loop2): ext4_empty_dir:3099: inode #11: block 32: comm syz-executor.2: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  388.957833][ T9613] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  388.969900][ T9613] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  388.981878][ T9613] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  388.993771][ T9613] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  389.008168][ T9613] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  389.020204][ T9613] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  389.059171][ T9716] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.066069][ T9716] bridge0: port 2(bridge_slave_1) entered forwarding state
[  389.073181][ T9716] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.079925][ T9716] bridge0: port 1(bridge_slave_0) entered forwarding state
[  389.102184][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  389.111024][  T429] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.111192][ T9613] EXT4-fs (loop2): unmounting filesystem.
[  389.124221][  T429] bridge0: port 2(bridge_slave_1) entered disabled state
[  389.142249][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  389.165706][  T429] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.172650][  T429] bridge0: port 1(bridge_slave_0) entered forwarding state
[  389.180613][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  389.188857][  T429] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.192792][  T436] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 520
[  389.195707][  T429] bridge0: port 2(bridge_slave_1) entered forwarding state
[  389.225020][  T436] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64
[  389.242074][ T9716] device veth0_vlan entered promiscuous mode
[  389.247997][  T436] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  389.263208][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  389.272002][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  389.279865][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  389.287155][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  389.294300][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  389.302190][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  389.325320][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  389.333176][  T436] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  389.342010][  T436] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  389.350133][  T436] usb 5-1: SerialNumber: syz
[  389.352899][ T9716] device veth1_macvtap entered promiscuous mode
[  389.379737][ T9715] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  389.386741][ T9715] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  389.398807][ T9721] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.405694][ T9721] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.413078][ T9721] device bridge_slave_0 entered promiscuous mode
[  389.419809][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  389.428154][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  389.438478][ T9721] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.445354][ T9721] bridge0: port 2(bridge_slave_1) entered disabled state
[  389.452481][ T9721] device bridge_slave_1 entered promiscuous mode
[  389.465309][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  389.473721][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  389.512545][ T9728] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[  389.549613][ T9721] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.556518][ T9721] bridge0: port 2(bridge_slave_1) entered forwarding state
[  389.563571][ T9721] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.570369][ T9721] bridge0: port 1(bridge_slave_0) entered forwarding state
[  389.580430][  T610] device bridge_slave_1 left promiscuous mode
[  389.586858][  T610] bridge0: port 2(bridge_slave_1) entered disabled state
[  389.587587][ T9715] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  389.600836][ T9715] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  389.600950][  T610] device bridge_slave_0 left promiscuous mode
[  389.614180][  T610] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.621973][  T610] device veth1_macvtap left promiscuous mode
[  389.687125][ T1716] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  389.697838][ T1716] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9
[  389.709182][ T1716] asix: probe of 1-1:0.0 failed with error -71
[  389.715895][ T1716] usb 1-1: USB disconnect, device number 32
[  389.738229][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  389.745601][   T19] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.753197][   T19] bridge0: port 2(bridge_slave_1) entered disabled state
[  389.762154][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  389.770179][ T9135] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.777030][ T9135] bridge0: port 1(bridge_slave_0) entered forwarding state
[  389.785773][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  389.793817][   T19] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.800668][   T19] bridge0: port 2(bridge_slave_1) entered forwarding state
[  389.818386][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  389.826465][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  389.834305][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  389.847555][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  389.856547][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  389.864300][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  389.872576][ T9721] device veth0_vlan entered promiscuous mode
[  389.884575][ T9721] device veth1_macvtap entered promiscuous mode
[  389.892311][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  389.902537][ T9135] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  389.913499][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  390.032966][  T436] cdc_ether 5-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.4-1, CDC Ethernet Device, 42:42:42:42:42:42
[  390.317171][  T436] usb 5-1: USB disconnect, device number 13
[  390.323351][  T436] cdc_ether 5-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.4-1, CDC Ethernet Device
[  390.423896][ T9756] device veth0_vlan left promiscuous mode
[  390.429871][ T9756] device veth0_vlan entered promiscuous mode
[  390.451720][ T9758] kvm: apic: phys broadcast and lowest prio
[  390.833856][  T610] device bridge_slave_1 left promiscuous mode
[  390.839956][  T610] bridge0: port 2(bridge_slave_1) entered disabled state
[  390.847475][  T610] device bridge_slave_0 left promiscuous mode
[  390.853666][  T610] bridge0: port 1(bridge_slave_0) entered disabled state
[  390.862474][  T610] device veth1_macvtap left promiscuous mode
[  390.869193][  T610] device veth0_vlan left promiscuous mode
[  391.335987][   T28] audit: type=1326 audit(2000000102.441:3175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9833 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9e7be7cea9 code=0x0
[  391.451202][ T9849] device pim6reg1 entered promiscuous mode
[  392.213761][ T9882] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[  392.242441][ T9882] device pim6reg1 entered promiscuous mode
[  392.358696][ T9892] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[  392.758991][   T28] audit: type=1326 audit(2000000103.965:3176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9913 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c9ba7cea9 code=0x7ffc0000
[  392.783440][   T28] audit: type=1326 audit(2000000103.965:3177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9913 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=292 compat=0 ip=0x7f4c9ba7cea9 code=0x7ffc0000
[  392.807443][   T28] audit: type=1326 audit(2000000103.965:3178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9913 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c9ba7cea9 code=0x7ffc0000
[  392.831678][   T28] audit: type=1326 audit(2000000103.965:3179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9913 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f4c9ba7cea9 code=0x7ffc0000
[  392.863754][   T28] audit: type=1326 audit(2000000103.965:3180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9913 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c9ba7cea9 code=0x7ffc0000
[  392.888077][   T28] audit: type=1326 audit(2000000103.965:3181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9913 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4c9ba7cea9 code=0x7ffc0000
[  392.912915][   T28] audit: type=1326 audit(2000000103.965:3182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9913 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c9ba7cea9 code=0x7ffc0000
[  392.937079][   T28] audit: type=1326 audit(2000000103.965:3183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9913 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4c9ba7cea9 code=0x7ffc0000
[  392.943233][ T9922] device pim6reg1 entered promiscuous mode
[  392.961025][   T28] audit: type=1326 audit(2000000103.965:3184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9913 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c9ba7cea9 code=0x7ffc0000
[  392.992033][   T28] audit: type=1326 audit(2000000103.965:3185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9913 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7f4c9ba7cea9 code=0x7ffc0000
[  393.064980][ T9924] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[  393.487253][ T1716] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  393.862132][ T1716] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  393.872956][ T1716] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  393.882540][ T1716] usb 1-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  393.891496][ T1716] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  393.900293][ T1716] usb 1-1: config 0 descriptor??
[  394.003415][ T9967] overlayfs: statfs failed on './file0'
[  394.063863][ T9978] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'.
[  394.329025][ T1716] arvo 0003:1E7D:30D4.0027: unknown main item tag 0x0
[  394.335810][ T1716] arvo 0003:1E7D:30D4.0027: item fetching failed at offset 5/7
[  394.344052][ T1716] arvo 0003:1E7D:30D4.0027: parse failed
[  394.350033][ T1716] arvo: probe of 0003:1E7D:30D4.0027 failed with error -22
[  394.431245][  T414] usb 5-1: new low-speed USB device number 14 using dummy_hcd
[  394.515649][   T65] usb 1-1: USB disconnect, device number 33
[  394.766266][  T414] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  394.776425][  T414] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  394.787311][  T414] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 16, setting to 8
[  394.797827][  T414] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt
[  394.807473][  T414] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  395.037075][  T414] usb 5-1: string descriptor 0 read error: -22
[  395.043201][  T414] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  395.062627][  T414] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  395.301379][ T9996] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  395.322546][ T9996] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  395.344595][  T414] cdc_ether: probe of 5-1:1.0 failed with error -22
[  395.466601][T10037] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'.
[  395.535124][ T9135] usb 5-1: USB disconnect, device number 14
[  395.881558][T10060] overlayfs: statfs failed on './file0'
[  395.915968][T10064] device veth0_vlan left promiscuous mode
[  395.922012][T10064] device veth0_vlan entered promiscuous mode
[  395.929216][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  395.942685][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  395.952729][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  396.032481][T10072] loop2: detected capacity change from 0 to 512
[  396.039380][T10072] EXT4-fs: Ignoring removed nobh option
[  396.331143][T10072] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  396.345516][T10072] ext4 filesystem being mounted at /root/syzkaller-testdir504310733/syzkaller.MtLILk/37/file0 supports timestamps until 2038 (0x7fffffff)
[  396.376030][T10072] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  396.391629][T10072] EXT4-fs (loop2): Remounting filesystem read-only
[  396.523475][ T9721] EXT4-fs (loop2): unmounting filesystem.
[  396.618360][T10106] loop2: detected capacity change from 0 to 40427
[  396.625979][T10106] F2FS-fs (loop2): invalid crc value
[  396.632760][T10106] F2FS-fs (loop2): Found nat_bits in checkpoint
[  396.655803][T10106] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  396.674780][ T9721] syz-executor.2: attempt to access beyond end of device
[  396.674780][ T9721] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  396.742096][  T414] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  396.754778][T10112] loop2: detected capacity change from 0 to 256
[  396.764714][T10112] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  396.891190][T10112] loop2: detected capacity change from 256 to 0
[  396.898219][  T561] loop: Write error at byte offset 9223372036854857727, length 512.
[  396.906085][    C1] I/O error, dev loop2, sector 160 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2
[  396.906105][  T561] loop: Write error at byte offset 9223372036854858239, length 512.
[  396.906129][    C0] I/O error, dev loop2, sector 161 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2
[  396.915502][    C1] Buffer I/O error on dev loop2, logical block 160, lost sync page write
[  396.923317][    C0] Buffer I/O error on dev loop2, logical block 161, lost sync page write
[  396.961262][    C0] I/O error, dev loop2, sector 160 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  396.970823][    C0] I/O error, dev loop2, sector 161 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  396.970941][    C1] I/O error, dev loop2, sector 160 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  396.989479][    C0] I/O error, dev loop2, sector 161 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  397.001114][  T610] loop: Write error at byte offset 9223372036854882303, length 512.
[  397.009022][    C1] I/O error, dev loop2, sector 208 op 0x1:(WRITE) flags 0x0 phys_seg 1 prio class 2
[  397.018310][    C1] I/O error, dev loop2, sector 160 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  397.027528][  T887] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  397.027660][  T561] loop: Write error at byte offset 9223372036854775807, length 512.
[  397.043152][    C0] I/O error, dev loop2, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2
[  397.052445][    C0] I/O error, dev loop2, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2
[  397.061707][    C0] Buffer I/O error on dev loop2, logical block 0, lost sync page write
[  397.124299][  T414] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  397.135294][  T414] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  397.145061][  T414] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  397.158246][  T414] usb 2-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  397.167318][  T414] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  397.180838][  T414] usb 2-1: config 0 descriptor??
[  397.245806][T10118] bridge0: port 1(bridge_slave_0) entered blocking state
[  397.252754][T10118] bridge0: port 1(bridge_slave_0) entered disabled state
[  397.260872][T10118] device bridge_slave_0 entered promiscuous mode
[  397.269487][T10118] bridge0: port 2(bridge_slave_1) entered blocking state
[  397.273987][  T887] usb 1-1: Using ep0 maxpacket: 32
[  397.276472][T10118] bridge0: port 2(bridge_slave_1) entered disabled state
[  397.288875][T10118] device bridge_slave_1 entered promiscuous mode
[  397.358865][T10118] bridge0: port 2(bridge_slave_1) entered blocking state
[  397.365730][T10118] bridge0: port 2(bridge_slave_1) entered forwarding state
[  397.372915][T10118] bridge0: port 1(bridge_slave_0) entered blocking state
[  397.379768][T10118] bridge0: port 1(bridge_slave_0) entered forwarding state
[  397.400103][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  397.408164][   T19] bridge0: port 1(bridge_slave_0) entered disabled state
[  397.413883][  T887] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  397.426329][   T19] bridge0: port 2(bridge_slave_1) entered disabled state
[  397.426791][  T887] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  397.444337][  T887] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  397.453345][  T887] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  397.461887][  T887] usb 1-1: config 0 descriptor??
[  397.468844][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  397.477225][   T19] bridge0: port 1(bridge_slave_0) entered blocking state
[  397.484109][   T19] bridge0: port 1(bridge_slave_0) entered forwarding state
[  397.487816][T10114] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  397.491952][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  397.506139][   T19] bridge0: port 2(bridge_slave_1) entered blocking state
[  397.513026][   T19] bridge0: port 2(bridge_slave_1) entered forwarding state
[  397.526005][  T887] hub 1-1:0.0: USB hub found
[  397.534229][T10131] loop4: detected capacity change from 0 to 512
[  397.541634][T10131] EXT4-fs: Ignoring removed nobh option
[  397.541788][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  397.555808][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  397.581393][   T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  397.584303][T10131] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  397.594196][T10118] device veth0_vlan entered promiscuous mode
[  397.598225][T10131] ext4 filesystem being mounted at /root/syzkaller-testdir1640262727/syzkaller.wwDi8O/35/file0 supports timestamps until 2038 (0x7fffffff)
[  397.605571][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  397.647386][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  397.654878][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  397.656149][T10131] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  397.669222][T10118] device veth1_macvtap entered promiscuous mode
[  397.676924][T10131] EXT4-fs (loop4): Remounting filesystem read-only
[  397.693248][   T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  397.714532][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  397.723887][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  397.739612][  T887] hub 1-1:0.0: 2 ports detected
[  397.806345][  T561] device bridge_slave_1 left promiscuous mode
[  397.814703][  T561] bridge0: port 2(bridge_slave_1) entered disabled state
[  397.823618][  T561] device bridge_slave_0 left promiscuous mode
[  397.830042][  T561] bridge0: port 1(bridge_slave_0) entered disabled state
[  397.846900][  T561] device veth1_macvtap left promiscuous mode
[  397.865429][  T561] device veth0_vlan left promiscuous mode
[  398.014498][ T9604] EXT4-fs (loop4): unmounting filesystem.
[  398.032736][T10138] loop2: detected capacity change from 0 to 1024
[  398.038995][    T8] __quota_error: 42 callbacks suppressed
[  398.039013][    T8] Quota error (device loop4): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync!
[  398.057205][    T8] Quota error (device loop4): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync!
[  398.067417][T10138] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a802c018, mo2=0002]
[  398.077485][T10138] System zones: 0-1, 3-12
[  398.082232][T10138] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  398.168262][  T414] usbhid 2-1:0.0: can't add hid device: -71
[  398.174110][  T414] usbhid: probe of 2-1:0.0 failed with error -71
[  398.215159][  T414] usb 2-1: USB disconnect, device number 35
[  398.312801][T10154] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  398.321911][T10154] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  398.331605][T10154] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  398.340897][T10154] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  398.349840][T10154] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  398.358772][T10154] SELinux: inode_doinit_use_xattr:  getxattr returned 12 for dev=loop2 ino=12
[  398.368259][T10154] incfs: Can't find or create .index dir in ./file0
[  398.375058][T10154] incfs: mount failed -12
[  398.477587][   T28] audit: type=1400 audit(2000000110.112:3226): avc:  denied  { mount } for  pid=10155 comm="syz-executor.1" name="/" dev="configfs" ino=12092 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  398.500770][   T28] audit: type=1326 audit(2000000110.112:3227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10155 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbb9dc7cea9 code=0x0
[  398.527730][T10158] device pim6reg1 entered promiscuous mode
[  399.019261][T10118] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 32: comm syz-executor.2: path /root/syzkaller-testdir3310233824/syzkaller.QF3UCf/1/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  399.045631][T10118] EXT4-fs error (device loop2): ext4_empty_dir:3099: inode #11: block 32: comm syz-executor.2: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  399.065085][T10118] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  399.076600][  T887] hub 1-1:0.0: hub_hub_status failed (err = -32)
[  399.076743][T10118] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 32: comm syz-executor.2: path /root/syzkaller-testdir3310233824/syzkaller.QF3UCf/1/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  399.082811][  T887] hub 1-1:0.0: config failed, can't get hub status (err -32)
[  399.109008][T10118] EXT4-fs error (device loop2): ext4_empty_dir:3099: inode #11: block 32: comm syz-executor.2: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  399.135421][T10118] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  399.147115][T10118] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 32: comm syz-executor.2: path /root/syzkaller-testdir3310233824/syzkaller.QF3UCf/1/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  399.173048][T10118] EXT4-fs error (device loop2): ext4_empty_dir:3099: inode #11: block 32: comm syz-executor.2: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  399.192417][T10118] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  399.204073][T10118] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 32: comm syz-executor.2: path /root/syzkaller-testdir3310233824/syzkaller.QF3UCf/1/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  399.230006][T10118] EXT4-fs error (device loop2): ext4_empty_dir:3099: inode #11: block 32: comm syz-executor.2: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  399.249518][T10118] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  399.257776][   T28] audit: type=1400 audit(2000000110.938:3228): avc:  denied  { unmount } for  pid=9716 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  399.261144][T10118] EXT4-fs error (device loop2): ext4_readdir:260: inode #11: block 32: comm syz-executor.2: path /root/syzkaller-testdir3310233824/syzkaller.QF3UCf/1/file1/lost+found: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  399.281183][  T887] usbhid 1-1:0.0: can't add hid device: -32
[  399.307372][T10118] EXT4-fs error (device loop2): ext4_empty_dir:3099: inode #11: block 32: comm syz-executor.2: bad entry in directory: inode out of bounds - offset=0, inode=134217739, rec_len=12, size=1024 fake=1
[  399.312278][  T887] usbhid: probe of 1-1:0.0 failed with error -32
[  399.331537][T10118] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  399.349467][T10118] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  399.361717][T10118] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  399.373958][T10118] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  399.385961][T10118] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  399.398042][T10118] EXT4-fs warning (device loop2): ext4_empty_dir:3101: inode #11: comm syz-executor.2: directory missing '.'
[  399.482382][   T28] audit: type=1326 audit(2000000111.175:3229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10174 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4c9ba7cea9 code=0x0
[  399.521872][T10118] EXT4-fs (loop2): unmounting filesystem.
[  399.612863][  T414] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  399.633297][T10178] bridge0: port 1(bridge_slave_0) entered blocking state
[  399.640219][T10178] bridge0: port 1(bridge_slave_0) entered disabled state
[  399.647921][T10178] device bridge_slave_0 entered promiscuous mode
[  399.656285][T10178] bridge0: port 2(bridge_slave_1) entered blocking state
[  399.663228][T10178] bridge0: port 2(bridge_slave_1) entered disabled state
[  399.670556][T10178] device bridge_slave_1 entered promiscuous mode
[  399.714519][T10178] bridge0: port 2(bridge_slave_1) entered blocking state
[  399.721388][T10178] bridge0: port 2(bridge_slave_1) entered forwarding state
[  399.728466][T10178] bridge0: port 1(bridge_slave_0) entered blocking state
[  399.735261][T10178] bridge0: port 1(bridge_slave_0) entered forwarding state
[  399.755957][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  399.763557][  T887] bridge0: port 1(bridge_slave_0) entered disabled state
[  399.770672][  T887] bridge0: port 2(bridge_slave_1) entered disabled state
[  399.779423][  T436] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  399.787650][  T436] bridge0: port 1(bridge_slave_0) entered blocking state
[  399.794629][  T436] bridge0: port 1(bridge_slave_0) entered forwarding state
[  399.807505][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  399.815533][  T887] bridge0: port 2(bridge_slave_1) entered blocking state
[  399.822400][  T887] bridge0: port 2(bridge_slave_1) entered forwarding state
[  399.837780][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  399.845982][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  399.853800][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  399.864944][  T436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  399.872760][  T436] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  399.880251][  T436] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  399.889901][T10178] device veth0_vlan entered promiscuous mode
[  399.900245][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  399.909213][T10178] device veth1_macvtap entered promiscuous mode
[  399.923438][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  399.931653][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  399.957737][  T414] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  399.971038][  T414] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  399.981191][  T414] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  399.994008][  T414] usb 2-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  400.003005][  T414] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  400.024545][  T414] usb 2-1: config 0 descriptor??
[  400.058149][  T429] usb 1-1: USB disconnect, device number 34
[  400.070237][  T610] device bridge_slave_1 left promiscuous mode
[  400.077588][  T610] bridge0: port 2(bridge_slave_1) entered disabled state
[  400.087149][  T610] device bridge_slave_0 left promiscuous mode
[  400.093999][  T610] bridge0: port 1(bridge_slave_0) entered disabled state
[  400.105255][  T610] device veth1_macvtap left promiscuous mode
[  400.112204][  T610] device veth0_vlan left promiscuous mode
[  400.405080][   T19] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  400.757718][   T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  400.768536][   T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  400.778171][   T19] usb 3-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  400.787047][   T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  400.795317][   T19] usb 3-1: config 0 descriptor??
[  400.992886][  T414] usbhid 2-1:0.0: can't add hid device: -71
[  400.998718][  T414] usbhid: probe of 2-1:0.0 failed with error -71
[  401.005296][  T414] usb 2-1: USB disconnect, device number 36
[  401.150726][ T9136] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  401.223711][T10213] device pim6reg1 entered promiscuous mode
[  401.244838][   T19] arvo 0003:1E7D:30D4.0028: unknown main item tag 0x0
[  401.251495][   T19] arvo 0003:1E7D:30D4.0028: item fetching failed at offset 5/7
[  401.259143][   T19] arvo 0003:1E7D:30D4.0028: parse failed
[  401.264784][   T19] arvo: probe of 0003:1E7D:30D4.0028 failed with error -22
[  401.337677][  T414] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  401.368763][T10215] loop4: detected capacity change from 0 to 40427
[  401.377562][T10215] F2FS-fs (loop4): Found nat_bits in checkpoint
[  401.400259][T10215] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  401.413042][ T9604] syz-executor.4: attempt to access beyond end of device
[  401.413042][ T9604] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  401.434562][   T24] usb 3-1: USB disconnect, device number 39
[  401.475447][T10221] syz-executor.4[10221] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  401.475495][T10221] syz-executor.4[10221] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  401.487147][ T9136] usb 1-1: config 27 has an invalid descriptor of length 48, skipping remainder of the config
[  401.509711][ T9136] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 12336, setting to 64
[  401.520566][ T9136] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  401.521358][T10221] syz-executor.4[10221] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  401.533401][ T9136] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  401.533449][T10221] syz-executor.4[10221] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  401.545013][ T9136] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  401.609142][ T9136] snd-usb-audio: probe of 1-1:27.0 failed with error -2
[  401.711407][  T414] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 520
[  401.721201][  T414] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64
[  401.730709][  T414] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  401.800401][ T9136] usb 1-1: USB disconnect, device number 35
[  401.812958][  T414] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  401.822020][  T414] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  401.830199][  T414] usb 2-1: SerialNumber: syz
[  401.850199][T10211] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  401.857287][T10211] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  401.942986][   T24] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  402.058234][T10211] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  402.065338][T10211] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  402.151259][T10241] loop2: detected capacity change from 0 to 40427
[  402.160013][T10241] F2FS-fs (loop2): Found nat_bits in checkpoint
[  402.182548][T10241] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  402.201388][T10178] syz-executor.2: attempt to access beyond end of device
[  402.201388][T10178] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  402.299431][T10257] loop2: detected capacity change from 0 to 256
[  402.308214][T10257] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  402.334907][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  402.346130][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  402.355975][   T24] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  402.364847][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  402.373332][   T24] usb 5-1: config 0 descriptor??
[  402.446766][T10257] loop2: detected capacity change from 256 to 0
[  402.453822][  T610] loop: Write error at byte offset 9223372036854857727, length 512.
[  402.461667][    C1] I/O error, dev loop2, sector 160 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2
[  402.462776][  T610] loop: Write error at byte offset 9223372036854858239, length 512.
[  402.471020][    C1] Buffer I/O error on dev loop2, logical block 160, lost sync page write
[  402.481061][  T414] cdc_ether 2-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.1-1, CDC Ethernet Device, 42:42:42:42:42:42
[  402.487225][    C1] I/O error, dev loop2, sector 161 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2
[  402.507862][    C1] Buffer I/O error on dev loop2, logical block 161, lost sync page write
[  402.526980][    C1] I/O error, dev loop2, sector 160 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  402.536560][    C1] I/O error, dev loop2, sector 161 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  402.536701][    C0] I/O error, dev loop2, sector 160 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  402.555241][    C0] I/O error, dev loop2, sector 161 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  402.566042][  T610] loop: Write error at byte offset 9223372036854882303, length 512.
[  402.573898][    C0] I/O error, dev loop2, sector 208 op 0x1:(WRITE) flags 0x0 phys_seg 1 prio class 2
[  402.583104][    C0] I/O error, dev loop2, sector 160 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  402.586532][  T429] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  402.592746][   T10] loop: Write error at byte offset 9223372036854775807, length 512.
[  402.607477][    C0] I/O error, dev loop2, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2
[  402.616699][    C0] I/O error, dev loop2, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2
[  402.625859][    C0] Buffer I/O error on dev loop2, logical block 0, lost sync page write
[  402.673046][ T9135] usb 2-1: USB disconnect, device number 37
[  402.679013][ T9135] cdc_ether 2-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.1-1, CDC Ethernet Device
[  402.782819][T10262] bridge0: port 1(bridge_slave_0) entered blocking state
[  402.789828][T10262] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.797091][T10262] device bridge_slave_0 entered promiscuous mode
[  402.803943][T10262] bridge0: port 2(bridge_slave_1) entered blocking state
[  402.810958][T10262] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.818135][T10262] device bridge_slave_1 entered promiscuous mode
[  402.828663][   T24] hid (null): bogus close delimiter
[  402.867425][T10262] bridge0: port 2(bridge_slave_1) entered blocking state
[  402.874269][T10262] bridge0: port 2(bridge_slave_1) entered forwarding state
[  402.881498][T10262] bridge0: port 1(bridge_slave_0) entered blocking state
[  402.888445][T10262] bridge0: port 1(bridge_slave_0) entered forwarding state
[  402.906286][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  402.913609][   T19] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.920722][   T19] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.943099][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  402.951289][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  402.959282][   T19] bridge0: port 1(bridge_slave_0) entered blocking state
[  402.966496][   T19] bridge0: port 1(bridge_slave_0) entered forwarding state
[  402.974157][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  402.978167][  T429] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  402.982309][   T19] bridge0: port 2(bridge_slave_1) entered blocking state
[  402.993206][  T429] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  402.999783][   T19] bridge0: port 2(bridge_slave_1) entered forwarding state
[  403.009439][  T429] usb 1-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  403.016720][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  403.025432][   T24] usb 5-1: language id specifier not provided by device, defaulting to English
[  403.033233][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  403.041712][  T429] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  403.057694][  T429] usb 1-1: config 0 descriptor??
[  403.061323][T10262] device veth0_vlan entered promiscuous mode
[  403.070943][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  403.078693][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  403.086769][ T9136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  403.094258][ T9136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  403.105573][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  403.114143][  T887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  403.124764][T10262] device veth1_macvtap entered promiscuous mode
[  403.133817][ T9136] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  403.141675][ T9136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  403.149884][ T9136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  403.166683][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  403.175012][  T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  403.286420][   T10] device bridge_slave_1 left promiscuous mode
[  403.295754][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[  403.313892][   T10] device bridge_slave_0 left promiscuous mode
[  403.322832][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[  403.340847][   T10] device veth1_macvtap left promiscuous mode
[  403.349491][   T10] device veth0_vlan left promiscuous mode
[  403.351037][T10231] loop4: detected capacity change from 0 to 40427
[  403.374790][T10231] F2FS-fs (loop4): Mismatch valid blocks 5 vs. 7
[  403.384669][T10231] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117)
[  403.445267][  T414] usb 2-1: new low-speed USB device number 38 using dummy_hcd
[  403.509859][  T429] arvo 0003:1E7D:30D4.002A: unknown main item tag 0x0
[  403.516787][  T429] arvo 0003:1E7D:30D4.002A: item fetching failed at offset 5/7
[  403.524961][  T429] arvo 0003:1E7D:30D4.002A: parse failed
[  403.530602][  T429] arvo: probe of 0003:1E7D:30D4.002A failed with error -22
[  403.636070][T10275] loop2: detected capacity change from 0 to 131072
[  403.643372][T10275] F2FS-fs (loop2): Wrong CP boundary, start(512) end(198144) blocks(1024)
[  403.651828][T10275] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[  403.660604][T10275] F2FS-fs (loop2): invalid crc value
[  403.667578][T10275] F2FS-fs (loop2): Found nat_bits in checkpoint
[  403.691911][T10275] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[  403.699314][T10275] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  403.726636][  T429] usb 1-1: USB disconnect, device number 36
[  403.738643][T10275] fscrypt (loop2, inode 8): Error -61 getting encryption context
[  403.746391][   T24] uclogic 0003:256C:006D.0029: failed retrieving string descriptor #200: -71
[  403.755140][   T24] uclogic 0003:256C:006D.0029: failed retrieving pen parameters: -71
[  403.763394][   T24] uclogic 0003:256C:006D.0029: failed probing pen v2 parameters: -71
[  403.771650][   T24] uclogic 0003:256C:006D.0029: failed probing parameters: -71
[  403.779792][  T414] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  403.779949][   T24] uclogic: probe of 0003:256C:006D.0029 failed with error -71
[  403.797156][  T414] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  403.798644][   T24] usb 5-1: USB disconnect, device number 15
[  403.817078][  T414] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 16, setting to 8
[  403.827697][  T414] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt
[  403.837548][  T414] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  404.043590][T10293] loop7: detected capacity change from 0 to 1036
[  404.235844][  T414] usb 2-1: string descriptor 0 read error: -22
[  404.241993][  T414] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  404.250965][  T414] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  404.273137][T10269] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  404.275752][T10303] loop4: detected capacity change from 0 to 512
[  404.280314][T10269] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  404.310756][  T414] cdc_ether: probe of 2-1:1.0 failed with error -22
[  404.315754][T10303] loop4: detected capacity change from 0 to 256
[  404.324202][T10303] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  404.334662][T10303] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  404.346143][T10303] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe6229e9a, utbl_chksum : 0xe619d30d)
[  404.358797][T10303] exFAT-fs (loop4): error, invalid access to FAT free cluster (entry 0x00000006)
[  404.367882][T10303] exFAT-fs (loop4): Filesystem has been set read-only
[  404.374438][T10303] exFAT-fs (loop4): failed to load alloc-bitmap
[  404.380678][T10303] exFAT-fs (loop4): failed to recognize exfat type
[  404.496771][   T24] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  404.515866][  T429] usb 2-1: USB disconnect, device number 38
[  404.700219][T10305] loop4: detected capacity change from 0 to 131072
[  404.707344][T10305] F2FS-fs (loop4): Unrecognized mount option "
[  404.707344][T10305] Œ�_†¤+¿ ßؽÖ8Ï cøÕÅÝç°})]cv6L·}~lªnÖ:Û|{¯¿~]\el¬¥#ìòŒLC­€	" or missing value
[  404.765742][T10313] bridge0: port 3(veth1_macvtap) entered blocking state
[  404.772703][T10313] bridge0: port 3(veth1_macvtap) entered disabled state
[  404.860509][   T24] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 520
[  404.870499][   T24] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64
[  404.880055][   T24] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  404.972823][   T24] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  404.982034][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  404.989945][   T24] usb 1-1: SerialNumber: syz
[  405.010004][T10299] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  405.020348][T10299] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  405.065718][  T429] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  405.225049][T10299] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  405.232078][T10299] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  405.298644][  T436] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  405.410703][  T414] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  405.447555][  T429] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  405.458467][  T429] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  405.468067][  T429] usb 3-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  405.476883][  T429] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  405.485061][  T429] usb 3-1: config 0 descriptor??
[  405.634261][  T436] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  405.646036][  T436] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  405.655845][  T436] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  405.663610][   T24] cdc_ether 1-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.0-1, CDC Ethernet Device, 42:42:42:42:42:42
[  405.664912][  T436] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  405.684948][  T436] usb 5-1: config 0 descriptor??
[  405.755835][  T414] usb 2-1: config 27 has an invalid descriptor of length 48, skipping remainder of the config
[  405.766115][  T414] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 12336, setting to 64
[  405.777251][  T414] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  405.790058][  T414] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  405.798981][  T414] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  405.840659][  T414] snd-usb-audio: probe of 2-1:27.0 failed with error -2
[  405.866375][  T414] usb 1-1: USB disconnect, device number 37
[  405.872408][  T414] cdc_ether 1-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.0-1, CDC Ethernet Device
[  405.923491][  T429] arvo 0003:1E7D:30D4.002B: unknown main item tag 0x0
[  405.930174][  T429] arvo 0003:1E7D:30D4.002B: item fetching failed at offset 5/7
[  405.937709][  T429] arvo 0003:1E7D:30D4.002B: parse failed
[  405.943218][  T429] arvo: probe of 0003:1E7D:30D4.002B failed with error -22
[  406.029152][  T429] usb 2-1: USB disconnect, device number 39
[  406.112503][  T414] usb 3-1: USB disconnect, device number 40
[  406.118675][  T436] hid (null): bogus close delimiter
[  406.325017][  T436] usb 5-1: language id specifier not provided by device, defaulting to English
[  406.343957][T10330] syz-executor.0[10330] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  406.344007][T10330] syz-executor.0[10330] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  406.356742][T10330] syz-executor.0[10330] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  406.368366][T10330] syz-executor.0[10330] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  406.604125][  T429] kernel write not supported for file /vcsu (pid: 429 comm: kworker/1:3)
[  406.607563][T10322] loop4: detected capacity change from 0 to 40427
[  406.636256][T10322] F2FS-fs (loop4): Mismatch valid blocks 5 vs. 7
[  406.657274][T10322] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117)
[  406.902044][   T65] usb 3-1: new low-speed USB device number 41 using dummy_hcd
[  407.041881][  T436] uclogic 0003:256C:006D.002C: failed retrieving string descriptor #200: -71
[  407.050616][  T436] uclogic 0003:256C:006D.002C: failed retrieving pen parameters: -71
[  407.058639][  T436] uclogic 0003:256C:006D.002C: failed probing pen v2 parameters: -71
[  407.066541][  T436] uclogic 0003:256C:006D.002C: failed probing parameters: -71
[  407.073814][  T436] uclogic: probe of 0003:256C:006D.002C failed with error -71
[  407.082222][  T436] usb 5-1: USB disconnect, device number 16
[  407.246350][   T65] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  407.256438][   T65] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  407.267364][   T65] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 16, setting to 8
[  407.278131][   T65] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt
[  407.288024][   T65] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  407.486837][T10360] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  407.516857][   T65] usb 3-1: string descriptor 0 read error: -22
[  407.525833][   T65] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  407.535249][   T65] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.563519][T10347] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  407.573597][T10366] loop4: detected capacity change from 0 to 2048
[  407.580003][T10347] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  407.601160][   T65] cdc_ether: probe of 3-1:1.0 failed with error -22
[  407.610187][T10366] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  407.618668][T10366] ext4 filesystem being mounted at /root/syzkaller-testdir1640262727/syzkaller.wwDi8O/61/file0 supports timestamps until 2038 (0x7fffffff)
[  407.639849][ T9604] EXT4-fs (loop4): unmounting filesystem.
[  407.655238][   T28] audit: type=1400 audit(2000000119.951:3230): avc:  denied  { create } for  pid=10376 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  407.694306][   T28] audit: type=1400 audit(2000000119.972:3231): avc:  denied  { write } for  pid=10376 comm="syz-executor.4" path="socket:[60422]" dev="sockfs" ino=60422 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  407.723600][   T28] audit: type=1400 audit(2000000119.972:3232): avc:  denied  { nlmsg_read } for  pid=10376 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  407.791776][   T65] usb 3-1: USB disconnect, device number 41
[  408.296641][T10379] loop4: detected capacity change from 0 to 131072
[  408.326378][T10379] F2FS-fs (loop4): Wrong CP boundary, start(512) end(198144) blocks(1024)
[  408.344561][T10379] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[  408.353419][   T28] audit: type=1400 audit(2000000120.702:3233): avc:  denied  { nlmsg_write } for  pid=10397 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  408.384259][T10379] F2FS-fs (loop4): invalid crc value
[  408.436459][T10379] F2FS-fs (loop4): Found nat_bits in checkpoint
[  408.488372][T10379] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[  408.495550][T10379] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  408.515413][T10379] fscrypt (loop4, inode 8): Error -61 getting encryption context
[  408.676460][T10426] loop2: detected capacity change from 0 to 256
[  408.683761][T10428] xt_l2tp: missing protocol rule (udp|l2tpip)
[  408.713410][   T28] audit: type=1400 audit(2000000121.088:3234): avc:  denied  { read } for  pid=10432 comm="syz-executor.4" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  408.742345][   T28] audit: type=1400 audit(2000000121.110:3235): avc:  denied  { open } for  pid=10432 comm="syz-executor.4" path="/sys/kernel/tracing" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  409.131121][T10454] ------------[ cut here ]------------
[  409.136607][T10454] WARNING: CPU: 1 PID: 10454 at mm/page_alloc.c:5688 __alloc_pages+0xc0/0x780
[  409.145473][T10454] Modules linked in:
[  409.149385][T10454] CPU: 1 PID: 10454 Comm: syz-executor.2 Not tainted 6.1.78-syzkaller-00009-g25216be1ac5e #0
[  409.159697][T10454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  409.169634][T10454] RIP: 0010:__alloc_pages+0xc0/0x780
[  409.174716][T10454] Code: 0b 72 13 44 89 e8 25 00 20 00 00 75 09 80 3d fb b5 b4 05 00 74 0d 83 fb 0a 76 16 45 31 e4 e9 4e 03 00 00 c6 05 e5 b5 b4 05 01 <0f> 0b 83 fb 0a 77 ea 89 1c 24 44 23 2d 47 a0 b7 05 65 48 8b 05 17
[  409.194290][T10454] RSP: 0018:ffffc90000dc7a40 EFLAGS: 00010246
[  409.200126][T10454] RAX: 0000000000000000 RBX: 000000000000001a RCX: 0000000000000000
[  409.208254][T10454] RDX: 0000000000000018 RSI: 0000000000000000 RDI: ffffc90000dc7ae8
[  409.216192][T10454] RBP: ffffc90000dc7b78 R08: dffffc0000000000 R09: ffffc90000dc7ad0
[  409.223984][T10454] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[  409.231763][T10454] R13: 0000000000040dc0 R14: dffffc0000000000 R15: 1ffff920001b8f54
[  409.239616][T10454] FS:  00007f4614d256c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  409.248383][T10454] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  409.254798][T10454] CR2: 0000000000000100 CR3: 0000000137e92000 CR4: 00000000003506a0
[  409.262965][T10454] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  409.270911][T10454] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  409.278733][T10454] Call Trace:
[  409.282020][T10454]  <TASK>
[  409.284788][T10454]  ? show_regs+0x58/0x60
[  409.288885][T10454]  ? __warn+0x160/0x3d0
[  409.292870][T10454]  ? __alloc_pages+0xc0/0x780
[  409.297419][T10454]  ? report_bug+0x4d5/0x7d0
[  409.301710][T10454]  ? __alloc_pages+0xc0/0x780
[  409.306221][T10454]  ? handle_bug+0x41/0x70
[  409.310429][T10454]  ? exc_invalid_op+0x1b/0x50
[  409.314902][T10454]  ? asm_exc_invalid_op+0x1b/0x20
[  409.319795][T10454]  ? __alloc_pages+0xc0/0x780
[  409.324273][T10454]  ? do_vfs_ioctl+0xba7/0x29a0
[  409.328906][T10454]  ? prep_new_page+0x110/0x110
[  409.333474][T10454]  ? futex_wait+0x4b7/0x7e0
[  409.337843][T10454]  __kmalloc_large_node+0x9e/0x1b0
[  409.342767][T10454]  ? input_mt_init_slots+0xcf/0xa50
[  409.347823][T10454]  __kmalloc+0xef/0x1e0
[  409.351927][T10454]  input_mt_init_slots+0xcf/0xa50
[  409.356947][T10454]  ? mutex_lock_interruptible+0xb1/0x1e0
[  409.362464][T10454]  uinput_create_device+0x522/0x630
[  409.367468][T10454]  uinput_ioctl_handler+0xa63/0x16a0
[  409.372607][T10454]  ? uinput_release+0x50/0x50
[  409.377099][T10454]  ? selinux_file_ioctl+0x3cc/0x540
[  409.382157][T10454]  uinput_ioctl+0x28/0x30
[  409.386297][T10454]  ? uinput_poll+0x120/0x120
[  409.390751][T10454]  __se_sys_ioctl+0x114/0x190
[  409.395240][T10454]  __x64_sys_ioctl+0x7b/0x90
[  409.399669][T10454]  do_syscall_64+0x3d/0xb0
[  409.403945][T10454]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  409.409667][T10454] RIP: 0033:0x7f461407cea9
[  409.413900][T10454] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  409.433391][T10454] RSP: 002b:00007f4614d250c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  409.441622][T10454] RAX: ffffffffffffffda RBX: 00007f46141b3f80 RCX: 00007f461407cea9
[  409.449428][T10454] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004
[  409.457316][T10454] RBP: 00007f46140ebff4 R08: 0000000000000000 R09: 0000000000000000
[  409.465133][T10454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  409.473006][T10454] R13: 000000000000000b R14: 00007f46141b3f80 R15: 00007ffd2f2ff2f8
[  409.480851][T10454]  </TASK>
[  409.483717][T10454] ---[ end trace 0000000000000000 ]---
[  409.528839][T10438] loop4: detected capacity change from 0 to 131072
[  409.558013][T10438] F2FS-fs (loop4): Wrong CP boundary, start(512) end(198144) blocks(1024)
[  409.576808][T10438] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[  409.595792][T10438] F2FS-fs (loop4): invalid crc value
[  409.633717][T10438] F2FS-fs (loop4): Found nat_bits in checkpoint
[  409.702597][T10438] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[  409.709556][T10438] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  409.748146][T10438] fscrypt (loop4, inode 8): Error -61 getting encryption context
[  409.967980][  T414] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  410.069165][ T1716] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  410.106349][T10495] loop4: detected capacity change from 0 to 512
[  410.113145][T10495] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  410.128768][T10495] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3836: comm syz-executor.4: Allocating blocks 41-42 which overlap fs metadata
[  410.143359][T10495] Quota error (device loop4): write_blk: dquota write failed
[  410.151089][T10495] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  410.161335][T10495] EXT4-fs (loop4): 1 truncate cleaned up
[  410.166880][T10495] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  410.178163][T10495] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3836: comm syz-executor.4: Allocating blocks 41-42 which overlap fs metadata
[  410.192148][  T414] usb 3-1: Using ep0 maxpacket: 32
[  410.197380][T10495] Quota error (device loop4): write_blk: dquota write failed
[  410.204724][T10495] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  410.218569][ T9604] EXT4-fs (loop4): unmounting filesystem.
[  410.248024][ T9604] EXT4-fs (loop4): pa ffff88813210d690: logic 1, phys. 41, len 23
[  410.255692][ T9604] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4871: group 0, free 22, pa_free 23
[  410.304160][  T414] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  410.322084][  T414] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  410.341233][  T414] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  410.350680][  T414] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  410.368869][  T414] usb 3-1: config 0 descriptor??
[  410.388247][T10474] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  410.406965][  T414] hub 3-1:0.0: USB hub found
[  410.462032][ T1716] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 520
[  410.472211][ T1716] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64
[  410.481734][ T1716] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  410.573790][ T1716] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  410.582812][ T1716] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  410.590608][ T1716] usb 2-1: SerialNumber: syz
[  410.611531][  T414] hub 3-1:0.0: 2 ports detected
[  410.620485][T10476] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  410.627539][T10476] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  410.634473][ T9136] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  410.826959][T10476] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  410.834034][T10476] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  410.862907][ T9136] usb 5-1: Using ep0 maxpacket: 32
[  410.975084][ T9136] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  410.986607][ T9136] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  410.998117][ T9136] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  411.007023][ T9136] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  411.015430][ T9136] usb 5-1: config 0 descriptor??
[  411.030923][T10506] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  411.049604][ T9136] hub 5-1:0.0: USB hub found
[  411.222553][T10528] xt_TCPMSS: Only works on TCP SYN packets
[  411.237857][ T1716] cdc_ether 2-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.1-1, CDC Ethernet Device, 42:42:42:42:42:42
[  411.254262][ T9136] hub 5-1:0.0: 2 ports detected
[  411.438437][T10542] bridge0: port 1(bridge_slave_0) entered blocking state
[  411.445783][T10542] bridge0: port 1(bridge_slave_0) entered disabled state
[  411.450058][ T1716] usb 2-1: USB disconnect, device number 40
[  411.453468][T10542] device bridge_slave_0 entered promiscuous mode
[  411.459940][ T1716] cdc_ether 2-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.1-1, CDC Ethernet Device
[  411.476806][T10542] bridge0: port 2(bridge_slave_1) entered blocking state
[  411.483905][T10542] bridge0: port 2(bridge_slave_1) entered disabled state
[  411.491081][T10542] device bridge_slave_1 entered promiscuous mode
[  411.515757][ T9136] hub 5-1:0.0: hub_hub_status failed (err = -71)
[  411.521921][ T9136] hub 5-1:0.0: config failed, can't get hub status (err -71)
[  411.804847][T10542] bridge0: port 2(bridge_slave_1) entered blocking state
[  411.811737][T10542] bridge0: port 2(bridge_slave_1) entered forwarding state
[  411.818878][T10542] bridge0: port 1(bridge_slave_0) entered blocking state
[  411.825867][T10542] bridge0: port 1(bridge_slave_0) entered forwarding state
[  411.844538][  T436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  411.852020][  T436] bridge0: port 1(bridge_slave_0) entered disabled state
[  411.859144][  T436] bridge0: port 2(bridge_slave_1) entered disabled state
[  411.870665][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  411.879104][   T24] bridge0: port 1(bridge_slave_0) entered blocking state
[  411.886073][   T24] bridge0: port 1(bridge_slave_0) entered forwarding state
[  411.888033][ T9136] usbhid 5-1:0.0: can't add hid device: -71
[  411.898882][  T414] hub 3-1:0.0: hub_hub_status failed (err = -32)
[  411.904964][  T414] hub 3-1:0.0: config failed, can't get hub status (err -32)
[  411.912494][ T9136] usbhid: probe of 5-1:0.0 failed with error -71
[  411.932844][T10542] device veth0_vlan entered promiscuous mode
[  411.940062][   T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  411.948502][ T9136] usb 5-1: USB disconnect, device number 17
[  411.954610][   T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  411.962331][   T65] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  411.970825][   T65] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  411.978230][   T65] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  411.986316][   T65] bridge0: port 2(bridge_slave_1) entered blocking state
[  411.993190][   T65] bridge0: port 2(bridge_slave_1) entered forwarding state
[  412.000497][   T65] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  412.008398][   T65] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  412.018736][  T414] usbhid 3-1:0.0: can't add hid device: -32
[  412.024610][  T414] usbhid: probe of 3-1:0.0 failed with error -32
[  412.039452][  T436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  412.049375][T10542] device veth1_macvtap entered promiscuous mode
[  412.061051][  T429] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  412.075089][   T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  412.096204][  T561] device bridge_slave_1 left promiscuous mode
[  412.102237][  T561] bridge0: port 2(bridge_slave_1) entered disabled state
[  412.109691][  T561] device bridge_slave_0 left promiscuous mode
[  412.115886][  T561] bridge0: port 1(bridge_slave_0) entered disabled state
[  412.126619][  T561] device veth1_macvtap left promiscuous mode
[  412.356578][T10560] loop4: detected capacity change from 0 to 40427
[  412.369335][T10560] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  412.382336][T10560] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  412.416742][T10560] F2FS-fs (loop4): Found nat_bits in checkpoint
[  412.473927][T10560] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  412.497535][T10560] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  412.505573][T10560] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  412.512373][ T1716] usb 1-1: new low-speed USB device number 38 using dummy_hcd
[  412.758821][T10592] loop2: detected capacity change from 0 to 128
[  412.792842][T10592] syz-executor.2: attempt to access beyond end of device
[  412.792842][T10592] loop2: rw=0, sector=121, nr_sectors = 120 limit=128
[  412.815654][  T610] kworker/u4:5: attempt to access beyond end of device
[  412.815654][  T610] loop2: rw=1, sector=241, nr_sectors = 800 limit=128
[  412.901616][   T24] usb 3-1: USB disconnect, device number 42
[  412.922747][ T1716] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  412.932795][ T1716] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  412.943845][ T1716] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 16, setting to 8
[  412.951238][   T65] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  412.954509][ T1716] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt
[  413.001196][ T1716] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  413.463489][ T1716] usb 1-1: string descriptor 0 read error: -22
[  413.469653][ T1716] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  413.479934][ T1716] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.500539][   T65] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 520
[  413.510460][T10574] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  413.517557][T10574] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  413.524715][   T65] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64
[  413.534460][   T65] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  413.548087][ T1716] cdc_ether: probe of 1-1:1.0 failed with error -22
[  413.621698][   T65] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  413.645369][   T65] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  413.653312][   T65] usb 5-1: SerialNumber: syz
[  413.677552][T10586] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  413.684636][T10586] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  413.733705][  T436] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  413.752716][ T1716] usb 1-1: USB disconnect, device number 38
[  413.858167][T10653] syz-executor.3[10653] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  413.858231][T10653] syz-executor.3[10653] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  413.886267][T10656] loop2: detected capacity change from 0 to 256
[  413.905778][T10586] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  413.912944][T10586] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  413.916467][T10656] FAT-fs (loop2): Directory bread(block 64) failed
[  413.926624][T10656] FAT-fs (loop2): Directory bread(block 65) failed
[  413.933508][T10656] FAT-fs (loop2): Directory bread(block 66) failed
[  413.940264][T10656] FAT-fs (loop2): Directory bread(block 67) failed
[  413.946630][T10656] FAT-fs (loop2): Directory bread(block 68) failed
[  413.953033][T10656] FAT-fs (loop2): Directory bread(block 69) failed
[  413.959810][T10656] FAT-fs (loop2): Directory bread(block 70) failed
[  413.966153][T10656] FAT-fs (loop2): Directory bread(block 71) failed
[  413.972675][T10656] FAT-fs (loop2): Directory bread(block 72) failed
[  413.979043][T10656] FAT-fs (loop2): Directory bread(block 73) failed
[  414.016585][   T28] kauditd_printk_skb: 2 callbacks suppressed
[  414.016600][   T28] audit: type=1326 audit(2000000126.774:3238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10661 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f461407cea9 code=0x7ffc0000
[  414.056995][   T28] audit: type=1326 audit(2000000126.807:3239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10661 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f461407cea9 code=0x7ffc0000
[  414.080994][   T28] audit: type=1326 audit(2000000126.807:3240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10661 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f461407cea9 code=0x7ffc0000
[  414.087703][  T436] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  414.105366][   T28] audit: type=1326 audit(2000000126.807:3241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10661 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f461407cea9 code=0x7ffc0000
[  414.135279][  T436] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  414.140031][   T28] audit: type=1326 audit(2000000126.807:3242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10661 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f461407cea9 code=0x7ffc0000
[  414.162382][  T436] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  414.172715][   T28] audit: type=1326 audit(2000000126.807:3243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10661 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f461407a627 code=0x7ffc0000
[  414.199984][  T436] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  414.205648][   T28] audit: type=1326 audit(2000000126.807:3244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10661 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4614040309 code=0x7ffc0000
[  414.223340][  T436] usb 2-1: config 0 descriptor??
[  414.236845][   T28] audit: type=1326 audit(2000000126.807:3245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10661 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f461407cea9 code=0x7ffc0000
[  414.283602][   T28] audit: type=1326 audit(2000000126.807:3246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10661 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f461407a627 code=0x7ffc0000
[  414.308847][T10667] loop2: detected capacity change from 0 to 128
[  414.315609][   T28] audit: type=1326 audit(2000000126.807:3247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10661 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4614040309 code=0x7ffc0000
[  414.376037][   T65] cdc_ether 5-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.4-1, CDC Ethernet Device, 42:42:42:42:42:42
[  414.379305][T10667] syz-executor.2: attempt to access beyond end of device
[  414.379305][T10667] loop2: rw=0, sector=121, nr_sectors = 120 limit=128
[  414.410519][  T561] kworker/u4:4: attempt to access beyond end of device
[  414.410519][  T561] loop2: rw=1, sector=241, nr_sectors = 800 limit=128
[  414.693263][ T9136] usb 5-1: USB disconnect, device number 18
[  414.699812][ T9136] cdc_ether 5-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.4-1, CDC Ethernet Device
[  414.803178][T10685] syz-executor.2[10685] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  414.803248][T10685] syz-executor.2[10685] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  414.834196][  T436] hid (null): bogus close delimiter
[  414.890475][T10691] loop2: detected capacity change from 0 to 16
[  414.897212][T10691] erofs: (device loop2): erofs_read_inode: unsupported chunk format ffff of nid 36
[  415.028978][  T436] usb 2-1: language id specifier not provided by device, defaulting to English
[  415.046039][T10699] loop2: detected capacity change from 0 to 128
[  415.076248][T10699] syz-executor.2: attempt to access beyond end of device
[  415.076248][T10699] loop2: rw=0, sector=121, nr_sectors = 120 limit=128
[  415.094982][   T10] kworker/u4:1: attempt to access beyond end of device
[  415.094982][   T10] loop2: rw=1, sector=241, nr_sectors = 800 limit=128
[  415.159543][   T65] usb 4-1: new low-speed USB device number 39 using dummy_hcd
[  415.191326][T10713] syz-executor.4[10713] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  415.191374][T10713] syz-executor.4[10713] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  415.373503][T10729] loop2: detected capacity change from 0 to 128
[  415.793286][   T65] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  415.808435][   T65] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  415.808494][T10731] syz-executor.2: attempt to access beyond end of device
[  415.808494][T10731] loop2: rw=0, sector=121, nr_sectors = 120 limit=128
[  415.828412][   T65] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 16, setting to 8
[  415.865275][  T610] kworker/u4:5: attempt to access beyond end of device
[  415.865275][  T610] loop2: rw=1, sector=241, nr_sectors = 800 limit=128
[  415.877118][   T65] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt
[  415.901052][   T65] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  416.466235][T10746] block device autoloading is deprecated and will be removed.
[  416.482331][T10748] syz-executor.4[10748] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  416.482410][T10748] syz-executor.4[10748] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  416.504880][T10750] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'.
[  416.516507][   T65] usb 4-1: string descriptor 0 read error: -22
[  416.531847][   T65] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  416.540835][   T65] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.566897][  T436] uclogic 0003:256C:006D.002D: failed retrieving string descriptor #200: -71
[  416.566970][T10693] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  416.580159][  T436] uclogic 0003:256C:006D.002D: failed retrieving pen parameters: -71
[  416.583384][T10693] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  416.601131][  T436] uclogic 0003:256C:006D.002D: failed probing pen v2 parameters: -71
[  416.611673][   T65] cdc_ether: probe of 4-1:1.0 failed with error -22
[  416.620254][  T436] uclogic 0003:256C:006D.002D: failed probing parameters: -71
[  416.632993][  T436] uclogic: probe of 0003:256C:006D.002D failed with error -71
[  416.636168][T10757] raw_sendmsg: syz-executor.4 forgot to set AF_INET. Fix it!
[  416.645845][  T436] usb 2-1: USB disconnect, device number 41
[  416.754095][T10760] loop4: detected capacity change from 0 to 128
[  416.762796][T10761] loop2: detected capacity change from 0 to 512
[  416.773305][T10761] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  416.846444][  T429] usb 4-1: USB disconnect, device number 39
[  416.854020][T10761] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz-executor.2: Allocating blocks 41-42 which overlap fs metadata
[  416.868668][T10761] EXT4-fs (loop2): 1 truncate cleaned up
[  416.874205][T10761] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  416.886124][T10761] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz-executor.2: Allocating blocks 41-42 which overlap fs metadata
[  416.904712][T10262] EXT4-fs (loop2): unmounting filesystem.
[  416.941414][T10262] EXT4-fs (loop2): pa ffff8881131e9c78: logic 1, phys. 41, len 23
[  416.949064][T10262] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4871: group 0, free 22, pa_free 23
[  417.913899][T10806] tmpfs: Unknown parameter 'f'
[  418.365686][  T436] usb 1-1: new low-speed USB device number 39 using dummy_hcd
[  419.670728][  T436] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  419.693965][  T436] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  419.722149][  T436] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 16, setting to 8
[  419.752435][  T436] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt
[  419.772858][  T436] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  419.813328][T10852] serio: Serial port ptm0
[  419.901802][T10839] loop1: detected capacity change from 0 to 40427
[  419.909209][T10839] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  419.917172][T10839] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  419.982531][T10857] loop4: detected capacity change from 0 to 256
[  420.083791][T10839] F2FS-fs (loop1): invalid crc value
[  420.145547][T10839] F2FS-fs (loop1): Found nat_bits in checkpoint
[  420.229342][T10839] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  420.229838][  T436] usb 1-1: string descriptor 0 read error: -22
[  420.236375][T10839] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  420.249473][  T436] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  420.249502][  T436] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.267714][T10805] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  420.278834][T10805] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  420.304807][  T436] cdc_ether: probe of 1-1:1.0 failed with error -22
[  420.389330][ T9716] syz-executor.1: attempt to access beyond end of device
[  420.389330][ T9716] loop1: rw=2051, sector=49152, nr_sectors = 4096 limit=40427
[  420.403615][ T9716] syz-executor.1: attempt to access beyond end of device
[  420.403615][ T9716] loop1: rw=2051, sector=57344, nr_sectors = 20480 limit=40427
[  420.425842][ T9716] syz-executor.1: attempt to access beyond end of device
[  420.425842][ T9716] loop1: rw=2051, sector=81920, nr_sectors = 4096 limit=40427
[  420.540106][ T9716] F2FS-fs (loop1): Issue discard(6144, 6144, 512) failed, ret: -5
[  420.540217][ T9716] F2FS-fs (loop1): Issue discard(7168, 7168, 2560) failed, ret: -5
[  420.559389][ T9716] F2FS-fs (loop1): Issue discard(10240, 10240, 512) failed, ret: -5
[  420.678443][   T24] usb 1-1: USB disconnect, device number 39
[  420.756746][T10878] loop4: detected capacity change from 0 to 256
[  420.823540][   T28] kauditd_printk_skb: 6 callbacks suppressed
[  420.823555][   T28] audit: type=1326 audit(2000000134.081:3250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10877 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4c9ba7cea9 code=0x0
[  421.070584][  T429] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  421.512312][  T429] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  422.098305][T10897] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
[  422.131348][  T429] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  422.155803][  T429] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  422.164482][  T429] usb 3-1: Product: syz
[  422.168582][  T429] usb 3-1: Manufacturer: syz
[  422.226550][  T429] usb 3-1: SerialNumber: syz
[  422.592799][T10913] loop4: detected capacity change from 0 to 512
[  422.802335][   T28] audit: type=1400 audit(2000000136.195:3251): avc:  denied  { mounton } for  pid=10902 comm="syz-executor.4" path="/root/syzkaller-testdir1640262727/syzkaller.wwDi8O/103/file0" dev="sda1" ino=1968 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=chr_file permissive=1
[  422.848015][T10913] EXT4-fs: old and new quota format mixing
[  423.305767][  T429] cdc_ncm 3-1:1.0: failed to get mac address
[  423.482698][   T24] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  423.501440][  T429] cdc_ncm 3-1:1.0: bind() failure
[  423.529523][  T429] cdc_ncm: probe of 3-1:1.1 failed with error -71
[  423.557046][T10946] serio: Serial port ptm0
[  423.561387][  T429] cdc_mbim: probe of 3-1:1.1 failed with error -71
[  423.571970][  T429] usb 3-1: USB disconnect, device number 43
[  423.618586][   T28] audit: type=1400 audit(2000000137.074:3252): avc:  denied  { getattr } for  pid=10948 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  423.771755][   T24] usb 5-1: Using ep0 maxpacket: 32
[  424.098980][   T24] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=e2.de
[  424.107930][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  424.115963][   T24] usb 5-1: Product: syz
[  424.124913][   T24] usb 5-1: Manufacturer: syz
[  424.141884][   T24] usb 5-1: SerialNumber: syz
[  424.299895][   T24] usb 5-1: config 0 descriptor??
[  425.160483][   T24] CoreChips: probe of 5-1:0.0 failed with error -71
[  425.169258][   T24] usb 5-1: USB disconnect, device number 19
[  425.374863][T10889] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  425.952715][T10889] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  426.010802][T11035] device ip6erspan0 entered promiscuous mode
[  426.120500][T10889] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  426.121061][T11051] ./file0: Can't open blockdev
[  426.129409][   T28] audit: type=1400 audit(2000000139.767:3253): avc:  denied  { mounton } for  pid=11050 comm="syz-executor.4" path="/root/syzkaller-testdir1640262727/syzkaller.wwDi8O/116/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  426.165703][T10889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.173664][T10889] usb 3-1: Product: syz
[  426.177859][T10889] usb 3-1: Manufacturer: syz
[  426.182375][T10889] usb 3-1: SerialNumber: syz
[  426.326057][   T24] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  426.419960][T11067] device ip6erspan0 entered promiscuous mode
[  426.586418][   T24] usb 2-1: Using ep0 maxpacket: 32
[  426.885371][   T24] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=e2.de
[  426.894591][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.903017][   T24] usb 2-1: Product: syz
[  426.916893][   T24] usb 2-1: Manufacturer: syz
[  426.921352][   T24] usb 2-1: SerialNumber: syz
[  426.931659][  T429] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  426.940377][   T24] usb 2-1: config 0 descriptor??
[  427.027258][T11085] loop4: detected capacity change from 0 to 256
[  427.201612][  T429] usb 4-1: Using ep0 maxpacket: 8
[  427.304183][T10889] cdc_ncm 3-1:1.0: failed to get mac address
[  427.322765][  T429] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  427.331710][  T429] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  427.340127][  T429] usb 4-1: config 0 descriptor??
[  427.509277][T10889] cdc_ncm 3-1:1.0: bind() failure
[  427.527901][T10889] cdc_ncm: probe of 3-1:1.1 failed with error -71
[  427.546590][T10889] cdc_mbim: probe of 3-1:1.1 failed with error -71
[  427.553716][T10889] usb 3-1: USB disconnect, device number 44
[  427.566079][T11091] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3012553984 (6025107968 ns) > initial count (4194304 ns). Using initial count to start timer.
[  427.583764][  T429] asix 4-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  427.735815][T11103] device ip6erspan0 entered promiscuous mode
[  427.807445][   T24] CoreChips: probe of 2-1:0.0 failed with error -71
[  427.819115][   T24] usb 2-1: USB disconnect, device number 42
[  427.919228][T11105] loop4: detected capacity change from 0 to 40427
[  427.926237][T11105] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  427.933875][T11105] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  427.942678][T11105] F2FS-fs (loop4): invalid crc value
[  427.949118][T11105] F2FS-fs (loop4): Found nat_bits in checkpoint
[  428.061015][T11105] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  428.067988][T11105] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  428.340475][T11116] syz-executor.4: attempt to access beyond end of device
[  428.340475][T11116] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  428.710686][T11130] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  428.751950][   T28] audit: type=1400 audit(2000000142.589:3254): avc:  denied  { getopt } for  pid=11134 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  428.818947][T11139] netlink: 'syz-executor.4': attribute type 1 has an invalid length.
[  428.827016][T11139] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  428.845891][   T28] audit: type=1326 audit(2000000142.686:3255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11140 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c9ba7cea9 code=0x7ffc0000
[  428.870652][   T28] audit: type=1326 audit(2000000142.686:3256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11140 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=23 compat=0 ip=0x7f4c9ba7cea9 code=0x7ffc0000
[  428.916388][T11143] bridge0: port 1(bridge_slave_0) entered blocking state
[  428.924058][T11143] bridge0: port 1(bridge_slave_0) entered disabled state
[  428.931434][T11143] device bridge_slave_0 entered promiscuous mode
[  428.943604][T11143] bridge0: port 2(bridge_slave_1) entered blocking state
[  428.950781][T11143] bridge0: port 2(bridge_slave_1) entered disabled state
[  428.958535][T11143] device bridge_slave_1 entered promiscuous mode
[  429.000995][T11143] bridge0: port 2(bridge_slave_1) entered blocking state
[  429.007858][T11143] bridge0: port 2(bridge_slave_1) entered forwarding state
[  429.014963][T11143] bridge0: port 1(bridge_slave_0) entered blocking state
[  429.021737][T11143] bridge0: port 1(bridge_slave_0) entered forwarding state
[  429.092594][T11149] 9pnet_fd: Insufficient options for proto=fd
[  429.292321][  T436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  429.300197][  T436] bridge0: port 1(bridge_slave_0) entered disabled state
[  429.308070][  T436] bridge0: port 2(bridge_slave_1) entered disabled state
[  429.317689][  T429] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0012: -71
[  429.330224][  T429] asix: probe of 4-1:0.0 failed with error -71
[  429.332594][  T436] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  429.337206][  T429] usb 4-1: USB disconnect, device number 40
[  429.344646][  T436] bridge0: port 1(bridge_slave_0) entered blocking state
[  429.356743][  T436] bridge0: port 1(bridge_slave_0) entered forwarding state
[  429.374667][ T9136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  429.382896][ T9136] bridge0: port 2(bridge_slave_1) entered blocking state
[  429.389766][ T9136] bridge0: port 2(bridge_slave_1) entered forwarding state
[  429.397056][ T9136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  429.405361][ T9136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  429.425484][ T9136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  429.437764][T11143] device veth0_vlan entered promiscuous mode
[  429.444436][T11151] loop1: detected capacity change from 0 to 40427
[  429.445024][  T436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  429.458519][T11151] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  429.459198][  T436] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  429.466128][T11151] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  429.473697][  T436] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  429.481962][T11151] F2FS-fs (loop1): invalid crc value
[  429.494614][T11151] F2FS-fs (loop1): Found nat_bits in checkpoint
[  429.507511][T10889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  429.517408][T11143] device veth1_macvtap entered promiscuous mode
[  429.528046][T10889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  429.533647][T11151] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  429.542921][T11151] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  429.559691][T10889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  430.017345][    T8] device bridge_slave_1 left promiscuous mode
[  430.024408][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  430.041895][ T9716] syz-executor.1: attempt to access beyond end of device
[  430.041895][ T9716] loop1: rw=2051, sector=49152, nr_sectors = 4096 limit=40427
[  430.061397][    T8] device bridge_slave_0 left promiscuous mode
[  430.067605][ T9716] syz-executor.1: attempt to access beyond end of device
[  430.067605][ T9716] loop1: rw=2051, sector=57344, nr_sectors = 20480 limit=40427
[  430.067862][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  430.098424][    T8] device veth1_macvtap left promiscuous mode
[  430.098840][ T9716] syz-executor.1: attempt to access beyond end of device
[  430.098840][ T9716] loop1: rw=2051, sector=81920, nr_sectors = 4096 limit=40427
[  430.109837][    T8] device veth0_vlan left promiscuous mode
[  430.119223][ T9716] F2FS-fs (loop1): Issue discard(6144, 6144, 512) failed, ret: -5
[  430.123934][ T9716] F2FS-fs (loop1): Issue discard(7168, 7168, 2560) failed, ret: -5
[  430.134012][ T9716] F2FS-fs (loop1): Issue discard(10240, 10240, 512) failed, ret: -5
[  430.382182][T11172] netlink: 216 bytes leftover after parsing attributes in process `syz-executor.0'.
[  430.411529][T11174] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  436.638302][T11205] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  436.736441][T11209] loop4: detected capacity change from 0 to 256
[  437.020576][T11220] fuse: Invalid rootmode
[  439.575007][T11232] netlink: 'syz-executor.0': attribute type 13 has an invalid length.
[  439.691090][   T28] audit: type=1326 audit(2000000154.316:3257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11247 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c9ba7cea9 code=0x7ffc0000
[  439.737845][   T28] audit: type=1326 audit(2000000154.348:3258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11247 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c9ba7cea9 code=0x7ffc0000
[  439.779841][   T28] audit: type=1326 audit(2000000154.348:3259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11247 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4c9ba7cea9 code=0x7ffc0000
[  439.813070][   T28] audit: type=1326 audit(2000000154.348:3260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11247 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c9ba7cea9 code=0x7ffc0000
[  439.844280][   T28] audit: type=1326 audit(2000000154.348:3261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11247 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c9ba7cea9 code=0x7ffc0000
[  439.869150][   T28] audit: type=1326 audit(2000000154.348:3262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11247 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f4c9ba7cea9 code=0x7ffc0000
[  439.894896][   T28] audit: type=1326 audit(2000000154.348:3263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11247 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c9ba7cea9 code=0x7ffc0000
[  440.392829][   T28] audit: type=1326 audit(2000000154.348:3264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11247 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c9ba7cea9 code=0x7ffc0000
[  440.403341][T11261] fuse: Invalid rootmode
[  440.446278][   T28] audit: type=1326 audit(2000000154.348:3265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11247 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4c9ba7cea9 code=0x7ffc0000
[  440.487826][   T28] audit: type=1326 audit(2000000154.348:3266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11247 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c9ba7cea9 code=0x7ffc0000
[  440.516429][T11265] loop1: detected capacity change from 0 to 512
[  440.564591][T11275] syz-executor.0[11275] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  440.564660][T11275] syz-executor.0[11275] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  440.605062][T11265] EXT4-fs (loop1): 1 orphan inode deleted
[  440.627029][T11265] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  440.659150][T11265] ext4 filesystem being mounted at /root/syzkaller-testdir1641986592/syzkaller.GtoF2Q/146/file1 supports timestamps until 2038 (0x7fffffff)
[  440.677324][T11285] netlink: 'syz-executor.0': attribute type 13 has an invalid length.
[  440.717588][ T9716] EXT4-fs (loop1): unmounting filesystem.
[  441.745847][T11326] loop1: detected capacity change from 0 to 4096
[  441.767097][T11326] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  441.784239][ T9716] EXT4-fs (loop1): unmounting filesystem.
[  441.920357][T11335] bridge0: port 3(syz_tun) entered blocking state
[  441.926772][T11335] bridge0: port 3(syz_tun) entered disabled state
[  441.935839][T11335] device syz_tun entered promiscuous mode
[  441.942419][T11335] bridge0: port 3(syz_tun) entered blocking state
[  441.948695][T11335] bridge0: port 3(syz_tun) entered forwarding state
[  442.194978][T11342] netlink: 'syz-executor.1': attribute type 13 has an invalid length.
[  442.509374][T11358] device pim6reg1 entered promiscuous mode
[  443.408721][T11388] fuse: Invalid rootmode
[  443.614666][T11395] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=11395 comm=syz-executor.2
[  443.814547][T11405] overlayfs: workdir and upperdir must reside under the same mount
[  443.869235][T11405] overlayfs: statfs failed on './file0'
[  444.299556][T11438] overlayfs: workdir and upperdir must reside under the same mount
[  444.325764][T11438] overlayfs: statfs failed on './file0'
[  444.498051][T11434] loop4: detected capacity change from 0 to 40427
[  444.509456][T11434] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[  444.521409][T11434] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  444.535751][T11434] F2FS-fs (loop4): invalid crc value
[  444.559540][T11434] F2FS-fs (loop4): Found nat_bits in checkpoint
[  444.635958][T11434] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  444.644031][T11434] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  444.699388][ T9604] syz-executor.4: attempt to access beyond end of device
[  444.699388][ T9604] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  444.733129][T11452] syz-executor.2[11452] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  444.733205][T11452] syz-executor.2[11452] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  444.922599][T11455] loop2: detected capacity change from 0 to 16
[  444.968018][T11455] erofs: (device loop2): mounted with root inode @ nid 36.
[  445.159575][T11457] device pim6reg1 entered promiscuous mode
[  445.209365][T11461] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=11461 comm=syz-executor.4
[  446.022326][T11478] overlayfs: workdir and upperdir must reside under the same mount
[  446.032479][T11478] overlayfs: statfs failed on './file0'
[  446.053150][   T28] kauditd_printk_skb: 139 callbacks suppressed
[  446.053166][   T28] audit: type=1400 audit(2000000161.150:3406): avc:  denied  { write } for  pid=11479 comm="syz-executor.2" name="snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  446.076335][T11480] random: crng reseeded on system resumption
[  446.770437][T11500] device pim6reg1 entered promiscuous mode
[  446.982747][T11516] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  447.071130][T11525] device pim6reg1 entered promiscuous mode
[  447.145071][T11535] tmpfs: Bad value for 'size'
[  447.245993][T11548] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  447.506622][T11565] overlayfs: statfs failed on './file0'
[  447.744384][  T436] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  447.790622][ T4243] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  448.036289][   T28] audit: type=1400 audit(2000000163.275:3407): avc:  denied  { mounton } for  pid=11576 comm="syz-executor.2" path="/root/syzkaller-testdir971113141/syzkaller.otBHMV/104/file0" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  448.135570][ T4243] usb 5-1: config index 0 descriptor too short (expected 45, got 36)
[  448.143627][ T4243] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  448.153671][ T4243] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  448.154771][  T436] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  448.168350][ T4243] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  448.181789][ T4243] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  448.192008][ T4243] usb 5-1: config 0 descriptor??
[  448.201555][  T436] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  448.210644][  T436] usb 2-1: config 1 interface 0 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  448.224691][  T436] usb 2-1: config 1 interface 0 has no altsetting 0
[  448.406531][  T436] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  448.415400][  T436] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.429559][  T436] usb 2-1: Product: syz
[  448.433627][  T436] usb 2-1: Manufacturer: syz
[  448.439643][  T436] usb 2-1: SerialNumber: syz
[  448.660496][T11570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  448.668870][T11570] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  448.686102][  T436] cdc_mbim: probe of 2-1:1.0 failed with error -71
[  448.693488][  T436] usb 2-1: USB disconnect, device number 43
[  448.695330][   T24] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  448.713785][ T4243] usb 5-1: string descriptor 0 read error: -71
[  448.720699][ T4243] usb 5-1: USB disconnect, device number 20
[  449.040229][   T24] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  449.050900][   T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  449.133292][   T24] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  449.142346][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  449.150155][   T24] usb 3-1: SerialNumber: syz
[  449.413008][   T24] usb 3-1: 0:2 : does not exist
[  449.421501][   T24] usb 3-1: USB disconnect, device number 45
[  450.325802][ T9136] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  450.680627][ T9136] usb 3-1: config index 0 descriptor too short (expected 45, got 36)
[  450.688645][ T9136] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  450.699845][ T9136] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  450.708651][ T9136] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  450.717498][ T9136] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  450.736673][ T9136] usb 3-1: config 0 descriptor??
[  451.212522][T11629] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  451.227123][T11629] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  451.232676][T11658] EXT4-fs warning (device sda1): verify_group_input:151: Cannot add at group 49 (only 8 groups)
[  451.304536][ T9136] usb 3-1: string descriptor 0 read error: -71
[  451.311093][ T9136] usb 3-1: USB disconnect, device number 46
[  451.668250][ T5081] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  452.286434][ T5081] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  452.441985][ T5081] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  452.450998][ T5081] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  452.458835][ T5081] usb 4-1: Product: syz
[  452.462944][ T5081] usb 4-1: Manufacturer: syz
[  452.467444][ T5081] usb 4-1: SerialNumber: syz
[  453.466775][   T24] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  453.514051][ T5081] cdc_ncm 4-1:1.0: failed to get mac address
[  453.709616][ T5081] cdc_ncm 4-1:1.0: bind() failure
[  453.724007][   T28] audit: type=1400 audit(2000000169.379:3408): avc:  denied  { ioctl } for  pid=11710 comm="syz-executor.2" path="socket:[67630]" dev="sockfs" ino=67630 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  453.737578][T11711] device syzkaller0 entered promiscuous mode
[  453.750382][ T5081] cdc_ncm: probe of 4-1:1.1 failed with error -71
[  453.793104][ T5081] cdc_mbim: probe of 4-1:1.1 failed with error -71
[  453.801203][ T5081] usb 4-1: USB disconnect, device number 41
[  453.802471][   T24] usb 2-1: config index 0 descriptor too short (expected 45, got 36)
[  453.823287][   T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  453.833499][   T24] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  453.842528][T11713] netlink: 472 bytes leftover after parsing attributes in process `syz-executor.2'.
[  453.851882][   T24] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  453.861026][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  453.876249][   T24] usb 2-1: config 0 descriptor??
[  454.400995][T11702] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  454.409880][T11702] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  454.449422][T11726] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  454.454822][   T24] usb 2-1: string descriptor 0 read error: -71
[  454.470629][   T24] usb 2-1: USB disconnect, device number 44
[  454.476725][   T28] audit: type=1326 audit(2000000170.173:3409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11727 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb8307cea9 code=0x7ffc0000
[  454.502331][   T28] audit: type=1326 audit(2000000170.173:3410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11727 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbb8307cea9 code=0x7ffc0000
[  454.536816][   T28] audit: type=1326 audit(2000000170.173:3411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11727 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb8307cea9 code=0x7ffc0000
[  454.563393][   T28] audit: type=1326 audit(2000000170.173:3412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11727 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbb8307cea9 code=0x7ffc0000
[  454.592566][   T28] audit: type=1326 audit(2000000170.313:3413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11727 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb8307cea9 code=0x7ffc0000
[  454.616559][   T28] audit: type=1326 audit(2000000170.313:3414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11727 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbb8307a627 code=0x7ffc0000
[  454.640407][   T28] audit: type=1326 audit(2000000170.313:3415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11727 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbb83040309 code=0x7ffc0000
[  454.664548][   T28] audit: type=1326 audit(2000000170.313:3416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11727 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbb8307a627 code=0x7ffc0000
[  454.688451][   T28] audit: type=1326 audit(2000000170.313:3417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11727 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbb83040309 code=0x7ffc0000
[  454.795424][T11735] 9pnet_fd: Insufficient options for proto=fd
[  454.869591][T11741] netlink: 472 bytes leftover after parsing attributes in process `syz-executor.3'.
[  454.958620][T11749] netlink: 172 bytes leftover after parsing attributes in process `syz-executor.1'.
[  455.670338][T11767] netlink: 472 bytes leftover after parsing attributes in process `syz-executor.3'.
[  455.919208][T11792] loop1: detected capacity change from 0 to 8192
[  456.560644][T11798] netlink: 472 bytes leftover after parsing attributes in process `syz-executor.1'.
[  456.771777][T11818] netlink: 172 bytes leftover after parsing attributes in process `syz-executor.2'.
[  457.158255][T11830] netlink: 472 bytes leftover after parsing attributes in process `syz-executor.1'.
[  457.189174][T11833] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  457.534565][T11844] devtmpfs: Unknown parameter 'source    8 kB
[  457.534565][T11844] Pss_Dirty:             8 kB
[  457.534565][T11844] Shared_Clean:          0 kB
[  457.534565][T11844] Shared_Dirty:          0 kB
[  457.534565][T11844] Private_Clean:         0 kB
[  457.534565][T11844] Private_Dirty:         8 kB
[  457.534565][T11844] Referenced:            8 kB
[  457.534565][T11844] Anonymous:             8 kB
[  457.534565][T11844] LazyFree:              0 kB
[  457.534565][T11844] AnonHugePages:         0 kB
[  457.534565][T11844] ShmemPmdMapped:        0 kB
[  457.534565][T11844] FilePmdMapped:         0 kB
[  457.534565][T11844] Shared_Hugetlb:        0 kB
[  457.534565][T11844] Private_Hugetlb:       0 kB
[  457.534565][T11844] Swap:                  0 kB
[  457.534565][T11844] SwapPss:               0 kB
[  457.534565][T11844] Locked:                0 kB
[  457.534565][T11844] THPeligible:    0
[  457.534565][T11844] VmFlags: rd wr ex mr mw me ac 
[  457.536603][T11844] overlayfs: missing 'lowerdir'
[  457.907054][T11849] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  458.162840][T11853] loop2: detected capacity change from 0 to 1024
[  458.208870][T11853] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  458.247339][T10262] EXT4-fs (loop2): unmounting filesystem.
[  458.274729][T11859] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[  458.286378][T11859] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[  458.294625][T11859] CPU: 1 PID: 11859 Comm: syz-executor.2 Tainted: G        W          6.1.78-syzkaller-00009-g25216be1ac5e #0
[  458.306080][T11859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  458.315982][T11859] RIP: 0010:dev_map_generic_redirect+0x90/0x7d0
[  458.322056][T11859] Code: f1 f1 00 f2 f2 f2 4b 89 04 26 43 c7 44 26 0f f3 f3 f3 f3 43 c6 44 26 13 f3 e8 ac 07 de ff 48 89 d8 48 c1 e8 03 48 89 44 24 48 <42> 80 3c 20 00 74 08 48 89 df e8 f1 04 25 00 48 89 5c 24 18 4c 8b
[  458.341489][T11859] RSP: 0018:ffffc900082c76c0 EFLAGS: 00010246
[  458.347387][T11859] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000
[  458.355211][T11859] RDX: ffffc9000a189000 RSI: 0000000000000414 RDI: 0000000000000415
[  458.363014][T11859] RBP: ffffc900082c7818 R08: 0000000000000005 R09: ffffffff8411e7b3
[  458.370834][T11859] R10: 0000000000000004 R11: ffff88810db90000 R12: dffffc0000000000
[  458.378639][T11859] R13: ffff888116182a00 R14: 1ffff92001058ee4 R15: 0000000000000000
[  458.386446][T11859] FS:  00007f4614d256c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  458.395215][T11859] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  458.401639][T11859] CR2: 0000000020010000 CR3: 00000001279c4000 CR4: 00000000003506a0
[  458.409453][T11859] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  458.417264][T11859] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  458.425168][T11859] Call Trace:
[  458.428291][T11859]  <TASK>
[  458.431062][T11859]  ? __die_body+0x62/0xb0
[  458.435226][T11859]  ? die_addr+0x9f/0xd0
[  458.439219][T11859]  ? exc_general_protection+0x317/0x4c0
[  458.444607][T11859]  ? asm_exc_general_protection+0x27/0x30
[  458.450157][T11859]  ? xdp_do_generic_redirect+0x303/0xad0
[  458.455627][T11859]  ? dev_map_generic_redirect+0x90/0x7d0
[  458.461090][T11859]  ? __free_pages_core+0x180/0x180
[  458.466041][T11859]  ? __this_cpu_preempt_check+0x13/0x20
[  458.471421][T11859]  ? bq_enqueue+0x3e0/0x3e0
[  458.475766][T11859]  ? bpf_prog_run_generic_xdp+0x9aa/0x1110
[  458.481413][T11859]  xdp_do_generic_redirect+0x411/0xad0
[  458.486713][T11859]  do_xdp_generic+0x53e/0x800
[  458.491213][T11859]  ? generic_xdp_tx+0x560/0x560
[  458.495910][T11859]  ? tun_get_user+0x2340/0x3a90
[  458.500586][T11859]  tun_get_user+0x238a/0x3a90
[  458.505202][T11859]  ? cpu_curr_snapshot+0x90/0x90
[  458.509971][T11859]  ? tun_do_read+0x1ee0/0x1ee0
[  458.514565][T11859]  ? ref_tracker_alloc+0x31d/0x450
[  458.519516][T11859]  ? ref_tracker_dir_print+0x160/0x160
[  458.524813][T11859]  ? avc_policy_seqno+0x1b/0x70
[  458.529495][T11859]  ? tun_get+0xe9/0x120
[  458.533485][T11859]  tun_chr_write_iter+0x129/0x210
[  458.538695][T11859]  vfs_write+0x902/0xeb0
[  458.542780][T11859]  ? __x64_sys_prctl+0xd0/0xd0
[  458.547634][T11859]  ? file_end_write+0x1c0/0x1c0
[  458.552450][T11859]  ? __fget_files+0x2cb/0x330
[  458.556985][T11859]  ? __fdget_pos+0x204/0x390
[  458.561388][T11859]  ? ksys_write+0x77/0x2c0
[  458.565641][T11859]  ksys_write+0x199/0x2c0
[  458.569812][T11859]  ? __x64_sys_futex+0x100/0x100
[  458.574582][T11859]  ? __ia32_sys_read+0x90/0x90
[  458.579181][T11859]  ? fpregs_restore_userregs+0x130/0x290
[  458.584648][T11859]  __x64_sys_write+0x7b/0x90
[  458.589073][T11859]  do_syscall_64+0x3d/0xb0
[  458.593327][T11859]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  458.599061][T11859] RIP: 0033:0x7f461407bbef
[  458.603310][T11859] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 b9 80 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 0c 81 02 00 48
[  458.622756][T11859] RSP: 002b:00007f4614d25090 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  458.631002][T11859] RAX: ffffffffffffffda RBX: 00007f46141b3f80 RCX: 00007f461407bbef
[  458.638810][T11859] RDX: 000000000000fdef RSI: 0000000020000780 RDI: 00000000000000c8
[  458.646620][T11859] RBP: 00007f46140ebff4 R08: 0000000000000000 R09: 0000000000000000
[  458.654428][T11859] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000
[  458.662237][T11859] R13: 000000000000000b R14: 00007f46141b3f80 R15: 00007ffd2f2ff2f8
[  458.670057][T11859]  </TASK>
[  458.672996][T11859] Modules linked in:
[  458.676909][T11859] ---[ end trace 0000000000000000 ]---
[  458.682121][T11859] RIP: 0010:dev_map_generic_redirect+0x90/0x7d0
[  458.688224][T11859] Code: f1 f1 00 f2 f2 f2 4b 89 04 26 43 c7 44 26 0f f3 f3 f3 f3 43 c6 44 26 13 f3 e8 ac 07 de ff 48 89 d8 48 c1 e8 03 48 89 44 24 48 <42> 80 3c 20 00 74 08 48 89 df e8 f1 04 25 00 48 89 5c 24 18 4c 8b
[  458.707674][T11859] RSP: 0018:ffffc900082c76c0 EFLAGS: 00010246
[  458.713534][T11859] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000
[  458.721394][T11859] RDX: ffffc9000a189000 RSI: 0000000000000414 RDI: 0000000000000415
[  458.729198][T11859] RBP: ffffc900082c7818 R08: 0000000000000005 R09: ffffffff8411e7b3
[  458.737011][T11859] R10: 0000000000000004 R11: ffff88810db90000 R12: dffffc0000000000
[  458.744806][T11859] R13: ffff888116182a00 R14: 1ffff92001058ee4 R15: 0000000000000000
[  458.752709][T11859] FS:  00007f4614d256c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  458.761493][T11859] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  458.767872][T11859] CR2: 0000000020010000 CR3: 00000001279c4000 CR4: 00000000003506a0
[  458.775727][T11859] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  458.783532][T11859] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  458.791335][T11859] Kernel panic - not syncing: Fatal exception in interrupt
[  458.798612][T11859] Kernel Offset: disabled
[  458.802859][T11859] Rebooting in 86400 seconds..