last executing test programs:

3.433991586s ago: executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_ext_remove_space\x00', r1}, 0x10)
write$cgroup_int(r0, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r0, 0x4030582b, &(0x7f0000000000)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

3.252533862s ago: executing program 4:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000ac0)={{r0}, &(0x7f0000000a40), &(0x7f0000000a80)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
write$uinput_user_dev(r2, &(0x7f0000000800)={'syz1\x00'}, 0x45c)
ioctl$UI_DEV_CREATE(r2, 0x5501)

3.212151968s ago: executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x5, 0x6, 0x1000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x10)
fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
fgetxattr(r2, &(0x7f0000000000)=ANY=[], 0x0, 0x0)

3.189327312s ago: executing program 4:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, 0x0)
write(r0, 0x0, 0x0)
r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000340)={0xffffffffffffffb4, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)

1.941575769s ago: executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x4e22, @private}, 0x10, 0x0, 0x0, &(0x7f0000000040)=[@ip_retopts={{0x1c, 0x0, 0x7, {[@noop, @ssrr={0x89, 0xb, 0x4, [@private, @multicast1]}]}}}], 0x20}, 0x0)

1.928578101s ago: executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
unshare(0x60600)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000040)=@v2={0x2, @adiantum, 0x0, '\x00', @auto="ff53133206d1bf442d38f6c23e1e4f1f"})

1.914243813s ago: executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmsg(r2, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x5452, &(0x7f0000000a00)={'dvmrp0\x00', @random="63749f3b111e"})
setsockopt$sock_attach_bpf(r2, 0x1, 0x7, &(0x7f0000000000), 0x4)

1.284639048s ago: executing program 2:
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
listen(0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f0000000000), 0x0)
io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0)
read$ptp(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='signal_generate\x00', r1}, 0x10)
timer_create(0x3, &(0x7f0000000100)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{}, {0x0, 0x989680}}, 0x0)
r2 = socket(0x10, 0x803, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r2)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)

1.222854877s ago: executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000002c0)="f7", 0x1}], 0x1}, 0x20004001)
recvmsg$unix(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
sendmsg$unix(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="1c", 0x1}], 0x1, &(0x7f0000001080)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x41)

1.114164933s ago: executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
unshare(0x60600)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000040)=@v2={0x2, @adiantum, 0x0, '\x00', @auto="ff53133206d1bf442d38f6c23e1e4f1f"})

1.103966875s ago: executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='ext4_unlink_exit\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='ext4_unlink_exit\x00', r1}, 0x10)
unlink(&(0x7f0000000140)='./cgroup\x00')

1.077751198s ago: executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff})
close(r2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
close(r2)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe15, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffff4b, 0x0}}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r4, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r4}, 0x0, 0x0}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r4, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_da_write_pages_extent\x00', r1}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='ext4_da_write_pages_extent\x00', r5}, 0x10)
write$cgroup_type(r6, &(0x7f0000000000), 0x9)

1.058066831s ago: executing program 3:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000090000000000000000030800850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000003c0), 0x0, 0x0)

1.027034516s ago: executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0}, &(0x7f00000001c0), &(0x7f00000002c0)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='tlb_flush\x00', r2}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
r3 = open(&(0x7f0000000140)='./bus\x00', 0x400145042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x12, r3, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

1.007190489s ago: executing program 3:
r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x2a0800, 0x40)
sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000127bd7000ffdbdf251a000000060021006100000004002598172b3c0061000000050092000400000008009a000100000008009a0001000000ccbd65b6df9f4685700b0cc1d35f09967c949ea4744dbd0f9fae4afb600abcd91e71ffdfb427a1075f1a0287558932dd782730e08989581863b9ece8408e5af11bff840c1b2a4776c3e9cb7174670027f01d7e4b0942692c4aafe399dc53a916c5d0c45ae89e18f0cc1533c1e8aca92fd01f07ce5ab4311e4b5813a3c227e3d0c834c78c"], 0x40}, 0x1, 0x0, 0x0, 0x20041081}, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r2 = gettid()
tkill(r2, 0xb)
ptrace$ARCH_SHSTK_STATUS(0x1e, r2, &(0x7f0000000000), 0x5005)
getresuid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0))
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv6_delrule={0x2c, 0x21, 0xf, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_SUPPRESS_PREFIXLEN={0x8}, @FIB_RULE_POLICY=@FRA_SUPPRESS_IFGROUP={0x8}]}, 0x2c}}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000002780), 0x2, 0x0)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000027c0))
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000001700)=0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x1c, 0x18, 0xa01, 0x0, 0x0, {0x4}, [@typed={0x8, 0x17, 0x0, 0x0, @u32=0x2}]}, 0x1c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000002e00), 0xffffffffffffffff)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f00000014c0)={'wg1\x00', &(0x7f0000000040)=@ethtool_gstrings})
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000002e40)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r1, &(0x7f0000004440)={0x0, 0x0, &(0x7f0000004400)={&(0x7f0000000080)=ANY=[@ANYRES16, @ANYBLOB="010000000000000000007500000008000300f023197477f1b63baacf8746b786753923d19675cf11b30268f3c59c7a6664cec4d0bb88e7c040e3c5863c36755c200680b5f1d87d0b86f02c6550b2988060d86a19ccadc1137746dfcffd1f8db2029157877cfb4ac4cd827f4df98914883113f00d171d38c15a20d847ab363cb0f059", @ANYRES32=r8, @ANYBLOB], 0x1c}}, 0x0)

993.084701ms ago: executing program 3:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x77)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000080000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000040008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b0001110000000904"], 0x0)

971.856944ms ago: executing program 0:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x0, 0x0, 0x800}, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = socket(0x10, 0x2, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000080)={0x8}, 0x10)
write(r0, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x3ffffffffffffda, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400})

493.244716ms ago: executing program 1:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f0000001fc0)=""/184, 0xb8)
r3 = memfd_create(&(0x7f0000000d00)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eS\xaeX\x93\x7f\xd3\xb9\x84Q\x9c\"\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x90\x1f\x94\x01M.\x16\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1\x00\x10\x00\x00\x00\x00\x00\x00\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xbex\xb5-\x05\x01\x11\xfa\xcf\x1dm\xb5X\xe9\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2\x03\xe2j$F1n@\xde\n9t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5\xa4\x05#\x7f\xa8\x01\x00\x82ih\xf9?\x03Q\xf5\"\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebh\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x85\x1b8OE\x04\x9a\xd8\x80\x10x\xbf\n0\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\xba\x8b\x14\x9a?\x8e\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96{\xc0e\xa1\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!)\xf4\x9b\x1dI\x9ex;\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\xe6k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xecZ`\xa4\xa0(\xf9\x98B\xaf\xde*\x91\xddk\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\x00C\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84p\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x14\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcaQ\xdf\x87\xbdjp\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd0k\\\x92\x19a6Sv\x05%{\xe2\xe9\xf1\xddRB$8\xb0q9\xa1g&\x17\xe5P\xef\xb1<\xb6\xe2\xb2\xc06^\x0f4\xba\x10\xba\x00\x00\x00\x00\x00\x00\x00\x00\xef\xba\"\xb7\xc7~T\xc4Ei\xfdk\xa9\"F\xa9C\xa0\xd3\xa0\x1b\xbf\x13\xfb\x14S<\xa6\n5\x86\x9e\xb2=8\'g`\x8f\xa8\x027\xbd\xb5s\xe9dti\xc0\xbd\\H\xe5v\xdd\x0fP\x8b+-\x02i\x8eZU\xa8YB\xfc\xc2R7\xe9\x11\x06\x1aRd\xa93\xa1\\\xf4_s\xf7\xe8+\xbdg\x13\xaea\x04\xd8\x82\xf6\x90\xaf1\x86b\x81J\xb7E\xb0\xe2\xd6\x93S\xb3\x98\xcb\xf9\xde=\xd6T\x8d\xea\xab\xa9Z!\xd3-\xa6_\xc4\xa4\xb6+\x89\xdc]O<g\x06~\x12W\x86\x06\xba\x15#\xa7Q\xffa\x926>\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x9d\bT\xcd\xa2\xea', 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
mmap$IORING_OFF_CQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x12, r4, 0x8000000)
getdents(r2, &(0x7f0000000180)=""/108, 0x6c)

479.425158ms ago: executing program 1:
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000100)='sys_enter\x00', r1}, 0x10)
setgroups(0x0, 0x0)

468.015629ms ago: executing program 1:
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000100000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)

446.667803ms ago: executing program 1:
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000180)=0x7f, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000140)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000000c0)="ef", 0xffe3}], 0x1, 0x0, 0x0, 0x20000000}, 0xa}], 0x420, 0x0)

437.661215ms ago: executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x2, 0x1, 0x10}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

428.140455ms ago: executing program 1:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = open$dir(&(0x7f0000000380)='./file0\x00', 0x101000, 0xc1)
symlinkat(&(0x7f0000000300)='./file0\x00', r3, &(0x7f00000003c0)='./file0\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000402505a1a440000000010109023b000101000000090400001202068202"], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, &(0x7f00000000c0)={0x0, 0x0, 0xc, {0xc, 0x0, "ed1ed5f4962f010ba046"}}, 0x0, 0x0, 0x0}, 0x0)

377.628303ms ago: executing program 2:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000090000000000000000030800850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000003c0), 0x0, 0x0)

366.853435ms ago: executing program 2:
r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x2a0800, 0x40)
sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000127bd7000ffdbdf251a000000060021006100000004002598172b3c0061000000050092000400000008009a000100000008009a0001000000ccbd65b6df9f4685700b0cc1d35f09967c949ea4744dbd0f9fae4afb600abcd91e71ffdfb427a1075f1a0287558932dd782730e08989581863b9ece8408e5af11bff840c1b2a4776c3e9cb7174670027f01d7e4b0942692c4aafe399dc53a916c5d0c45ae89e18f0cc1533c1e8aca92fd01f07ce5ab4311e4b5813a3c227e3d0c834c78c"], 0x40}, 0x1, 0x0, 0x0, 0x20041081}, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r2 = gettid()
tkill(r2, 0xb)
ptrace$ARCH_SHSTK_STATUS(0x1e, r2, &(0x7f0000000000), 0x5005)
getresuid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0))
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv6_delrule={0x2c, 0x21, 0xf, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_SUPPRESS_PREFIXLEN={0x8}, @FIB_RULE_POLICY=@FRA_SUPPRESS_IFGROUP={0x8}]}, 0x2c}}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000002780), 0x2, 0x0)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000027c0))
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000001700)=0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x1c, 0x18, 0xa01, 0x0, 0x0, {0x4}, [@typed={0x8, 0x17, 0x0, 0x0, @u32=0x2}]}, 0x1c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000002e00), 0xffffffffffffffff)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f00000014c0)={'wg1\x00', &(0x7f0000000040)=@ethtool_gstrings})
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000002e40)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r1, &(0x7f0000004440)={0x0, 0x0, &(0x7f0000004400)={&(0x7f0000000080)=ANY=[@ANYRES16, @ANYBLOB="010000000000000000007500000008000300f023197477f1b63baacf8746b786753923d19675cf11b30268f3c59c7a6664cec4d0bb88e7c040e3c5863c36755c200680b5f1d87d0b86f02c6550b2988060d86a19ccadc1137746dfcffd1f8db2029157877cfb4ac4cd827f4df98914883113f00d171d38c15a20d847ab363cb0f059", @ANYRES32=r8, @ANYBLOB], 0x1c}}, 0x0)

349.761387ms ago: executing program 2:
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000002, &(0x7f0000000080), 0x1, 0x52e, &(0x7f0000000a80)="$eJzs3c9vI1cdAPDvTH52mza70ANUwC5QWNBq7Y23XVW9tHsBoaoSouKAOGxD4o1C7DjETmlCJNK/ASSQOMGfwAGJA1JPHLhxROKAkMoBaYEItEECyWjGk9RNnMY0jg3x5yONZt48+33fW+/Mm3l25gUwtm5ExF5ETEfEGxExX+xPiiVe6SzZ6x7v7y4d7O8uJdFuv/7XJM/P9kXXezJPFmXORsTXvhzxreRk3Ob2ztpirVbdLNLlVn2j3Nzeub1aX1yprlTXK5V7C/fuvHj3hcrA2nq9/vNHX1p99eu/+uUn3/3t3he/l1VrrsjrbscgdZo+dRQnMxkRr15EsBGYKNbTI64HH04aER+JiM/kx/98TOT/OwGAy6zdno/2fHcaALjs0nwMLElLxVjAXKRpqdQZw3smrqS1RrN162Fja325M1Z2NabSh6u16p1rM7//Tn7FMJVk6YU8L8/P05Vj6bsRcS0ifjjzRJ4uLTVqy6O77AGAsfbksf7/HzOd/r8PPb7VAwD+b8yOugIAwNDp/wFg/Oj/AWD89NH/F1/27114XQCA4XD/DwDjR/8PAONH/w8AY+Wrr72WLe2D4vnXy29ub6013ry9XG2ulepbS6WlxuZGaaXRWMmf2VM/q7xao7Gx8HxsvVVuVZutcnN750G9sbXeepA/1/tBdWoorQIAPsi16+/8LomIvZeeyJfomstBXw2XWzrqCgAjMzHqCgAjY7YvGF/93+P/5kLrAYxOz4d5z/bcfL8f/xdB/M4I/qfc/Hj/4//meIbLxfg/jK8PN/7/8sDrAQyf8X8YX+12cnzO/+mjLADgUjrHb/zb3x/URQgwUmdN5j2Q7/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgkpmLiG9HkpaKucDnIk1LpYinIuJqTCUPV2vVOxHxdFyPiKmZLL0w6koDAOeU/jkp5v+6Of/c3PHc6eSfM/k6Ir77k9d/9NZiq7W5kO3/29H+mcPpwyrvve8c8woCAAOW99+VYt11I/94f3fpcBlmfR7dj38XUxEvHezv5ksnZzIm8/Vsfi1x5e9Jke7MRfpsREwMIP7e2xHxsV7tT/KxkavFzKfd8aOI/dRQ46fvi5/meZ11dvH10QHUBcbNO/cj4pVex18aN/J17+N/Nj9Dnd+j+53CDs99B13xD89/Ez3iZ8f8jX5jPP/rr5zY2Z7v5L0d8exkr/jJUfzklPjP9Rn/D5/41A9ePiWv/dOIm9E7fnescqu+UW5u79xerS+uVFeq65XKvYV7d168+0KlnI9Rlw9Hqk/6y0u3nj6tbln7r5wSf7Zn+6eP3vu5Ptv/s3+98c1Pf0D8L3y29+f/TM/4HVmf+Pk+4y9e+cWp03dn8ZdPaf9Zn/+tPuO/+6ed5T5fCgAMQXN7Z22xVqtunmsjuwsdRDknNrIqDrTAMzb+GMOLdebG1EX9q174xuTRteJgS/5GVuKQm5MOvBXn2ng8rFijPS8BF++9g37UNQEAAAAAAAAAAAAAAE4zjD9dGnUbAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLz+EwAA//+2KMyN")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000040), 0xa236)
ioctl$FS_IOC_RESVSP(r2, 0x40305839, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xfa64})
ftruncate(r2, 0x3)
r3 = dup3(r1, r0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_cpus\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000380), 0x101bf)
ioctl$EXT4_IOC_MOVE_EXT(r3, 0xc028660f, &(0x7f00000000c0)={0x0, r4})

286.827067ms ago: executing program 2:
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000000c0)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x36, 0x4, 0x0, 0x0, 0xd8, 0x64, 0x0, 0x0, 0x29, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x5, 0x4]}, @timestamp_prespec={0x44, 0x44, 0x0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1, 0x5}, {@remote, 0x8}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@broadcast, 0x2}, {@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000100)={'syz', 0x0}, 0x0, 0xfffffffffffffff8)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

250.920182ms ago: executing program 4:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
chdir(&(0x7f0000000000)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)

58.406411ms ago: executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00')
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000340)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8, 0x3, r4}]}, 0x40}, 0x1, 0xd}, 0x0)

0s ago: executing program 4:
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
write$binfmt_script(r1, &(0x7f00000004c0)={'#! ', './file0'}, 0xb)
splice(r3, 0x0, r4, 0x0, 0x8000f28, 0x0)
splice(r0, 0x0, r4, 0x0, 0x80, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x4, 0xf1, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
write$binfmt_misc(r4, &(0x7f0000000100)={'syz1'}, 0x4)
write(r2, 0x0, 0x0)

kernel console output (not intermixed with test programs):

nterface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[   33.373856][  T466] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[   33.382759][  T466] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   33.394971][  T466] usb 3-1: Product: syz
[   33.399233][  T466] usb 3-1: Manufacturer: syz
[   33.408185][  T466] usb 3-1: SerialNumber: syz
[   33.684286][  T466] usb 3-1: config 0 descriptor??
[   33.709145][  T603] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.716077][  T603] bridge0: port 1(bridge_slave_0) entered disabled state
[   33.723458][  T603] device bridge_slave_0 entered promiscuous mode
[   33.731510][  T603] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.738443][  T603] bridge0: port 2(bridge_slave_1) entered disabled state
[   33.746147][  T603] device bridge_slave_1 entered promiscuous mode
[   33.809173][  T603] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.816045][  T603] bridge0: port 2(bridge_slave_1) entered forwarding state
[   33.823127][  T603] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.830038][  T603] bridge0: port 1(bridge_slave_0) entered forwarding state
[   33.855257][   T19] bridge0: port 1(bridge_slave_0) entered disabled state
[   33.862577][   T19] bridge0: port 2(bridge_slave_1) entered disabled state
[   33.870697][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   33.878050][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   33.895941][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   33.904020][  T352] bridge0: port 1(bridge_slave_0) entered blocking state
[   33.910960][  T352] bridge0: port 1(bridge_slave_0) entered forwarding state
[   33.918363][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   33.926726][  T352] bridge0: port 2(bridge_slave_1) entered blocking state
[   33.933590][  T352] bridge0: port 2(bridge_slave_1) entered forwarding state
[   33.943017][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   33.945968][  T466] snd-usb-audio: probe of 3-1:0.0 failed with error -2
[   33.958773][  T340] udevd[340]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   33.984026][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   33.998352][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   34.014718][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   34.022952][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   34.030489][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   34.038411][  T603] device veth0_vlan entered promiscuous mode
[   34.074589][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   34.084674][  T603] device veth1_macvtap entered promiscuous mode
[   34.092828][   T10] device bridge_slave_1 left promiscuous mode
[   34.099153][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   34.106890][   T10] device bridge_slave_0 left promiscuous mode
[   34.112919][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   34.121530][   T10] device veth1_macvtap left promiscuous mode
[   34.127526][   T10] device veth0_vlan left promiscuous mode
[   34.162165][  T352] usb 3-1: USB disconnect, device number 3
[   34.264603][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   34.272946][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   34.285749][  T621] loop1: detected capacity change from 0 to 40427
[   34.322588][  T621] F2FS-fs (loop1): invalid crc value
[   34.326609][   T19] usb 5-1: USB disconnect, device number 2
[   34.367477][  T629] input: syz0 as /devices/virtual/input/input4
[   34.370314][  T624] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   34.378630][  T621] F2FS-fs (loop1): Found nat_bits in checkpoint
[   34.449084][  T621] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[   34.488261][  T314] syz-executor.1: attempt to access beyond end of device
[   34.488261][  T314] loop1: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[   34.522238][  T314] syz-executor.1: attempt to access beyond end of device
[   34.522238][  T314] loop1: rw=0, sector=45064, nr_sectors = 8 limit=40427
[   34.582600][  T636] loop3: detected capacity change from 0 to 512
[   34.588192][   T43] kworker/u4:2: attempt to access beyond end of device
[   34.588192][   T43] loop1: rw=2049, sector=40960, nr_sectors = 128 limit=40427
[   34.590454][  T636] EXT4-fs (loop3): external journal device major/minor numbers have changed
[   34.644173][  T636] block device autoloading is deprecated and will be removed.
[   34.654054][  T636] I/O error, dev loop75, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   34.697163][  T636] EXT4-fs (loop3): couldn't read superblock of external journal
[   35.223737][  T466] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   35.235119][  T665] bridge0: port 1(bridge_slave_0) entered blocking state
[   35.242114][  T665] bridge0: port 1(bridge_slave_0) entered disabled state
[   35.253352][  T665] device bridge_slave_0 entered promiscuous mode
[   35.285572][  T665] bridge0: port 2(bridge_slave_1) entered blocking state
[   35.292577][  T665] bridge0: port 2(bridge_slave_1) entered disabled state
[   35.312041][  T665] device bridge_slave_1 entered promiscuous mode
[   35.350560][   T28] kauditd_printk_skb: 27 callbacks suppressed
[   35.350575][   T28] audit: type=1400 audit(1717502999.715:187): avc:  denied  { write } for  pid=685 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   35.377103][  T686] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
[   35.386401][  T686] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
[   35.408727][  T688] netlink: 'syz-executor.2': attribute type 3 has an invalid length.
[   35.433149][  T691] syz-executor.2 (pid 691) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[   35.464449][  T691] fscrypt: AES-128-CTS-CBC using implementation "cts-cbc-aes-aesni"
[   35.473534][  T691] fscrypt: AES-128-CBC-ESSIV using implementation "essiv(cbc-aes-aesni,sha256-avx2)"
[   35.508085][   T28] audit: type=1400 audit(1717502999.875:188): avc:  denied  { create } for  pid=665 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   35.536321][  T665] bridge0: port 2(bridge_slave_1) entered blocking state
[   35.543189][  T665] bridge0: port 2(bridge_slave_1) entered forwarding state
[   35.550411][  T665] bridge0: port 1(bridge_slave_0) entered blocking state
[   35.557180][  T665] bridge0: port 1(bridge_slave_0) entered forwarding state
[   35.570037][   T28] audit: type=1400 audit(1717502999.895:189): avc:  denied  { write } for  pid=665 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   35.594119][  T466] usb 4-1: config 0 has no interfaces?
[   35.594706][   T28] audit: type=1400 audit(1717502999.895:190): avc:  denied  { read } for  pid=665 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   35.599522][  T466] usb 4-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f
[   35.651790][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   35.655981][  T466] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   35.666797][  T352] bridge0: port 1(bridge_slave_0) entered disabled state
[   35.676478][  T466] usb 4-1: config 0 descriptor??
[   35.685745][   T28] audit: type=1400 audit(1717503000.055:191): avc:  denied  { write } for  pid=698 comm="syz-executor.2" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   35.707560][  T352] bridge0: port 2(bridge_slave_1) entered disabled state
[   35.743884][   T28] audit: type=1400 audit(1717503000.055:192): avc:  denied  { add_name } for  pid=698 comm="syz-executor.2" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   35.765918][   T28] audit: type=1400 audit(1717503000.055:193): avc:  denied  { create } for  pid=698 comm="syz-executor.2" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1
[   35.795258][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   35.796259][   T28] audit: type=1400 audit(1717503000.055:194): avc:  denied  { associate } for  pid=698 comm="syz-executor.2" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   35.803672][    T6] bridge0: port 1(bridge_slave_0) entered blocking state
[   35.831894][    T6] bridge0: port 1(bridge_slave_0) entered forwarding state
[   35.845355][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   35.853596][  T705] syz-executor.2[705] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   35.853656][  T705] syz-executor.2[705] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   35.865520][    T6] bridge0: port 2(bridge_slave_1) entered blocking state
[   35.883740][    T6] bridge0: port 2(bridge_slave_1) entered forwarding state
[   35.898716][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   35.906885][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   35.923220][  T665] device veth0_vlan entered promiscuous mode
[   35.941055][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   35.949646][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   35.972440][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   35.980750][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   36.003500][  T665] device veth1_macvtap entered promiscuous mode
[   36.023762][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   36.031128][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   36.039704][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   36.048302][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   36.056964][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   36.073994][   T10] device bridge_slave_1 left promiscuous mode
[   36.080427][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.088652][   T10] device bridge_slave_0 left promiscuous mode
[   36.095006][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.111023][   T10] device veth1_macvtap left promiscuous mode
[   36.117040][   T10] device veth0_vlan left promiscuous mode
[   36.129327][   T60] usb 4-1: USB disconnect, device number 2
[   36.308802][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   36.319447][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   36.327817][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   36.336187][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   36.400002][   T28] audit: type=1400 audit(1717503000.765:195): avc:  denied  { ioctl } for  pid=738 comm="syz-executor.4" path="socket:[16886]" dev="sockfs" ino=16886 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   36.426163][   T28] audit: type=1400 audit(1717503000.765:196): avc:  denied  { bind } for  pid=738 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   36.463360][  T742] device pim6reg1 entered promiscuous mode
[   36.587169][  T748] syz-executor.1[748] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   36.587246][  T748] syz-executor.1[748] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   36.642928][  T756] syz-executor.2[756] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   36.654566][  T756] syz-executor.2[756] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   36.675495][  T758] wireguard: wg1: Could not create IPv6 socket
[   36.715648][  T760] netlink: 'syz-executor.0': attribute type 3 has an invalid length.
[   36.801492][  T774] binder: 772:774 ioctl 400c620e 200028c0 returned -22
[   36.809363][  T778] syz-executor.3[778] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   36.809441][  T778] syz-executor.3[778] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   36.893195][  T788] loop0: detected capacity change from 0 to 512
[   36.930647][  T794] wireguard: wg1: Could not create IPv6 socket
[   36.943130][  T788] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   36.952671][  T788] ext4 filesystem being mounted at /root/syzkaller-testdir4107712192/syzkaller.G0B40U/5/file0 supports timestamps until 2038 (0x7fffffff)
[   36.980597][  T603] EXT4-fs (loop0): unmounting filesystem.
[   37.009592][  T802] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'.
[   37.030202][  T802] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'.
[   37.041487][  T805] netlink: 'syz-executor.0': attribute type 3 has an invalid length.
[   37.071500][  T810] syz-executor.4[810] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   37.071555][  T810] syz-executor.4[810] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   37.116439][  T815] netlink: 166 bytes leftover after parsing attributes in process `syz-executor.3'.
[   37.190622][  T818] loop0: detected capacity change from 0 to 2048
[   37.224688][  T818] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   37.257744][  T818] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 234: padding at end of block bitmap is not set
[   37.273285][  T818] EXT4-fs (loop0): Remounting filesystem read-only
[   37.302988][  T603] EXT4-fs (loop0): unmounting filesystem.
[   37.318224][  T836] KVM: debugfs: duplicate directory 836-5
[   37.341901][  T840] netlink: 'syz-executor.0': attribute type 3 has an invalid length.
[   37.525365][  T865] wireguard: wg1: Could not create IPv6 socket
[   37.604847][  T871] binder: 870:871 ioctl 400c620e 200028c0 returned -22
[   37.658862][  T876] loop0: detected capacity change from 0 to 512
[   37.704631][  T876] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   37.740584][  T876] ext4 filesystem being mounted at /root/syzkaller-testdir4107712192/syzkaller.G0B40U/14/file0 supports timestamps until 2038 (0x7fffffff)
[   37.759955][  T887] device syzkaller0 entered promiscuous mode
[   37.778420][  T883] netlink: 'syz-executor.4': attribute type 3 has an invalid length.
[   37.826712][  T603] EXT4-fs (loop0): unmounting filesystem.
[   37.947544][  T915] loop2: detected capacity change from 0 to 512
[   37.971693][  T919] syz-executor.1[919] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   37.971771][  T919] syz-executor.1[919] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   38.046214][  T925] device syzkaller0 entered promiscuous mode
[   38.058822][  T932] loop1: detected capacity change from 0 to 512
[   38.084432][  T935] KVM: debugfs: duplicate directory 935-5
[   38.086518][  T915] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   38.090448][  T932] EXT4-fs: Ignoring removed mblk_io_submit option
[   38.114211][  T915] ext4 filesystem being mounted at /root/syzkaller-testdir2682739372/syzkaller.NVWyX6/38/file0 supports timestamps until 2038 (0x7fffffff)
[   38.120017][  T932] ext2: Unknown parameter 'mask'
[   38.156962][  T318] EXT4-fs (loop2): unmounting filesystem.
[   38.189077][  T939] kvm [938]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010006 data 0x0
[   38.223758][   T37] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   38.328802][  T956] syz-executor.2[956] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   38.328885][  T956] syz-executor.2[956] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   38.372269][  T959] loop2: detected capacity change from 0 to 128
[   38.533862][  T466] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   38.569814][  T967] device syzkaller0 entered promiscuous mode
[   38.644374][   T37] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   38.729496][   T37] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   38.815178][   T37] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[   38.849354][   T37] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   38.873456][   T37] usb 1-1: config 0 descriptor??
[   38.896194][  T976] kvm [975]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010006 data 0x0
[   38.913895][  T466] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   38.931658][  T466] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   38.941457][  T466] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   38.950650][  T466] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   38.976694][  T466] usb 4-1: config 0 descriptor??
[   39.013796][  T320] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   39.168145][ T1006] overlayfs: invalid redirect ((null))
[   39.223779][ T1008] netlink: 166 bytes leftover after parsing attributes in process `syz-executor.4'.
[   39.263770][  T320] usb 3-1: Using ep0 maxpacket: 8
[   39.296365][ T1014] overlayfs: './file1' not a directory
[   39.339785][ T1014] fuse: Unknown parameter './file0'
[   39.355360][   T37] hid-led 0003:27B8:01ED.0002: unbalanced delimiter at end of report description
[   39.365266][   T37] hid-led: probe of 0003:27B8:01ED.0002 failed with error -22
[   39.444075][  T466] hid (null): bogus close delimiter
[   39.453881][  T320] usb 3-1: unable to get BOS descriptor or descriptor too short
[   39.567212][  T320] usb 3-1: config 0 has no interfaces?
[   39.574446][  T728] usb 1-1: USB disconnect, device number 2
[   39.843911][  T320] usb 3-1: string descriptor 0 read error: -22
[   39.850517][  T320] usb 3-1: New USB device found, idVendor=046d, idProduct=c29b, bcdDevice= 0.40
[   39.859872][  T320] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   39.868847][  T320] usb 3-1: config 0 descriptor??
[   39.963787][  T466] usb 4-1: string descriptor 0 read error: -71
[   39.993826][  T466] uclogic 0003:256C:006D.0003: failed retrieving string descriptor #200: -71
[   40.002970][  T466] uclogic 0003:256C:006D.0003: failed retrieving pen parameters: -71
[   40.012229][  T466] uclogic 0003:256C:006D.0003: failed probing pen v2 parameters: -71
[   40.020841][  T466] uclogic 0003:256C:006D.0003: failed probing parameters: -71
[   40.028519][  T466] uclogic: probe of 0003:256C:006D.0003 failed with error -71
[   40.037140][  T466] usb 4-1: USB disconnect, device number 3
[   40.941018][  T319] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   40.996263][ T1132] netlink: 'syz-executor.1': attribute type 4 has an invalid length.
[   41.342886][   T28] kauditd_printk_skb: 41 callbacks suppressed
[   41.342898][   T28] audit: type=1400 audit(1717503005.705:238): avc:  denied  { map } for  pid=1147 comm="syz-executor.3" path="pipe:[18956]" dev="pipefs" ino=18956 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[   41.353808][  T319] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[   41.451426][  T319] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   41.474382][  T319] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   41.493884][  T319] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[   41.510208][  T320] usb 3-1: USB disconnect, device number 4
[   41.586282][  T319] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[   41.596110][  T319] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[   41.747123][  T466] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   41.827434][  T319] usb 1-1: Manufacturer: syz
[   41.899010][  T319] usb 1-1: config 0 descriptor??
[   42.103755][  T466] usb 5-1: Using ep0 maxpacket: 32
[   42.233849][  T466] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[   42.304295][  T466] usb 5-1: language id specifier not provided by device, defaulting to English
[   42.390529][ T1193] loop1: detected capacity change from 0 to 2048
[   42.404858][  T319] appleir 0003:05AC:8243.0004: unknown main item tag 0x0
[   42.409280][ T1193] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   42.412394][  T319] appleir 0003:05AC:8243.0004: No inputs registered, leaving
[   42.428827][  T319] appleir 0003:05AC:8243.0004: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0
[   42.477628][ T1193] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Corrupt filesystem
[   42.487390][ T1193] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error
[   42.499291][ T1193] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Corrupt filesystem
[   42.509323][ T1193] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error
[   42.521323][ T1193] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Corrupt filesystem
[   42.531324][ T1193] EXT4-fs error (device loop1): ext4_punch_hole:4142: inode #18: comm syz-executor.1: mark_inode_dirty error
[   42.543443][ T1197] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #18: block 112: comm syz-executor.1: lblock 0 mapped to illegal pblock 112 (length 1)
[   42.558324][  T728] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   42.559525][ T1197] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #18: block 112: comm syz-executor.1: lblock 0 mapped to illegal pblock 112 (length 1)
[   42.589581][  T665] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #2: block 16: comm syz-executor.1: lblock 0 mapped to illegal pblock 16 (length 1)
[   42.607910][  T665] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Corrupt filesystem
[   42.618493][  T665] EXT4-fs (loop1): unmounting filesystem.
[   42.673985][  T466] usb 5-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.40
[   42.683885][  T466] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   42.692949][  T466] usb 5-1: Manufacturer: ☳쵐㝓⸱畿쵧ᾳ쬿琋肪潵痨䭣藖倓뚊픓쓨⻚ꉇ싶ﱴ鼴䮒尝豓ᘏഭ痓ế瑲硖⹍让윹⚯룐變ج쀓늏㹑팊ໆ뛾㊚禎螗踌똴ᝑᐹ莄煘甅Ӟ꧔둉皔ཌ㺯䠠ࠛ槼䲽翅챰ᠯᖹꏃ鷭᪕ᰃꊠ䊆둅慹节爅괒ὠ顎…ጸ﯎񈥡
[   42.725618][  T466] usb 5-1: SerialNumber: syz
[   42.731426][  T319] usb 1-1: USB disconnect, device number 3
[   42.764732][  T466] usbhid 5-1:1.0: couldn't find an input interrupt endpoint
[   42.835927][ T1200] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.842776][ T1200] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.850491][ T1200] device bridge_slave_0 entered promiscuous mode
[   42.859937][ T1200] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.867119][ T1200] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.874800][ T1200] device bridge_slave_1 entered promiscuous mode
[   42.923873][  T728] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[   42.943137][ T1200] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.950092][ T1200] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.957211][ T1200] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.964011][ T1200] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.976732][   T60] usb 5-1: USB disconnect, device number 3
[   42.998796][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   43.006423][  T352] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.014109][  T352] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.036646][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   43.045478][    T6] bridge0: port 1(bridge_slave_0) entered blocking state
[   43.052328][    T6] bridge0: port 1(bridge_slave_0) entered forwarding state
[   43.059879][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   43.068120][    T6] bridge0: port 2(bridge_slave_1) entered blocking state
[   43.075012][    T6] bridge0: port 2(bridge_slave_1) entered forwarding state
[   43.086818][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   43.094664][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   43.113341][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   43.124463][ T1200] device veth0_vlan entered promiscuous mode
[   43.130675][  T728] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[   43.143108][   T28] audit: type=1400 audit(1717503007.515:239): avc:  denied  { setopt } for  pid=1208 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   43.163945][  T728] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   43.171832][  T728] usb 3-1: Product: syz
[   43.175830][  T728] usb 3-1: Manufacturer: syz
[   43.180191][  T728] usb 3-1: SerialNumber: syz
[   43.188848][ T1200] device veth1_macvtap entered promiscuous mode
[   43.196142][  T728] usb 3-1: config 0 descriptor??
[   43.201895][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   43.204255][   T28] audit: type=1400 audit(1717503007.575:240): avc:  denied  { setopt } for  pid=1210 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   43.214057][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   43.250721][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   43.260913][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   43.280364][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   43.297288][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   43.315311][    T8] device bridge_slave_1 left promiscuous mode
[   43.321257][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   43.337690][    T8] device bridge_slave_0 left promiscuous mode
[   43.341665][   T28] audit: type=1400 audit(1717503007.705:241): avc:  denied  { append } for  pid=1222 comm="syz-executor.1" name="001" dev="devtmpfs" ino=144 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   43.344029][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   43.381653][    T8] device veth1_macvtap left promiscuous mode
[   43.389104][   T28] audit: type=1326 audit(1717503007.765:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1224 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc86267cee9 code=0x0
[   43.390318][    T8] device veth0_vlan left promiscuous mode
[   43.455469][  T728] snd-usb-audio: probe of 3-1:0.0 failed with error -2
[   43.471637][  T340] udevd[340]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[   43.523874][    T6] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[   43.611660][   T28] audit: type=1400 audit(1717503007.975:243): avc:  denied  { connect } for  pid=1240 comm="syz-executor.4" lport=250 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   43.632875][   T28] audit: type=1400 audit(1717503007.995:244): avc:  denied  { write } for  pid=1240 comm="syz-executor.4" laddr=172.20.20.10 lport=250 faddr=172.20.20.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   43.663368][   T60] usb 3-1: USB disconnect, device number 5
[   43.883517][   T28] audit: type=1400 audit(1717503008.245:245): avc:  denied  { mounton } for  pid=1247 comm="syz-executor.4" path="/root/syzkaller-testdir2906598418/syzkaller.NSevoM/101/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   43.910743][    T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   43.921817][    T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 255, setting to 64
[   43.932621][    T6] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   43.945655][    T6] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   43.954723][    T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   43.973971][    T6] usb 1-1: config 0 descriptor??
[   43.994343][ T1213] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   44.113094][ T1256] loop4: detected capacity change from 0 to 2048
[   44.126843][ T1256] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   44.173556][ T1256] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5870: Corrupt filesystem
[   44.188980][ T1256] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm syz-executor.4: mark_inode_dirty error
[   44.201440][ T1256] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5870: Corrupt filesystem
[   44.211327][ T1256] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm syz-executor.4: mark_inode_dirty error
[   44.226815][ T1256] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5870: Corrupt filesystem
[   44.256985][ T1256] EXT4-fs error (device loop4): ext4_punch_hole:4142: inode #18: comm syz-executor.4: mark_inode_dirty error
[   44.269774][ T1266] loop3: detected capacity change from 0 to 128
[   44.299617][ T1264] EXT4-fs error (device loop4): ext4_map_blocks:607: inode #18: block 112: comm syz-executor.4: lblock 0 mapped to illegal pblock 112 (length 1)
[   44.317478][ T1264] EXT4-fs error (device loop4): ext4_map_blocks:607: inode #18: block 112: comm syz-executor.4: lblock 0 mapped to illegal pblock 112 (length 1)
[   44.381001][ T1270] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[   44.391673][  T401] EXT4-fs error (device loop4): ext4_map_blocks:607: inode #2: block 16: comm syz-executor.4: lblock 0 mapped to illegal pblock 16 (length 1)
[   44.420575][  T401] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5870: Corrupt filesystem
[   44.432819][  T401] EXT4-fs (loop4): unmounting filesystem.
[   44.444762][    T6] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[   44.452084][    T6] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[   44.470557][    T6] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[   44.478594][    T6] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[   44.494569][    T6] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[   44.501893][    T6] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[   44.512562][    T6] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[   44.520915][    T6] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[   44.528619][    T6] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving
[   44.543444][    T6] plantronics 0003:047F:FFFF.0005: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[   44.927027][  T728] usb 1-1: USB disconnect, device number 4
[   45.054736][ T1296] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.061704][ T1296] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.069819][ T1296] device bridge_slave_0 entered promiscuous mode
[   45.077108][ T1296] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.085037][ T1296] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.092522][ T1296] device bridge_slave_1 entered promiscuous mode
[   45.178702][ T1296] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.185621][ T1296] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.192693][ T1296] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.199497][ T1296] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.236260][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   45.245050][  T728] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.252744][  T728] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.276295][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   45.285025][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.291930][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[   45.299604][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   45.308937][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.315920][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.323537][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   45.355059][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   45.364091][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   45.377972][ T1296] device veth0_vlan entered promiscuous mode
[   45.397262][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   45.405986][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   45.413457][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   45.427956][ T1296] device veth1_macvtap entered promiscuous mode
[   45.440031][  T349] device bridge_slave_1 left promiscuous mode
[   45.459858][  T349] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.480225][  T349] device bridge_slave_0 left promiscuous mode
[   45.488882][  T349] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.497384][  T349] device veth1_macvtap left promiscuous mode
[   45.503392][  T349] device veth0_vlan left promiscuous mode
[   45.600900][   T28] audit: type=1326 audit(1717503009.965:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1324 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe177a7cee9 code=0x0
[   45.710722][   T28] audit: type=1400 audit(1717503010.075:247): avc:  denied  { create } for  pid=1333 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   45.846861][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   46.168267][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   46.177449][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   46.191300][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   46.202860][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   46.312272][ T1327] loop1: detected capacity change from 0 to 40427
[   46.375853][ T1327] F2FS-fs (loop1): Found nat_bits in checkpoint
[   46.388546][   T28] kauditd_printk_skb: 2 callbacks suppressed
[   46.388562][   T28] audit: type=1400 audit(1717503010.755:250): avc:  denied  { relabelfrom } for  pid=1352 comm="syz-executor.3" name="" dev="pipefs" ino=19829 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[   46.388578][ T1353] SELinux:  Context system_u:object_r:dhcp_state_t:s0 is not valid (left unmapped).
[   46.508575][ T1357] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   46.527938][ T1327] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   46.559637][   T28] audit: type=1400 audit(1717503010.755:251): avc:  denied  { relabelto } for  pid=1352 comm="syz-executor.3" name="" dev="pipefs" ino=19829 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1 trawcon="system_u:object_r:dhcp_state_t:s0"
[   46.587604][   T28] audit: type=1400 audit(1717503010.875:252): avc:  denied  { connect } for  pid=1354 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   46.609289][ T1362] netlink: 'syz-executor.3': attribute type 27 has an invalid length.
[   46.617807][   T28] audit: type=1400 audit(1717503010.875:253): avc:  denied  { write } for  pid=1354 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   46.618441][ T1200] syz-executor.1: attempt to access beyond end of device
[   46.618441][ T1200] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   47.027406][ T1362] bridge0: port 3(syz_tun) entered disabled state
[   47.035376][ T1362] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.042528][ T1362] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.181819][   T28] audit: type=1400 audit(1717503011.545:254): avc:  denied  { read } for  pid=1379 comm="syz-executor.3" name="usbmon7" dev="devtmpfs" ino=160 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   47.232266][   T28] audit: type=1400 audit(1717503011.545:255): avc:  denied  { open } for  pid=1379 comm="syz-executor.3" path="/dev/usbmon7" dev="devtmpfs" ino=160 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   47.268521][   T28] audit: type=1400 audit(1717503011.545:256): avc:  denied  { write } for  pid=1379 comm="syz-executor.3" name="usbmon7" dev="devtmpfs" ino=160 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   47.313533][   T28] audit: type=1400 audit(1717503011.675:257): avc:  denied  { ioctl } for  pid=1387 comm="syz-executor.4" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=19868 ioctlcmd=0xaa01 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   47.724686][  T319] kernel read not supported for file /usbmon7 (pid: 319 comm: kworker/1:2)
[   47.830839][   T28] audit: type=1400 audit(1717503012.175:258): avc:  denied  { mounton } for  pid=1415 comm="syz-executor.1" path="/root/syzkaller-testdir3023245041/syzkaller.i7GM2A/13/file1/bus" dev="tmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   47.858929][   T28] audit: type=1400 audit(1717503012.175:259): avc:  denied  { unlink } for  pid=1415 comm="syz-executor.1" name="#b" dev="tmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   47.926208][ T1418] SELinux:  Context d is not valid (left unmapped).
[   48.106707][   T45] Bluetooth: hci0: sending frame failed (-49)
[   48.112676][ T1396] Bluetooth: hci0: Opcode 0x1003 failed: -49
[   48.133557][ T1438] device pim6reg1 entered promiscuous mode
[   48.182915][ T1443] loop4: detected capacity change from 0 to 512
[   48.227418][ T1443] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   48.243054][ T1443] ext4 filesystem being mounted at /root/syzkaller-testdir1384711477/syzkaller.EmYmws/10/file0 supports timestamps until 2038 (0x7fffffff)
[   48.309227][ T1296] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #11: comm syz-executor.4: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
[   48.326921][ T1296] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #11: comm syz-executor.4: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
[   48.367970][ T1453] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   48.405509][ T1296] EXT4-fs (loop4): unmounting filesystem.
[   48.434094][ T1454] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[   48.446475][ T1296] syz-executor.4 (1296) used greatest stack depth: 20896 bytes left
[   48.544201][ T1454] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.551251][ T1454] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.745089][ T1458] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.752159][ T1458] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.770980][ T1458] device bridge_slave_0 entered promiscuous mode
[   48.785767][ T1458] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.800344][ T1458] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.826392][ T1458] device bridge_slave_1 entered promiscuous mode
[   49.056602][ T1458] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.063555][ T1458] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.070871][ T1458] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.078430][ T1458] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.155755][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   49.163545][    T6] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.171087][    T6] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.196338][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   49.208707][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.215636][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.240695][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   49.266752][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.273744][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.306045][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   49.321850][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   49.329989][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   49.338710][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   49.355661][    T8] device bridge_slave_1 left promiscuous mode
[   49.361924][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.370016][    T8] device bridge_slave_0 left promiscuous mode
[   49.376547][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.387195][    T8] device veth1_macvtap left promiscuous mode
[   49.397444][    T8] device veth0_vlan left promiscuous mode
[   49.423770][ T1165] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   49.596279][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   49.601692][ T1505] loop2: detected capacity change from 0 to 512
[   49.604864][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   49.778968][ T1165] usb 2-1: Using ep0 maxpacket: 32
[   49.855995][ T1505] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   49.865743][ T1505] ext4 filesystem being mounted at /root/syzkaller-testdir2682739372/syzkaller.NVWyX6/74/file0 supports timestamps until 2038 (0x7fffffff)
[   49.896940][ T1458] device veth0_vlan entered promiscuous mode
[   49.906862][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   49.915125][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   49.921845][  T318] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #11: comm syz-executor.2: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
[   49.931944][ T1458] device veth1_macvtap entered promiscuous mode
[   49.946419][  T318] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #11: comm syz-executor.2: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)
[   49.947999][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   49.964475][ T1165] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[   49.971384][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   49.994702][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   50.002960][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   50.011402][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   50.023834][ T1165] usb 2-1: language id specifier not provided by device, defaulting to English
[   50.036844][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   50.045118][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   50.053448][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   50.062905][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   50.126318][  T318] EXT4-fs (loop2): unmounting filesystem.
[   50.363931][   T60] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[   50.421813][ T1516] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.433897][ T1165] usb 2-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.40
[   50.443409][ T1516] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.450713][ T1165] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   50.459352][ T1516] device bridge_slave_0 entered promiscuous mode
[   50.465817][ T1165] usb 2-1: Manufacturer: ☳쵐㝓⸱畿쵧ᾳ쬿琋肪潵痨䭣藖倓뚊픓쓨⻚ꉇ싶ﱴ鼴䮒尝豓ᘏഭ痓ế瑲硖⹍让윹⚯룐變ج쀓늏㹑팊ໆ뛾㊚禎螗踌똴ᝑᐹ莄煘甅Ӟ꧔둉皔ཌ㺯䠠ࠛ槼䲽翅챰ᠯᖹꏃ鷭᪕ᰃꊠ䊆둅慹节爅괒ὠ顎…ጸ﯎񈥡
[   50.498088][ T1516] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.505397][ T1516] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.512869][ T1516] device bridge_slave_1 entered promiscuous mode
[   50.524655][ T1165] usb 2-1: SerialNumber: syz
[   50.585216][ T1165] usbhid 2-1:1.0: couldn't find an input interrupt endpoint
[   50.697975][ T1516] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.704881][ T1516] bridge0: port 2(bridge_slave_1) entered forwarding state
[   50.711964][ T1516] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.718768][ T1516] bridge0: port 1(bridge_slave_0) entered forwarding state
[   50.723930][   T60] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   50.743356][ T1532] loop0: detected capacity change from 0 to 512
[   50.752612][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   50.757242][   T60] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[   50.769676][   T60] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 512, setting to 64
[   50.780367][ T1165] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.780724][   T60] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[   50.797783][  T319] usb 2-1: USB disconnect, device number 3
[   50.807631][ T1165] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.808461][ T1532] EXT4-fs error (device loop0): ext4_orphan_get:1396: inode #15: comm syz-executor.0: iget: bad extended attribute block 65536
[   50.841077][ T1532] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor.0: couldn't read orphan inode 15 (err -117)
[   50.853844][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   50.862062][   T24] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.868950][   T24] bridge0: port 1(bridge_slave_0) entered forwarding state
[   50.873819][   T60] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   50.877524][ T1532] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   50.891719][   T60] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   50.914066][   T60] usb 5-1: SerialNumber: syz
[   50.914326][    T8] device bridge_slave_1 left promiscuous mode
[   50.925923][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.933414][    T8] device bridge_slave_0 left promiscuous mode
[   50.940458][  T603] EXT4-fs (loop0): unmounting filesystem.
[   50.941389][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.953366][ T1511] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[   50.969136][   T60] cdc_acm 5-1:1.0: Control and data interfaces are not separated!
[   50.970931][    T8] device veth1_macvtap left promiscuous mode
[   50.984080][   T60] cdc_acm: probe of 5-1:1.0 failed with error -12
[   50.994867][    T8] device veth0_vlan left promiscuous mode
[   51.163482][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   51.171624][  T728] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.178540][  T728] bridge0: port 2(bridge_slave_1) entered forwarding state
[   51.192499][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   51.200621][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   52.192395][   T28] kauditd_printk_skb: 20 callbacks suppressed
[   52.192479][   T28] audit: type=1400 audit(1717503016.555:280): avc:  denied  { getopt } for  pid=1545 comm="syz-executor.0" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   52.448035][  T728] usb 5-1: USB disconnect, device number 4
[   52.462204][ T1516] device veth0_vlan entered promiscuous mode
[   52.484279][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   52.502331][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   52.510582][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   52.518776][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   52.559543][ T1516] device veth1_macvtap entered promiscuous mode
[   52.566603][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   52.575824][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   52.583929][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   52.593565][ T1560] device pim6reg1 entered promiscuous mode
[   52.612126][ T1562] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[   52.622065][ T1562] tipc: Started in network mode
[   52.627052][ T1562] tipc: Node identity 6, cluster identity 4711
[   52.633062][ T1562] tipc: Node number set to 6
[   52.640799][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   52.656021][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   52.665921][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   52.674924][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   52.689132][ T1564] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[   52.706633][   T28] audit: type=1400 audit(1717503017.075:281): avc:  denied  { write } for  pid=1563 comm="syz-executor.1" name="task" dev="proc" ino=20930 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[   52.734858][   T28] audit: type=1400 audit(1717503017.095:282): avc:  denied  { add_name } for  pid=1563 comm="syz-executor.1" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[   52.755636][   T28] audit: type=1400 audit(1717503017.095:283): avc:  denied  { create } for  pid=1563 comm="syz-executor.1" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1
[   52.790879][   T28] audit: type=1400 audit(1717503017.095:284): avc:  denied  { associate } for  pid=1563 comm="syz-executor.1" name="file0" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   52.858061][ T1577] loop4: detected capacity change from 0 to 512
[   52.874423][ T1577] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[   52.918199][ T1577] EXT4-fs (loop4): warning: checktime reached, running e2fsck is recommended
[   52.930501][ T1577] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c01c, mo2=0002]
[   52.947918][ T1577] System zones: 0-2, 18-18, 34-34
[   52.977877][ T1577] EXT4-fs error (device loop4): ext4_orphan_get:1422: comm syz-executor.4: bad orphan inode 15
[   53.024026][ T1577] ext4_test_bit(bit=14, block=18) = 1
[   53.029496][ T1577] is_bad_inode(inode)=0
[   53.041191][ T1577] NEXT_ORPHAN(inode)=2264924160
[   53.049447][ T1577] max_ino=32
[   53.059418][ T1577] i_nlink=0
[   53.064770][ T1577] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended
[   53.076108][ T1591] fscrypt: Adiantum using implementation "adiantum(xchacha12-simd,aes-aesni,nhpoly1305-generic)"
[   53.111716][ T1577] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor.4: bg 0: block 80: padding at end of block bitmap is not set
[   53.156097][ T1577] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6157: Corrupt filesystem
[   53.184138][ T1577] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   53.244654][ T1458] EXT4-fs (loop4): unmounting filesystem.
[   53.495812][   T28] audit: type=1326 audit(1717503017.865:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1647 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe177a7cee9 code=0x0
[   53.763403][ T1673] loop1: detected capacity change from 0 to 256
[   53.829752][ T1673] syz-executor.1: attempt to access beyond end of device
[   53.829752][ T1673] loop1: rw=2049, sector=256, nr_sectors = 12 limit=256
[   53.927409][ T1679] geneve1: tun_chr_ioctl cmd 1074025681
[   54.463982][   T28] audit: type=1400 audit(1717503018.825:286): avc:  denied  { create } for  pid=1687 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   54.497705][ T1695] loop0: detected capacity change from 0 to 512
[   54.615692][ T1695] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   54.628803][ T1695] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[   54.832463][ T1695] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor.0: casefold flag without casefold feature
[   54.856287][ T1695] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a016e02c, mo2=0002]
[   54.864696][ T1695] System zones: 0-2, 18-18, 34-35
[   54.870108][ T1695] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   55.214231][  T603] EXT4-fs (loop0): unmounting filesystem.
[   55.242377][   T28] audit: type=1400 audit(1717503019.605:287): avc:  denied  { map } for  pid=1710 comm="syz-executor.4" path="socket:[21622]" dev="sockfs" ino=21622 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   55.284357][ T1711] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[   55.352006][   T28] audit: type=1400 audit(1717503019.715:288): avc:  denied  { getopt } for  pid=1721 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   55.392181][   T28] audit: type=1400 audit(1717503019.755:289): avc:  denied  { shutdown } for  pid=1726 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   55.631450][ T1742] loop1: detected capacity change from 0 to 512
[   56.318887][ T1742] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[   56.556343][ T1742] EXT4-fs error (device loop1): __ext4_fill_super:5386: inode #2: comm syz-executor.1: casefold flag without casefold feature
[   56.591611][ T1742] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a016e02c, mo2=0002]
[   56.599500][ T1742] System zones: 0-2, 18-18, 34-35
[   56.605051][ T1742] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   56.704021][ T1754] overlayfs: './file0' not a directory
[   56.740698][ T1756] loop3: detected capacity change from 0 to 256
[   56.825880][ T1200] EXT4-fs (loop1): unmounting filesystem.
[   56.843961][ T1753] loop4: detected capacity change from 0 to 256
[   56.876739][ T1753] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[   56.909934][ T1767] loop2: detected capacity change from 0 to 128
[   56.962174][ T1767] FAT-fs (loop2): error, clusters badly computed (104 != 1)
[   56.975755][ T1767] FAT-fs (loop2): Filesystem has been set read-only
[   56.981498][ T1773] netem: change failed
[   57.062234][ T1786] loop3: detected capacity change from 0 to 2048
[   57.133434][ T1788] loop1: detected capacity change from 0 to 512
[   57.141786][ T1788] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[   57.248639][ T1788] EXT4-fs error (device loop1): __ext4_fill_super:5386: inode #2: comm syz-executor.1: casefold flag without casefold feature
[   57.262832][ T1788] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a016e02c, mo2=0002]
[   57.271742][ T1788] System zones: 0-2, 18-18, 34-35
[   57.279706][ T1788] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   57.703840][ T1786] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   57.758068][   T28] kauditd_printk_skb: 2 callbacks suppressed
[   57.758084][   T28] audit: type=1400 audit(1717503022.125:292): avc:  denied  { map } for  pid=1785 comm="syz-executor.3" path="/root/syzkaller-testdir1961205298/syzkaller.6K8eVA/114/file0/cpuacct.usage_sys" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   57.811184][ T1799] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   57.897092][ T1200] EXT4-fs (loop1): unmounting filesystem.
[   57.903416][ T1799] EXT4-fs (loop3): Remounting filesystem read-only
[   57.950366][ T1808] loop4: detected capacity change from 0 to 128
[   57.966725][ T1799] syz-executor.3 (1799) used greatest stack depth: 20488 bytes left
[   57.987295][  T316] EXT4-fs (loop3): unmounting filesystem.
[   58.000727][ T1810] loop1: detected capacity change from 0 to 512
[   58.021885][ T1808] FAT-fs (loop4): error, clusters badly computed (104 != 1)
[   58.044432][ T1810] EXT4-fs warning (device loop1): ext4_block_to_path:107: block 3279945729 > max in inode 13
[   58.058211][ T1808] FAT-fs (loop4): Filesystem has been set read-only
[   58.060182][ T1810] EXT4-fs warning (device loop1): ext4_block_to_path:107: block 3279945730 > max in inode 13
[   58.087840][ T1810] EXT4-fs (loop1): 1 truncate cleaned up
[   58.099734][ T1810] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   58.129490][ T1810] fscrypt (loop1, inode 2): Error -61 getting encryption context
[   58.130113][   T28] audit: type=1400 audit(1717503022.495:293): avc:  denied  { setattr } for  pid=1809 comm="syz-executor.1" path="/root/syzkaller-testdir3023245041/syzkaller.i7GM2A/56/file0" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   58.224269][ T1200] EXT4-fs (loop1): unmounting filesystem.
[   58.230401][   T28] audit: type=1326 audit(1717503022.575:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1809 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f75a7cee9 code=0x7ffc0000
[   58.255657][   T28] audit: type=1326 audit(1717503022.575:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1809 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0f75a7cee9 code=0x7ffc0000
[   58.281064][   T28] audit: type=1326 audit(1717503022.575:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1809 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f75a7cee9 code=0x7ffc0000
[   58.305227][   T28] audit: type=1326 audit(1717503022.575:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1809 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f0f75a7cee9 code=0x7ffc0000
[   58.330278][   T28] audit: type=1326 audit(1717503022.575:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1809 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f75a7cee9 code=0x7ffc0000
[   58.376255][ T1815] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.383211][ T1815] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.396400][ T1815] device bridge_slave_0 entered promiscuous mode
[   58.403389][ T1815] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.410511][ T1815] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.418187][ T1815] device bridge_slave_1 entered promiscuous mode
[   58.454839][ T1832] loop1: detected capacity change from 0 to 256
[   58.470691][ T1832] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[   58.491312][   T28] audit: type=1400 audit(1717503022.855:299): avc:  denied  { read write } for  pid=1831 comm="syz-executor.1" name="file1" dev="loop1" ino=1048633 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   58.515351][   T28] audit: type=1400 audit(1717503022.855:300): avc:  denied  { open } for  pid=1831 comm="syz-executor.1" path="/root/syzkaller-testdir3023245041/syzkaller.i7GM2A/58/file2/file1" dev="loop1" ino=1048633 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   58.604061][   T10] device bridge_slave_1 left promiscuous mode
[   58.611566][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.620453][   T10] device bridge_slave_0 left promiscuous mode
[   58.626567][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.635208][   T10] device veth1_macvtap left promiscuous mode
[   58.641229][   T10] device veth0_vlan left promiscuous mode
[   58.741940][ T1848] loop1: detected capacity change from 0 to 2048
[   58.749939][ T1848] EXT4-fs: Ignoring removed mblk_io_submit option
[   58.768626][ T1848] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   58.858602][ T1821] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.873756][ T1821] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.882030][ T1821] device bridge_slave_0 entered promiscuous mode
[   58.903469][ T1821] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.910489][ T1821] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.918056][ T1821] device bridge_slave_1 entered promiscuous mode
[   58.924704][ T1830] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.931729][ T1830] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.939852][ T1830] device bridge_slave_0 entered promiscuous mode
[   58.968689][ T1830] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.975633][ T1830] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.982988][ T1830] device bridge_slave_1 entered promiscuous mode
[   59.012514][ T1815] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.020028][ T1815] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.027263][ T1815] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.034435][ T1815] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.047440][ T1848] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 234: padding at end of block bitmap is not set
[   59.062683][ T1848] EXT4-fs (loop1): Remounting filesystem read-only
[   59.135412][  T728] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.143151][  T728] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.179282][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   59.187057][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.194576][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   59.202940][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   59.211105][  T728] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.218096][  T728] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.223539][ T1200] EXT4-fs (loop1): unmounting filesystem.
[   59.225974][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   59.249559][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   59.264785][  T728] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.271673][  T728] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.285584][ T1858] netlink: 'syz-executor.3': attribute type 1 has an invalid length.
[   59.320796][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   59.329104][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   59.337187][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   59.345279][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   59.372136][ T1815] device veth0_vlan entered promiscuous mode
[   59.381312][ T1862] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[   59.392941][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   59.402571][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   59.416529][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   59.424578][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   59.437049][ T1866] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[   59.446339][ T1866] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[   59.447196][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   59.462821][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   59.539355][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   59.547556][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   59.558209][ T1815] device veth1_macvtap entered promiscuous mode
[   59.592668][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   59.600216][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   59.608410][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   59.617252][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   59.625521][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   59.639149][ T1874] netem: change failed
[   59.649105][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   59.659475][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.695562][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   59.704602][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   59.712806][   T24] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.719698][   T24] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.727561][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   59.736459][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   59.750455][   T24] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.757381][   T24] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.764872][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   59.772239][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.788342][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   59.793809][    T6] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   59.815646][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   59.824434][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   59.833146][  T466] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.840366][  T466] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.847858][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   59.855987][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   59.864020][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   59.872166][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   59.880443][  T466] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.887317][  T466] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.894529][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   59.902540][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   59.913007][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   59.935283][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   59.943317][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   59.960852][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   59.969660][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   59.995887][ T1821] device veth0_vlan entered promiscuous mode
[   60.008049][ T1830] device veth0_vlan entered promiscuous mode
[   60.019244][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   60.027526][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   60.036565][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   60.044099][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   60.051634][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   60.059957][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   60.067456][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   60.074899][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   60.083054][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   60.091473][ T1887] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[   60.105790][   T10] device bridge_slave_1 left promiscuous mode
[   60.112823][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.120255][   T10] device bridge_slave_0 left promiscuous mode
[   60.126361][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.135055][   T10] device bridge_slave_1 left promiscuous mode
[   60.141627][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.149339][   T10] device bridge_slave_0 left promiscuous mode
[   60.155702][    T6] usb 4-1: config 0 has an invalid interface number: 54 but max is 1
[   60.161298][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.164442][    T6] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   60.180816][    T6] usb 4-1: config 0 has no interface number 1
[   60.187026][    T6] usb 4-1: config 0 interface 54 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[   60.187343][   T10] device veth1_macvtap left promiscuous mode
[   60.196512][    T6] usb 4-1: config 0 interface 0 has no altsetting 0
[   60.202489][   T10] device veth0_vlan left promiscuous mode
[   60.214639][   T24] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   60.339759][ T1821] device veth1_macvtap entered promiscuous mode
[   60.347256][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   60.356625][ T1890] netlink: 176 bytes leftover after parsing attributes in process `syz-executor.2'.
[   60.364013][    T6] usb 4-1: New USB device found, idVendor=0582, idProduct=000c, bcdDevice=c7.66
[   60.368989][ T1830] device veth1_macvtap entered promiscuous mode
[   60.375112][    T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   60.392278][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   60.392427][    T6] usb 4-1: Product: syz
[   60.401052][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   60.404090][    T6] usb 4-1: Manufacturer: syz
[   60.412363][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   60.416392][    T6] usb 4-1: SerialNumber: syz
[   60.424239][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   60.429048][    T6] usb 4-1: config 0 descriptor??
[   60.438737][  T466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   60.456961][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   60.464918][   T24] usb 2-1: Using ep0 maxpacket: 16
[   60.470239][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   60.474786][    T6] usb 4-1: selecting invalid altsetting 0
[   60.479094][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   60.496900][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   60.505433][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   60.513668][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   60.583951][   T24] usb 2-1: config 0 has no interfaces?
[   60.686794][ T1901] loop4: detected capacity change from 0 to 128
[   60.697706][    T6] usb 4-1: USB disconnect, device number 4
[   60.718119][ T1903] EXT4-fs warning (device sda1): ext4_group_extend:1869: can't shrink FS - resize aborted
[   60.727580][ T1901] FAT-fs (loop4): error, clusters badly computed (104 != 1)
[   60.735801][ T1901] FAT-fs (loop4): Filesystem has been set read-only
[   60.753812][   T24] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[   60.762712][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   60.771464][   T24] usb 2-1: Product: syz
[   60.775519][   T24] usb 2-1: Manufacturer: syz
[   60.779940][   T24] usb 2-1: SerialNumber: syz
[   60.785173][   T24] r8152-cfgselector 2-1: config 0 descriptor??
[   61.074041][  T349] usb 2-1: config 0 descriptor??
[   61.142137][ T1912] loop0: detected capacity change from 0 to 1024
[   61.163232][ T1912] EXT4-fs: Ignoring removed orlov option
[   61.175465][ T1912] EXT4-fs: Ignoring removed nomblk_io_submit option
[   61.235164][ T1912] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   61.276979][   T24] usb 2-1: USB disconnect, device number 4
[   61.284098][    T6] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[   61.293939][  T349] usb 2-1: can't set config #0, error -71
[   61.328618][ T1821] EXT4-fs (loop0): unmounting filesystem.
[   61.352269][ T1914] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.366265][ T1914] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.373779][ T1914] device bridge_slave_0 entered promiscuous mode
[   61.382210][ T1914] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.397751][ T1914] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.400209][ T1931] loop3: detected capacity change from 0 to 512
[   61.405360][ T1914] device bridge_slave_1 entered promiscuous mode
[   61.411663][ T1931] EXT4-fs: Ignoring removed bh option
[   61.423293][ T1931] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   61.435331][ T1931] EXT4-fs error (device loop3): ext4_orphan_get:1422: comm syz-executor.3: bad orphan inode 17
[   61.447823][ T1931] EXT4-fs (loop3): Remounting filesystem read-only
[   61.454555][ T1931] ext4_test_bit(bit=16, block=4) = 1
[   61.459613][ T1931] is_bad_inode(inode)=0
[   61.464497][ T1931] NEXT_ORPHAN(inode)=1048336
[   61.470048][ T1929] netem: change failed
[   61.474882][ T1931] max_ino=32
[   61.477985][ T1931] i_nlink=0
[   61.480990][ T1931] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   61.523188][  T316] EXT4-fs (loop3): unmounting filesystem.
[   61.633524][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   61.642385][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   61.643804][    T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   61.660643][   T43] device bridge_slave_1 left promiscuous mode
[   61.670152][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.672267][    T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   61.691595][    T6] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   61.701044][    T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   61.701432][   T43] device bridge_slave_0 left promiscuous mode
[   61.709982][    T6] usb 3-1: config 0 descriptor??
[   61.720802][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.732454][   T43] device veth1_macvtap left promiscuous mode
[   61.739021][   T43] device veth0_vlan left promiscuous mode
[   61.814863][ T1948] loop3: detected capacity change from 0 to 256
[   61.837895][ T1934] loop0: detected capacity change from 0 to 40427
[   61.845123][ T1948] FAT-fs (loop3): Directory bread(block 1285) failed
[   61.849505][ T1951] syz-executor.1[1951] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   61.852758][ T1934] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[   61.862020][ T1951] syz-executor.1[1951] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   61.872364][ T1934] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   61.896599][ T1934] F2FS-fs (loop0): invalid crc value
[   61.912433][ T1934] F2FS-fs (loop0): Found nat_bits in checkpoint
[   61.967939][ T1934] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   61.974894][ T1934] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   62.000899][ T1821] syz-executor.0: attempt to access beyond end of device
[   62.000899][ T1821] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[   62.026634][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   62.035041][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.043310][  T319] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.050291][  T319] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.058299][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   62.066741][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.076772][  T319] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.083647][  T319] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.091102][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   62.099073][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   62.121313][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   62.135788][ T1165] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   62.149159][ T1914] device veth0_vlan entered promiscuous mode
[   62.158638][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   62.167607][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   62.179006][ T1963] loop0: detected capacity change from 0 to 512
[   62.180461][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   62.187540][ T1963] EXT4-fs: Ignoring removed bh option
[   62.206185][ T1963] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   62.216677][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   62.218049][ T1963] EXT4-fs error (device loop0): ext4_orphan_get:1422: comm syz-executor.0: bad orphan inode 17
[   62.226541][ T1914] device veth1_macvtap entered promiscuous mode
[   62.236467][ T1963] EXT4-fs (loop0): Remounting filesystem read-only
[   62.247565][ T1963] ext4_test_bit(bit=16, block=4) = 1
[   62.247776][   T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   62.252711][ T1963] is_bad_inode(inode)=0
[   62.252722][ T1963] NEXT_ORPHAN(inode)=1048336
[   62.252730][ T1963] max_ino=32
[   62.252738][ T1963] i_nlink=0
[   62.252784][ T1963] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   62.289839][  T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   62.325018][ T1821] EXT4-fs (loop0): unmounting filesystem.
[   62.353791][  T728] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   62.499510][   T28] audit: type=1400 audit(1717503026.865:301): avc:  denied  { ioctl } for  pid=1979 comm="syz-executor.0" path="socket:[23239]" dev="sockfs" ino=23239 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   62.675011][ T1995] loop0: detected capacity change from 0 to 512
[   62.681968][ T1995] EXT4-fs: Ignoring removed bh option
[   62.692763][ T1995] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   62.705211][ T1995] EXT4-fs error (device loop0): ext4_orphan_get:1422: comm syz-executor.0: bad orphan inode 17
[   62.715657][  T728] usb 4-1: config index 0 descriptor too short (expected 26989, got 96)
[   62.723963][    T6] uclogic 0003:256C:006D.0006: failed retrieving Huion firmware version: -71
[   62.732569][    T6] uclogic 0003:256C:006D.0006: failed probing parameters: -71
[   62.740315][  T728] usb 4-1: config 101 has too many interfaces: 120, using maximum allowed: 32
[   62.749193][    T6] uclogic: probe of 0003:256C:006D.0006 failed with error -71
[   62.749202][ T1995] EXT4-fs (loop0): Remounting filesystem read-only
[   62.756566][  T728] usb 4-1: config 101 has an invalid descriptor of length 111, skipping remainder of the config
[   62.765062][ T1995] ext4_test_bit(bit=16, block=4) = 1
[   62.779354][    T6] usb 3-1: USB disconnect, device number 6
[   62.787613][  T728] usb 4-1: config 101 has 0 interfaces, different from the descriptor's value: 120
[   62.810554][ T1995] is_bad_inode(inode)=0
[   62.814629][ T1995] NEXT_ORPHAN(inode)=1048336
[   62.819070][ T1995] max_ino=32
[   62.822104][ T1995] i_nlink=0
[   62.825468][ T1995] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   62.881046][ T1821] EXT4-fs (loop0): unmounting filesystem.
[   62.923773][  T728] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   62.932679][  T728] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   62.973779][  T728] usb 4-1: Product: syz
[   62.977800][  T728] usb 4-1: Manufacturer: syz
[   62.994752][ T2002] loop0: detected capacity change from 0 to 2048
[   63.001713][ T2002] EXT4-fs: Ignoring removed mblk_io_submit option
[   63.049869][ T2002] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   63.271795][   T28] kauditd_printk_skb: 21 callbacks suppressed
[   63.271812][   T28] audit: type=1400 audit(1717503027.635:323): avc:  denied  { nlmsg_read } for  pid=2010 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   63.347935][   T28] audit: type=1400 audit(1717503027.715:324): avc:  denied  { read } for  pid=2012 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   63.409312][ T2003] syz-executor.1 (2003) used greatest stack depth: 20352 bytes left
[   63.476516][ T2002] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 234: padding at end of block bitmap is not set
[   63.619064][ T2025] loop4: detected capacity change from 0 to 512
[   63.711004][ T2025] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[   63.711028][ T2002] EXT4-fs (loop0): Remounting filesystem read-only
[   63.744308][ T2025] EXT4-fs error (device loop4): __ext4_fill_super:5386: inode #2: comm syz-executor.4: casefold flag without casefold feature
[   63.762939][ T2025] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a016e02c, mo2=0002]
[   63.770975][ T2025] System zones: 0-2, 18-18, 34-35
[   63.776995][ T2025] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   63.808383][  T728] usb 4-1: USB disconnect, device number 5
[   64.348951][ T1914] EXT4-fs (loop4): unmounting filesystem.
[   64.399777][ T2035] process 'syz-executor.3' launched '/dev/fd/-1' with NULL argv: empty string added
[   64.421133][ T1821] EXT4-fs (loop0): unmounting filesystem.
[   64.633566][ T2062] mmap: syz-executor.0 (2062): VmData 167407616 exceed data ulimit 7. Update limits or use boot option ignore_rlimit_data.
[   64.673621][ T2065] loop0: detected capacity change from 0 to 512
[   64.679952][    T6] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   64.711206][ T2067] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   64.719603][ T2071] syz-executor.1[2071] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   64.719685][ T2071] syz-executor.1[2071] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   64.741246][ T2065] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   64.810017][ T2065] ext4 filesystem being mounted at /root/syzkaller-testdir448227238/syzkaller.ftcdZ0/26/bus supports timestamps until 2038 (0x7fffffff)
[   64.849024][   T28] audit: type=1400 audit(1717503029.215:325): avc:  denied  { unmount } for  pid=1815 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[   64.881363][ T1821] EXT4-fs (loop0): unmounting filesystem.
[   65.043892][    T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   65.061211][    T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   65.071312][    T6] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   65.080916][    T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   65.092093][    T6] usb 5-1: config 0 descriptor??
[   65.243633][ T2093] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[   65.303766][  T319] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   65.321078][ T2130] loop3: detected capacity change from 0 to 40427
[   65.328968][ T2130] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[   65.337417][ T2130] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   65.352599][ T2130] F2FS-fs (loop3): Found nat_bits in checkpoint
[   65.408376][ T2130] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   65.415436][ T2130] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   65.430244][ T2142] kvm: emulating exchange as write
[   65.576875][    T6] hid (null): bogus close delimiter
[   65.713835][  T319] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   65.736727][  T319] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   65.747158][  T319] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   65.756513][  T319] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   65.767089][  T319] usb 1-1: config 0 descriptor??
[   65.784268][    T6] usb 5-1: language id specifier not provided by device, defaulting to English
[   66.085724][   T28] audit: type=1400 audit(1717503030.455:326): avc:  denied  { ioctl } for  pid=2177 comm="syz-executor.1" path="socket:[24909]" dev="sockfs" ino=24909 ioctlcmd=0x48d2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   66.229103][    T6] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0007/input/input5
[   66.242480][   T28] audit: type=1400 audit(1717503030.615:327): avc:  denied  { read } for  pid=87 comm="acpid" name="event3" dev="devtmpfs" ino=510 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   66.254898][    T6] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0007/input/input6
[   66.265096][  T319] hid (null): bogus close delimiter
[   66.289001][   T28] audit: type=1400 audit(1717503030.615:328): avc:  denied  { open } for  pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=510 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   66.296095][    T6] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0007/input/input7
[   66.312903][   T28] audit: type=1400 audit(1717503030.685:329): avc:  denied  { ioctl } for  pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=510 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   66.340316][    T6] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0007/input/input8
[   66.400034][    T6] uclogic 0003:256C:006D.0007: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.4-1/input0
[   66.416699][    T6] usb 5-1: USB disconnect, device number 5
[   66.555362][   T28] audit: type=1326 audit(1717503030.925:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2189 comm=128ECDC7F032938DBE2AB597BA0CCE exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86267cee9 code=0x7ffc0000
[   66.581761][   T28] audit: type=1326 audit(1717503030.925:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2189 comm=128ECDC7F032938DBE2AB597BA0CCE exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc86267cee9 code=0x7ffc0000
[   66.621983][   T28] audit: type=1326 audit(1717503030.925:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2189 comm=128ECDC7F032938DBE2AB597BA0CCE exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7fc86267cee9 code=0x7ffc0000
[   66.773803][  T319] usb 1-1: string descriptor 0 read error: -71
[   66.797531][  T319] uclogic 0003:256C:006D.0008: failed retrieving string descriptor #200: -71
[   66.808205][  T319] uclogic 0003:256C:006D.0008: failed retrieving pen parameters: -71
[   66.817827][  T319] uclogic 0003:256C:006D.0008: failed probing pen v2 parameters: -71
[   66.831704][  T319] uclogic 0003:256C:006D.0008: failed probing parameters: -71
[   66.839744][  T319] uclogic: probe of 0003:256C:006D.0008 failed with error -71
[   66.855049][  T319] usb 1-1: USB disconnect, device number 5
[   66.977827][ T2223] device batadv_slave_1 entered promiscuous mode
[   67.029120][ T2222] device batadv_slave_1 left promiscuous mode
[   67.046830][ T2227] loop1: detected capacity change from 0 to 8192
[   67.094827][ T2227]  loop1: p1 < >
[   67.179877][ T2237] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2237 comm=syz-executor.4
[   67.323000][ T2252] incfs: Options parsing error. -22
[   67.333316][ T2252] incfs: mount failed -22
[   67.380533][ T2258] device batadv_slave_1 entered promiscuous mode
[   67.428485][ T2257] device batadv_slave_1 left promiscuous mode
[   67.463811][    T6] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[   67.625891][ T2284] syz-executor.4[2284] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   67.626016][ T2284] syz-executor.4[2284] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   67.658658][ T2284] loop4: detected capacity change from 0 to 2048
[   67.702888][ T2284] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   67.720090][ T2293] device batadv_slave_1 entered promiscuous mode
[   67.733935][ T2284] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   67.764281][ T2291] device batadv_slave_1 left promiscuous mode
[   67.773420][ T2284] EXT4-fs (loop4): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 16 with error 28
[   67.785762][ T2284] EXT4-fs (loop4): This should not happen!! Data will be lost
[   67.785762][ T2284] 
[   67.795752][ T2284] EXT4-fs (loop4): Total free blocks count 0
[   67.801619][ T2284] EXT4-fs (loop4): Free/Dirty block details
[   67.807471][ T2284] EXT4-fs (loop4): free_blocks=2415919104
[   67.813106][ T2284] EXT4-fs (loop4): dirty_blocks=16
[   67.818458][ T2284] EXT4-fs (loop4): Block reservation details
[   67.824348][ T2284] EXT4-fs (loop4): i_reserved_data_blocks=1
[   67.833874][    T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   67.846140][ T2298] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[   67.853610][    T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   67.870483][ T1914] EXT4-fs (loop4): unmounting filesystem.
[   67.872923][ T2303] incfs: ino conflict with backing FS 1
[   67.876279][  T319] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   67.884296][ T2303] incfs: ino conflict with backing FS 4
[   67.894181][    T6] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[   67.908059][    T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   67.925792][    T6] usb 4-1: config 0 descriptor??
[   68.143725][  T319] usb 1-1: Using ep0 maxpacket: 32
[   68.257694][ T2329] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   68.276998][   T28] kauditd_printk_skb: 26 callbacks suppressed
[   68.277014][   T28] audit: type=1401 audit(1717503032.645:359): op=fscreate invalid_context=0435
[   68.292074][  T319] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   68.307462][  T319] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   68.344473][ T2335] incfs: ino conflict with backing FS 1
[   68.350745][ T2335] incfs: ino conflict with backing FS 4
[   68.382723][ T2339] xt_bpf: check failed: parse error
[   68.413035][ T2344] syz-executor.2[2344] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   68.413340][ T2344] syz-executor.2[2344] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   68.425075][    T6] hid (null): bogus close delimiter
[   68.462065][ T2344] loop2: detected capacity change from 0 to 2048
[   68.474775][  T319] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[   68.485080][  T319] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[   68.493547][  T319] usb 1-1: Product: syz
[   68.497764][   T28] audit: type=1400 audit(1717503032.865:360): avc:  denied  { getopt } for  pid=2349 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   68.498347][  T319] usb 1-1: Manufacturer: syz
[   68.519059][ T2344] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[   68.536309][ T2344] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   68.551533][ T2344] EXT4-fs (loop2): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 16 with error 28
[   68.564723][  T319] hub 1-1:4.0: USB hub found
[   68.569328][ T2344] EXT4-fs (loop2): This should not happen!! Data will be lost
[   68.569328][ T2344] 
[   68.579048][ T2344] EXT4-fs (loop2): Total free blocks count 0
[   68.585050][ T2344] EXT4-fs (loop2): Free/Dirty block details
[   68.591004][ T2344] EXT4-fs (loop2): free_blocks=2415919104
[   68.596992][ T2344] EXT4-fs (loop2): dirty_blocks=16
[   68.602020][ T2344] EXT4-fs (loop2): Block reservation details
[   68.607848][ T2344] EXT4-fs (loop2): i_reserved_data_blocks=1
[   68.627993][ T1815] EXT4-fs (loop2): unmounting filesystem.
[   68.633790][    T6] usb 4-1: language id specifier not provided by device, defaulting to English
[   68.642843][  T728] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   68.714726][ T2355] loop4: detected capacity change from 0 to 512
[   68.785129][ T2355] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[   68.833075][ T2282] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   68.869989][ T2355] EXT4-fs error (device loop4): __ext4_fill_super:5386: inode #2: comm syz-executor.4: casefold flag without casefold feature
[   68.884684][ T2355] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a016e02c, mo2=0002]
[   68.892762][ T2355] System zones: 0-2, 18-18, 34-35
[   68.900224][ T2355] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   69.111538][ T2282] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   69.250835][    T6] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0009/input/input9
[   69.328568][    T6] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0009/input/input10
[   69.376042][    T6] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0009/input/input11
[   70.173686][    C1] sched: RT throttling activated
[   70.198733][    T6] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0009/input/input12
[   70.212542][    T6] uclogic 0003:256C:006D.0009: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.3-1/input0
[   70.233853][  T319] hub 1-1:4.0: config failed, hub has too many ports! (err -19)
[   70.241777][ T1914] EXT4-fs (loop4): unmounting filesystem.
[   70.243828][  T728] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   70.265127][    T6] usb 4-1: USB disconnect, device number 6
[   70.303830][  T728] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   70.327474][  T728] usb 2-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00
[   70.336988][  T728] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   70.350077][  T728] usb 2-1: config 0 descriptor??
[   70.465463][ T2384] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2384 comm=syz-executor.4
[   70.510882][   T28] audit: type=1401 audit(1717503034.875:361): op=fscreate invalid_context=0435
[   70.793437][ T1965] usb 1-1: USB disconnect, device number 6
[   70.846859][   T28] audit: type=1400 audit(1717503035.215:362): avc:  denied  { relabelfrom } for  pid=2397 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[   70.870109][   T28] audit: type=1400 audit(1717503035.245:363): avc:  denied  { relabelto } for  pid=2397 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[   70.892895][  T728] sony 0003:054C:0268.000A: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.1-1/input0
[   70.904656][  T728] sony 0003:054C:0268.000A: failed to claim input
[   70.953764][   T28] audit: type=1326 audit(1717503035.315:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2400 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f686b07cee9 code=0x7ffc0000
[   70.978054][   T28] audit: type=1326 audit(1717503035.325:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2400 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f686b07cee9 code=0x7ffc0000
[   71.001878][   T28] audit: type=1326 audit(1717503035.325:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2400 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f686b07cee9 code=0x7ffc0000
[   71.026301][   T28] audit: type=1326 audit(1717503035.325:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2400 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f686b07cee9 code=0x7ffc0000
[   71.053852][   T28] audit: type=1326 audit(1717503035.325:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2400 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f686b07cee9 code=0x7ffc0000
[   71.092339][  T319] usb 2-1: USB disconnect, device number 5
[   71.207054][ T2418] syz-executor.4[2418] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   71.207126][ T2418] syz-executor.4[2418] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   71.614530][ T2442] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2442 comm=syz-executor.1
[   71.864862][ T2462] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=63767 sclass=netlink_route_socket pid=2462 comm=syz-executor.3
[   71.990564][ T2479] loop1: detected capacity change from 0 to 128
[   72.000009][ T2479] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   72.016759][ T2479] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   72.052925][   T43] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   72.173805][  T728] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[   72.186342][ T2504] loop4: detected capacity change from 0 to 256
[   72.220918][ T2504] FAT-fs (loop4): Directory bread(block 64) failed
[   72.231806][ T2504] FAT-fs (loop4): Directory bread(block 65) failed
[   72.252120][ T2504] FAT-fs (loop4): Directory bread(block 66) failed
[   72.258850][ T2504] FAT-fs (loop4): Directory bread(block 67) failed
[   72.266277][ T2504] FAT-fs (loop4): Directory bread(block 68) failed
[   72.272724][ T2504] FAT-fs (loop4): Directory bread(block 69) failed
[   72.279238][ T2504] FAT-fs (loop4): Directory bread(block 70) failed
[   72.295027][ T2504] FAT-fs (loop4): Directory bread(block 71) failed
[   72.304944][ T2504] FAT-fs (loop4): Directory bread(block 72) failed
[   72.311722][ T2504] FAT-fs (loop4): Directory bread(block 73) failed
[   72.321157][ T2513] loop1: detected capacity change from 0 to 256
[   72.338982][ T2513] exfat: Deprecated parameter 'namecase'
[   72.339663][ T2437] loop2: detected capacity change from 0 to 131072
[   72.351630][ T2437] request_module fs- succeeded, but still no fs?
[   72.363580][ T2513] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[   72.414557][ T2517] Driver unsupported XDP return value 0 on prog  (id 639) dev N/A, expect packet loss!
[   72.479549][ T2524] loop0: detected capacity change from 0 to 512
[   72.502632][ T2524] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   72.511574][ T2524] ext4 filesystem being mounted at /root/syzkaller-testdir448227238/syzkaller.ftcdZ0/51/bus supports timestamps until 2038 (0x7fffffff)
[   72.529251][ T2524] syz-executor.0 uses obsolete (PF_INET,SOCK_PACKET)
[   72.533821][  T728] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   72.542914][ T2524] EXT4-fs error (device loop0): ext4_search_dir:1548: inode #2: block 3: comm syz-executor.0: bad entry in directory: directory entry overrun - offset=16444, inode=113, rec_len=26368, size=2048 fake=0
[   72.555208][  T728] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   72.580807][ T1821] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 3: comm syz-executor.0: path /root/syzkaller-testdir448227238/syzkaller.ftcdZ0/51/bus: bad entry in directory: directory entry overrun - offset=60, inode=113, rec_len=26368, size=2048 fake=0
[   72.607015][  T728] usb 4-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00
[   72.616185][  T728] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   72.624787][  T728] usb 4-1: config 0 descriptor??
[   72.633285][ T1821] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 7: comm syz-executor.0: path /root/syzkaller-testdir448227238/syzkaller.ftcdZ0/51/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=536870912, rec_len=0, size=2048 fake=0
[   72.665355][ T1821] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 12: comm syz-executor.0: path /root/syzkaller-testdir448227238/syzkaller.ftcdZ0/51/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[   72.685340][ T2533] loop1: detected capacity change from 0 to 128
[   72.697012][ T1821] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 13: comm syz-executor.0: path /root/syzkaller-testdir448227238/syzkaller.ftcdZ0/51/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[   72.698810][ T2533] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   72.730858][ T1821] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 14: comm syz-executor.0: path /root/syzkaller-testdir448227238/syzkaller.ftcdZ0/51/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[   72.755716][ T2533] ext4 filesystem being mounted at /root/syzkaller-testdir3023245041/syzkaller.i7GM2A/128/mnt supports timestamps until 2038 (0x7fffffff)
[   72.757070][ T1821] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 15: comm syz-executor.0: path /root/syzkaller-testdir448227238/syzkaller.ftcdZ0/51/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[   72.794646][ T1821] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 16: comm syz-executor.0: path /root/syzkaller-testdir448227238/syzkaller.ftcdZ0/51/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[   72.820624][ T1821] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 17: comm syz-executor.0: path /root/syzkaller-testdir448227238/syzkaller.ftcdZ0/51/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[   72.845942][ T1821] EXT4-fs error (device loop0): ext4_map_blocks:607: inode #2: block 18: comm syz-executor.0: lblock 23 mapped to illegal pblock 18 (length 1)
[   72.861707][ T1200] EXT4-fs (loop1): unmounting filesystem.
[   72.877094][ T2538] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.2'.
[   72.956561][ T1821] EXT4-fs (loop0): unmounting filesystem.
[   73.084704][ T2554] loop1: detected capacity change from 0 to 512
[   73.105716][ T2554] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[   73.114716][ T2554] ext4 filesystem being mounted at /root/syzkaller-testdir3023245041/syzkaller.i7GM2A/131/bus supports timestamps until 2038 (0x7fffffff)
[   73.126357][  T728] sony 0003:054C:0268.000B: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.3-1/input0
[   73.136921][ T2554] EXT4-fs error (device loop1): ext4_search_dir:1548: inode #2: block 3: comm syz-executor.1: bad entry in directory: directory entry overrun - offset=16444, inode=113, rec_len=26368, size=2048 fake=0
[   73.172360][ T1200] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 3: comm syz-executor.1: path /root/syzkaller-testdir3023245041/syzkaller.i7GM2A/131/bus: bad entry in directory: directory entry overrun - offset=60, inode=113, rec_len=26368, size=2048 fake=0
[   73.198470][  T728] sony 0003:054C:0268.000B: failed to claim input
[   73.244054][ T1200] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 7: comm syz-executor.1: path /root/syzkaller-testdir3023245041/syzkaller.i7GM2A/131/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=536870912, rec_len=0, size=2048 fake=0
[   73.272292][ T1200] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 12: comm syz-executor.1: path /root/syzkaller-testdir3023245041/syzkaller.i7GM2A/131/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[   73.299087][ T1200] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 13: comm syz-executor.1: path /root/syzkaller-testdir3023245041/syzkaller.i7GM2A/131/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[   73.337328][ T1200] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 14: comm syz-executor.1: path /root/syzkaller-testdir3023245041/syzkaller.i7GM2A/131/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[   73.356491][  T728] usb 4-1: USB disconnect, device number 7
[   73.368505][ T2557] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.369890][ T1200] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 15: comm syz-executor.1: path /root/syzkaller-testdir3023245041/syzkaller.i7GM2A/131/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[   73.400088][ T2557] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.401734][ T1200] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 16: comm syz-executor.1: path /root/syzkaller-testdir3023245041/syzkaller.i7GM2A/131/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[   73.409496][ T2557] device bridge_slave_0 entered promiscuous mode
[   73.432821][ T1200] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 17: comm syz-executor.1: path /root/syzkaller-testdir3023245041/syzkaller.i7GM2A/131/bus: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[   73.463724][ T1200] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #2: block 18: comm syz-executor.1: lblock 23 mapped to illegal pblock 18 (length 1)
[   73.485275][ T2557] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.492136][ T2557] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.524661][ T2565] input: syz1 as /devices/virtual/input/input13
[   73.532528][ T2557] device bridge_slave_1 entered promiscuous mode
[   73.635358][ T1200] EXT4-fs (loop1): unmounting filesystem.
[   73.659252][ T2557] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.666292][ T2557] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.673469][ T2557] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.680422][ T2557] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.717757][ T1965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   73.725668][ T1965] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.734357][ T1965] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.766369][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   73.775215][   T24] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.782173][   T24] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.789810][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   73.797991][   T24] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.804962][   T24] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.818621][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   73.830074][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   73.838984][   T43] device bridge_slave_1 left promiscuous mode
[   73.845108][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.853799][ T1165] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[   73.861405][ T2577] loop2: detected capacity change from 0 to 256
[   73.867899][   T43] device bridge_slave_0 left promiscuous mode
[   73.868253][ T2577] exfat: Deprecated parameter 'namecase'
[   73.874315][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.882629][ T2577] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[   73.899235][   T43] device veth1_macvtap left promiscuous mode
[   73.905516][   T43] device veth0_vlan left promiscuous mode
[   73.942660][ T2581] loop2: detected capacity change from 0 to 256
[   74.056328][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   74.068685][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   74.088085][ T2589] SELinux:  Context system_u:object_r:systemd_notify_exec_t:s0 is not valid (left unmapped).
[   74.089713][ T2557] device veth0_vlan entered promiscuous mode
[   74.098806][   T28] kauditd_printk_skb: 98 callbacks suppressed
[   74.098823][   T28] audit: type=1400 audit(1717503038.475:467): avc:  denied  { relabelto } for  pid=2588 comm="syz-executor.3" name="file0" dev="sda1" ino=1956 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_notify_exec_t:s0"
[   74.105060][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   74.146837][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   74.161401][ T1965] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   74.169040][ T1965] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   74.184752][ T2557] device veth1_macvtap entered promiscuous mode
[   74.196172][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   74.204366][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   74.212540][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   74.226384][ T2571] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.233318][ T2571] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.240920][ T2571] device bridge_slave_0 entered promiscuous mode
[   74.250991][   T28] audit: type=1400 audit(1717503038.625:468): avc:  denied  { rmdir } for  pid=316 comm="syz-executor.3" name="file0" dev="sda1" ino=1956 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_notify_exec_t:s0"
[   74.253894][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   74.278338][ T1165] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   74.287174][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   74.306616][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   74.317004][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   74.326938][ T2571] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.334438][ T2571] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.341874][ T2571] device bridge_slave_1 entered promiscuous mode
[   74.381779][ T2600] loop3: detected capacity change from 0 to 512
[   74.397428][ T2600] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[   74.407503][ T2600] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #15: comm syz-executor.3: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0)
[   74.426197][ T2600] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz-executor.3: couldn't read orphan inode 15 (err -117)
[   74.439039][ T2600] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   74.447481][ T2600] ext2 filesystem being mounted at /root/syzkaller-testdir1961205298/syzkaller.6K8eVA/178/file0 supports timestamps until 2038 (0x7fffffff)
[   74.463278][   T43] tipc: Left network mode
[   74.467919][ T1165] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   74.477195][ T1165] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   74.485428][ T1165] usb 5-1: Product: syz
[   74.486284][  T316] EXT4-fs (loop3): unmounting filesystem.
[   74.489549][ T1165] usb 5-1: Manufacturer: syz
[   74.499603][ T1165] usb 5-1: SerialNumber: syz
[   74.531155][ T2607] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'.
[   74.534178][ T2571] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.547200][ T2571] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.554314][ T2571] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.561187][ T2571] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.597831][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   74.606436][    T6] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.615787][    T6] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.645164][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   74.653381][  T319] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.660393][  T319] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.667858][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   74.676213][  T319] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.683097][  T319] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.691015][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   74.710613][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   74.726312][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   74.743509][ T2571] device veth0_vlan entered promiscuous mode
[   74.750098][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   74.764230][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   74.771883][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   74.784455][ T2571] device veth1_macvtap entered promiscuous mode
[   74.795835][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   74.815425][  T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   74.842671][  T728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   74.876042][ T2621] overlayfs: invalid redirect ((null))
[   74.886618][ T2629] syz-executor.1[2629] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   74.886698][ T2629] syz-executor.1[2629] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   74.901765][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x1
[   74.920926][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   74.928247][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   74.938145][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   74.945586][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   74.952850][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   74.960709][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   74.968993][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x2
[   74.983810][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   74.997438][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.010774][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.018438][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.026551][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x4
[   75.033817][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.040999][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.048578][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.058482][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.066295][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.073534][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.080768][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.088337][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.095627][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.102921][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.110849][   T43] device bridge_slave_1 left promiscuous mode
[   75.116856][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.120957][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.124201][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.138543][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.146006][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.146155][   T43] device bridge_slave_0 left promiscuous mode
[   75.153240][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.161584][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.166649][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.180646][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.188977][   T43] device veth1_macvtap left promiscuous mode
[   75.191277][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.195280][   T43] device veth0_vlan left promiscuous mode
[   75.203829][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.215132][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.222420][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.229663][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.237108][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.245231][  T728] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[   75.253067][  T728] hid-generic 0000:0000:0000.000C: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[   75.428708][   T28] audit: type=1400 audit(1717503039.795:469): avc:  denied  { setopt } for  pid=2654 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   75.494701][ T2661] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=2661 comm=syz-executor.2
[   75.508026][   T28] audit: type=1400 audit(1717503039.875:470): avc:  denied  { read } for  pid=2660 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   75.545208][ T2663] syz-executor.0[2663] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   75.545327][ T2663] syz-executor.0[2663] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   75.614707][ T1165] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42
[   75.633941][ T1165] cdc_ncm 5-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[   75.641410][ T1165] cdc_ncm 5-1:1.0: setting rx_max = 2048
[   75.851060][ T1165] cdc_ncm 5-1:1.0: setting tx_max = 184
[   75.858669][ T1165] cdc_ncm 5-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[   75.871625][ T1165] usb 5-1: USB disconnect, device number 6
[   75.877492][ T1165] cdc_ncm 5-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM (NO ZLP)
[   76.163736][    T6] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[   76.423328][ T2712] loop2: detected capacity change from 0 to 512
[   76.435772][ T2712] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   76.444930][ T2712] ext4 filesystem being mounted at /root/syzkaller-testdir1700565255/syzkaller.FRe4Fm/78/file0 supports timestamps until 2038 (0x7fffffff)
[   76.480022][ T1815] EXT4-fs (loop2): unmounting filesystem.
[   76.524189][    T6] usb 4-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config
[   76.529192][ T2720] loop4: detected capacity change from 0 to 1024
[   76.540583][    T6] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[   76.541107][ T2720] EXT4-fs: Ignoring removed orlov option
[   76.554164][    T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.563578][ T2720] EXT4-fs: Ignoring removed nomblk_io_submit option
[   76.586079][ T2720] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   76.604359][   T28] audit: type=1400 audit(1717503040.975:471): avc:  denied  { map } for  pid=2719 comm="syz-executor.4" path="/root/syzkaller-testdir3991703340/syzkaller.fC2s8x/61/file1/file0/bus" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   76.611059][ T2720] EXT4-fs error (device loop4): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.4: corrupt xattr in inline inode
[   76.646903][ T1165] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   76.650177][    T6] aiptek 4-1:17.0: interface has no int in endpoints, but must have minimum 1
[   76.713970][ T2720] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.4: corrupted in-inode xattr
[   76.714781][ T2726] syz-executor.0[2726] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   76.726365][ T2726] syz-executor.0[2726] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   76.766226][   T28] audit: type=1400 audit(1717503041.135:472): avc:  denied  { unlink } for  pid=1914 comm="syz-executor.4" name="file0" dev="loop4" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   76.800851][   T28] audit: type=1400 audit(1717503041.135:473): avc:  denied  { unlink } for  pid=1914 comm="syz-executor.4" name="file1" dev="loop4" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[   76.800962][ T1914] ==================================================================
[   76.829674][   T28] audit: type=1400 audit(1717503041.135:474): avc:  denied  { unmount } for  pid=1914 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[   76.831524][ T1914] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0
[   76.859333][ T1914] Read of size 4 at addr ffff88813ac38000 by task syz-executor.4/1914
[   76.867321][ T1914] 
[   76.869498][ T1914] CPU: 1 PID: 1914 Comm: syz-executor.4 Not tainted 6.1.78-syzkaller-00137-gc36abc6d4212 #0
[   76.879383][ T1914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[   76.889364][ T1914] Call Trace:
[   76.892489][ T1914]  <TASK>
[   76.895267][ T1914]  dump_stack_lvl+0x151/0x1b7
[   76.899781][ T1914]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   76.905080][ T1914]  ? _printk+0xd1/0x111
[   76.909067][ T1914]  ? __virt_addr_valid+0x242/0x2f0
[   76.914028][ T1914]  print_report+0x158/0x4e0
[   76.918353][ T1914]  ? __virt_addr_valid+0x242/0x2f0
[   76.923309][ T1914]  ? kasan_addr_to_slab+0xd/0x80
[   76.928248][ T1914]  ? ext4_xattr_delete_inode+0xcd0/0xce0
[   76.933749][ T1914]  kasan_report+0x13c/0x170
[   76.938056][ T1914]  ? ext4_xattr_delete_inode+0xcd0/0xce0
[   76.943526][ T1914]  __asan_report_load4_noabort+0x14/0x20
[   76.949087][ T1914]  ext4_xattr_delete_inode+0xcd0/0xce0
[   76.954470][ T1914]  ? sb_end_intwrite+0x130/0x130
[   76.959243][ T1914]  ? ext4_expand_extra_isize_ea+0x1c40/0x1c40
[   76.965149][ T1914]  ? __kasan_check_read+0x11/0x20
[   76.970113][ T1914]  ? ext4_inode_is_fast_symlink+0x295/0x3d0
[   76.975930][ T1914]  ? ext4_evict_inode+0xbc2/0x1550
[   76.980887][ T1914]  ext4_evict_inode+0xef9/0x1550
[   76.985653][ T1914]  ? _raw_spin_unlock+0x4c/0x70
[   76.990365][ T1914]  ? ext4_inode_is_fast_symlink+0x3d0/0x3d0
[   76.996076][ T1914]  ? _raw_spin_unlock+0x4c/0x70
[   77.000755][ T1914]  ? inode_io_list_del+0x18b/0x1a0
[   77.005707][ T1914]  ? ext4_inode_is_fast_symlink+0x3d0/0x3d0
[   77.011455][ T1914]  evict+0x2a3/0x630
[   77.015255][ T1914]  iput+0x642/0x870
[   77.018894][ T1914]  vfs_rmdir+0x3c2/0x500
[   77.022974][ T1914]  do_rmdir+0x3ab/0x630
[   77.026976][ T1914]  ? d_delete_notify+0x160/0x160
[   77.031742][ T1914]  __x64_sys_unlinkat+0xdf/0xf0
[   77.036514][ T1914]  do_syscall_64+0x3d/0xb0
[   77.041124][ T1914]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   77.046985][ T1914] RIP: 0033:0x7f686b07c6c7
[   77.051230][ T1914] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   77.070768][ T1914] RSP: 002b:00007fff37e48cf8 EFLAGS: 00000207 ORIG_RAX: 0000000000000107
[   77.079188][ T1914] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f686b07c6c7
[   77.087092][ T1914] RDX: 0000000000000200 RSI: 00007fff37e49ea0 RDI: 00000000ffffff9c
[   77.094894][ T1914] RBP: 00007f686b0d9636 R08: 0000000000000000 R09: 0000000000000000
[   77.102698][ T1914] R10: 0000000000000100 R11: 0000000000000207 R12: 00007fff37e49ea0
[   77.110521][ T1914] R13: 00007f686b0d9636 R14: 0000000000012ad1 R15: 0000000000000009
[   77.118545][ T1914]  </TASK>
[   77.121392][ T1914] 
[   77.123560][ T1914] The buggy address belongs to the physical page:
[   77.129899][ T1914] page:ffffea0004eb0e00 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x1 pfn:0x13ac38
[   77.140227][ T1914] flags: 0x4000000000000000(zone=1)
[   77.145455][ T1914] raw: 4000000000000000 ffffea0004eb1008 ffffea0004f40e08 0000000000000000
[   77.153888][ T1914] raw: 0000000000000001 0000000000000003 00000000ffffff7f 0000000000000000
[   77.162375][ T1914] page dumped because: kasan: bad access detected
[   77.168625][ T1914] page_owner tracks the page as freed
[   77.173854][ T1914] page last allocated via order 0, migratetype Movable, gfp_mask 0x8140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO|__GFP_CMA), pid 2613, tgid 2612 (syz-executor.3), ts 74620233352, free_ts 74789509119
[   77.193450][ T1914]  post_alloc_hook+0x213/0x220
[   77.198048][ T1914]  prep_new_page+0x1b/0x110
[   77.202389][ T1914]  get_page_from_freelist+0x27ea/0x2870
[   77.207788][ T1914]  __alloc_pages+0x3a1/0x780
[   77.212196][ T1914]  __folio_alloc+0x15/0x40
[   77.216449][ T1914]  wp_page_copy+0x23b/0x1690
[   77.220878][ T1914]  do_wp_page+0xc25/0xdf0
[   77.225041][ T1914]  handle_mm_fault+0x15a2/0x2f40
[   77.229855][ T1914]  exc_page_fault+0x24d/0x700
[   77.234330][ T1914]  asm_exc_page_fault+0x27/0x30
[   77.239019][ T1914] page last free stack trace:
[   77.243532][ T1914]  free_unref_page_prepare+0x83d/0x850
[   77.248831][ T1914]  free_unref_page_list+0xf1/0x7b0
[   77.253773][ T1914]  release_pages+0xf7f/0xfe0
[   77.258213][ T1914]  free_pages_and_swap_cache+0x8a/0xa0
[   77.263665][ T1914]  tlb_flush_mmu+0xfe/0x1d0
[   77.268191][ T1914]  unmap_page_range+0x219d/0x2480
[   77.273054][ T1914]  unmap_vmas+0x4e4/0x660
[   77.277218][ T1914]  exit_mmap+0x2d1/0x940
[   77.281416][ T1914]  __mmput+0x95/0x310
[   77.285199][ T1914]  mmput+0x56/0x170
[   77.288848][ T1914]  do_exit+0xb29/0x2b80
[   77.292839][ T1914]  do_group_exit+0x21a/0x2d0
[   77.297260][ T1914]  __x64_sys_exit_group+0x3f/0x40
[   77.302124][ T1914]  do_syscall_64+0x3d/0xb0
[   77.306565][ T1914]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   77.312288][ T1914] 
[   77.314457][ T1914] Memory state around the buggy address:
[   77.319928][ T1914]  ffff88813ac37f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   77.327829][ T1914]  ffff88813ac37f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   77.335724][ T1914] >ffff88813ac38000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   77.343618][ T1914]                    ^
[   77.347530][ T1914]  ffff88813ac38080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   77.355425][ T1914]  ffff88813ac38100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
2024/06/04 12:10:41 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[   77.363324][ T1914] ==================================================================
[   77.373039][    T6] usb 4-1: USB disconnect, device number 8
[   77.487170][ T1914] Disabling lock debugging due to kernel taint
[   77.497893][ T2683] device syz_tun left promiscuous mode
[   77.503194][ T2683] bridge0: port 3(syz_tun) entered disabled state
[   77.513717][ T1165] usb 2-1: Using ep0 maxpacket: 32