last executing test programs:

52.04819487s ago: executing program 32 (id=80):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000810"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000040)={0x9000000, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=ANY=[@ANYBLOB="020a000002"], 0x10}}, 0x0)

29.059718899s ago: executing program 33 (id=704):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)
setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000300)=0x6, 0x4)
sendmmsg$inet6(r0, &(0x7f00000002c0)=[{{&(0x7f0000000400)={0xa, 0x4e23, 0x10000000, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x0)
recvmmsg(r0, &(0x7f0000006080)=[{{0x0, 0x0, 0x0}, 0x400}], 0x1, 0x2160, 0x0)

28.598933018s ago: executing program 4 (id=733):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f00000019c0)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
recvmmsg(r0, &(0x7f0000001880)=[{{0x0, 0x0, &(0x7f0000000600), 0x0, &(0x7f0000000f80)=""/162, 0xa2}, 0x5}, {{&(0x7f0000000680)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f0000000980)=[{0x0}, {0x0}], 0x2}, 0x7}], 0x2, 0x10020, &(0x7f0000001980)={0x0, 0x989680})

28.215567577s ago: executing program 2 (id=741):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000200)={[{@lazytime}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@nombcache}, {@quota}, {@quota}]}, 0xff, 0x443, &(0x7f0000000940)="$eJzs3MtvG0UYAPBv10mgLxJKefQBBMqj4pE0aYEeuIBA4gASEhzKMSRpVeo2qAkSrSoICJUjqsQdcUTiL+BELwg4IXGFAzdUqUK9tHAyWnu3cYztNsbuQv37SevM7I4182V37JmdbAIYWpPZSxKxNSJ+iYjxRnZ9gcnGj6uXz87/efnsfBK12ht/JPVyVy6fnS+KFu/bkmf2pRHpJ0nsblPv8ukzx+eq1cVTeX565cS708unzzx97MTc0cWjiydnDx06eGDmuWdnn+lLnFlcV3Z9sLRn5ytvnX9t/vD5t3/4Oinib4mjTya7HXy0VutzdeXa1pRORkpsCBtSiYjsdI3W+/94VGLt5I3Hyx+X2jhgoGq5DodXa8AtLImyWwCUo/iiz+a/xXbzRh/lu/RCYwKUxX013xpHRiLNy4y2zG/7aTIiDq/+9UW2xWDuQwAArPNtNv55qt34L417msrdka+hTETEnRGxPSLuiogdEXF3RL3svRFx3wbrb10k+ef4J73YU2A3KBv/PZ+vba0f/xWjv5io5Llt9fhHkyPHqov7G8dWs5csP9Oljgsv/fxZp2PN479sy+ovxoJ5Oy6O3Lb+PQtzK3O9xtvq0kcRu0baxZ9cWwlIImJnROzqsY5jT3y1p9Ox68ffRR/WmWpfRjzeOP+r0RJ/Iem+Pjl9e1QX9083XRUtfvzp3Oud6v9X8fdBdv43t73+r8U/kTSv1y5vvI5zv37acU7T6/U/lrxZT4/l+96fW1k5NRMxlrzaaHTz/tm19xb5onwW/7697fv/9lj7TeyOiOwivj8iHoiIB/O2PxQRD0fE3i7xf//iI+/0Hv9gZfEvbOj8ryXGonVP+0Tl+HffrKt0YiPxZ+f/YD21L99T//xLusd1I+3q7WoGAACA/580IrZGkk5dS6fp1FTjb/h3xOa0urS88uSRpfdOLjSeEZiI0bS40zXedD90Jp/WF/nZlvyB/L7x55VN9fzU/FJ1oezgYcht6dD/M79Xym4dMHCe14Lhpf/D8NL/YXjp/zC82vT/TWW0A7j52n3/fxgRFx4roTHATdXS/y37wRAx/4fhpf/D8LqB/v/brfXvqoGIWN4U139IfrCJSpRZu0SPiUj/E82QGFCi7E8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg7AAD//9aZ7PU=")
creat(&(0x7f00000007c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x180)
mknod$loop(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4, 0x1)
creat(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4)
mknod$loop(&(0x7f0000000500)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800, 0x1)

28.131781447s ago: executing program 2 (id=744):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
symlink(&(0x7f00000003c0)='.\x00', &(0x7f0000000140)='./file0\x00')

28.111302647s ago: executing program 2 (id=745):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x2810000, &(0x7f0000000380)={[{@user_xattr}, {@noquota}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@jqfmt_vfsv1}, {@block_validity}, {@dioread_nolock}, {@noquota}, {@min_batch_time={'min_batch_time', 0x3d, 0x8}}, {@delalloc}, {@user_xattr}, {@quota}]}, 0x1, 0x54f, &(0x7f0000000b00)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbZdnamc8HbnvOvTc995t7v6fn5iQkgKE1kf0oRLwcEd8kEQfbto1GvnFibb/V+1dnsyWJRuPTv5JI8nWt/ZP89/688lJE/PZVxPHCxnZryysLpXI5Xczrk/XKpcna8sqJC5XSfDqfXpyemTn19sz0e+++M7BY3zj7z/ef3P7w1NdHV7/75e6hm0mcjgP5tvY4nsC19spETOTPyVicfmTHqQE0tpMk230A9GUkz/OxyPqAgzGSZz3w//dlRDSAIZXIfxhSrXFA695+QPfBz417H6zdAG2Mf3TttZHY07w32reaPHRnlN3vjg+g/ayNX/+8dTNbYnCvQwBs6dr1iDg5Orqx/0vy/q9/J3vY59E29H/w7NzOxj9vdhr/FNbHP9Fh/LO/Q+72Y+v8L9wdQDNdZeO/9zuOf9cnrcZH8toLzTHfWHL+QjnN+rYXI+JYjO3O6pvN55xavdPotq19/JctWfutsWB+HHdHdz/8mLlSvfQkMbe7dz3ilY7j32T9/Ccdzn/2fJztsY0j6a3Xum3bOv6nq/FTxOsdz/+DGa1k8/nJyeb1MNm6Kjb6+8aR37u1v93xZ+d/3+bxjyft87W1x2/jxz3/pt229Xv970o+a5Z35euulOr1xamIXcnHG9dPP3hsq97aP4v/2NHN+79O1//eiPi8x/hvHP751f7jf7qy+Oce6/w/fuHOR1/80K393s7/W83SsXxNL/1frwf4JM8dAAAAAAAA7DSFiDgQSaG4Xi4UisW193ccjn2FcrVWP36+unRxLpqflR2PsUJrpvtg2/shpvL3w7bq04/UZyLiUER8O7K3WS/OVstz2x08AAAAAAAAAAAAAAAAAAAA7BD7u3z+P/PHyHYfHfDU+cpvGF5b5v8gvukJ2JH8/4fhJf9heMl/GF7yH4aX/IfhJf9heMl/GF7yHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAbq7Jkz2dJYvX91NqvPXV5eWqhePjGX1haKlaXZ4mx18VJxvlqdL6fF2Wplq79XrlYvTU3H0pXJelqrT9aWV85VqksX6+cuVErz6bl07JlEBQAAAAAAAAAAAAAAAAAAAM+X2vLKQqlcThcVFPoqjO6Mw1AYcGG7eyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeOC/AAAA///ktDiZ")
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
pwrite64(r0, &(0x7f00000000c0)="97", 0x1, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x0)
copy_file_range(r0, 0x0, r0, &(0x7f0000000080)=0x32, 0x1, 0x0)

27.968372366s ago: executing program 2 (id=749):
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x400c84, &(0x7f0000000340), 0x1, 0x786, &(0x7f0000001900)="$eJzs3c9rHGUfAPDvbJKmTfu+yQsvaL0YEDRQmpgaWwWFigcRLBT0bLtstqFmky3ZTWlCQIsIXgQVD4JeevLgj3rz6o+r/hcexFI1LVY8SGQ2s+2m2U03abIbzecDk32emdl8n+/Or2d3hpkA9qzh9E8u4nBEvJtEDGbjk4joq5V6I06uzndreamQDkmsrLz8a1Kb5+byUiEa3pM6mFUejIhv34o4klsft7KwOJ0vlYpzWX2sOnNhrLKwePT8TH6qOFWcPT4+MXHsxJMnjm9frr//sHjo2nsvPPbFyT/ffODqO98lcTIOZdMa89iyZ9dWh2M4+0z60o9wjefvO9juknS7AWxJumn2rG7lcTgGo6dWAgD+zV6PiBUAYI9JHP8BYI+p/w5wc3mpUB+6+4tEZ11/LiL2r+ZfP7+5OqU3O2e3v3YedOBmsubMSBIRQ9sQfzgiPv7q1c/SIbbrPCRAG964HBFnh4bX7/+TddcsbNbjG0zbl70O3zU+je8MNHTG12n/56lm/b/c7f5PNOn/9DfZdrei2fa/ZsSBbQiygeufRDzTcG3brYb8M0M9We0/tT5fX3LufKmY7tv+GxEj0def1sc3iDFy468braY19v9+e/+1T9P46eudOXI/9/avfc9kvpq/n5wbXb8c8VBvs/yT28s/adH/Pd1mjBeffvujVtPS/NN868P6/CO7OmlnrFyJeLTp8r9zRVuy4fWJY7XVYay+UjTx5Y8fDrSK37j80yGNX/8u0Anp8h/YOP+hpPF6zcrmY3x/ZfCbVtPunX/z9X9f8kqtXO9HXMpXq3PjEfuSl9aPP3bnvZfyD2el1fnT/Eceab79b7T+p98Jz7aZf++1Xz7fev47K81/clPLf/OFq7eme1rFb2/5T9RKI9mYdvZ/7Tbwfj47AAAAAAAAAAAAAAAAAAAAAAAAAGhXLiIORZIbvV3O5UZHV5/h/f8YyJXKleqRc+X52cmoPSt7KPpy9VtdDjbcD3U8ux9+vX7srvoTEfG/iPig/0BSv4/iZJdzBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC6gy2e/5/6qb/brQMAdsz+bjcAAOg4x38A2Hsc/wFg72nv+N+z4+0AADrH938A2Hsc/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANhhp0+dSoeVP5aXCml98uLC/HT54tHJYmV6dGa+MFooz10YnSqXp0rF0UJ55l7/r1QuX5iI2flLY9VipTpWWVg8M1Oen62eOT+TnyqeKfZ1JCsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2JzKwuJ0vlQqzilsobCyO5rR/UJPtjrtlvZ0tJDsjmZsc6HLOyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf4i/AwAA//+3ACFj")
open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x10540b, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x40042, 0x0)
preadv2(r0, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x0, 0x0, 0x7)

27.912059336s ago: executing program 2 (id=750):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newlink={0x48, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x44000, 0xc100}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x84}, 0x0)

27.775558976s ago: executing program 2 (id=757):
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10)
sendmsg$tipc(r1, &(0x7f0000000540)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x4}}, 0x10, 0x0}, 0x54)

27.772287605s ago: executing program 34 (id=757):
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10)
sendmsg$tipc(r1, &(0x7f0000000540)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x4}}, 0x10, 0x0}, 0x54)

27.742500335s ago: executing program 4 (id=759):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000580)={[{@jqfmt_vfsv1}, {@stripe={'stripe', 0x3d, 0x8}}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodiscard}, {@nodelalloc}, {@acl}, {@dioread_lock}]}, 0x1, 0x572, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=")
lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0)
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000140)='.pending_reads\x00', 0x1a10c1, 0x9c37611dc13d0d83)
setuid(0xee00)
write$FUSE_DIRENTPLUS(r0, 0x0, 0x10)

27.668703285s ago: executing program 4 (id=762):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="180200000000000000000000000000008500000008000000950000"], &(0x7f0000000040)='GPL\x00', 0x5, 0xbf, &(0x7f00000020c0)=""/191, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000780)={r1, r2, 0x25, 0x2, @val=@tcx={@void, @value}}, 0x1c)
syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

27.641034405s ago: executing program 4 (id=763):
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x400c84, &(0x7f0000000340), 0x1, 0x786, &(0x7f0000001900)="$eJzs3c9rHGUfAPDvbJKmTfu+yQsvaL0YEDRQmpgaWwWFigcRLBT0bLtstqFmky3ZTWlCQIsIXgQVD4JeevLgj3rz6o+r/hcexFI1LVY8SGQ2s+2m2U03abIbzecDk32emdl8n+/Or2d3hpkA9qzh9E8u4nBEvJtEDGbjk4joq5V6I06uzndreamQDkmsrLz8a1Kb5+byUiEa3pM6mFUejIhv34o4klsft7KwOJ0vlYpzWX2sOnNhrLKwePT8TH6qOFWcPT4+MXHsxJMnjm9frr//sHjo2nsvPPbFyT/ffODqO98lcTIOZdMa89iyZ9dWh2M4+0z60o9wjefvO9juknS7AWxJumn2rG7lcTgGo6dWAgD+zV6PiBUAYI9JHP8BYI+p/w5wc3mpUB+6+4tEZ11/LiL2r+ZfP7+5OqU3O2e3v3YedOBmsubMSBIRQ9sQfzgiPv7q1c/SIbbrPCRAG964HBFnh4bX7/+TddcsbNbjG0zbl70O3zU+je8MNHTG12n/56lm/b/c7f5PNOn/9DfZdrei2fa/ZsSBbQiygeufRDzTcG3brYb8M0M9We0/tT5fX3LufKmY7tv+GxEj0def1sc3iDFy468braY19v9+e/+1T9P46eudOXI/9/avfc9kvpq/n5wbXb8c8VBvs/yT28s/adH/Pd1mjBeffvujVtPS/NN868P6/CO7OmlnrFyJeLTp8r9zRVuy4fWJY7XVYay+UjTx5Y8fDrSK37j80yGNX/8u0Anp8h/YOP+hpPF6zcrmY3x/ZfCbVtPunX/z9X9f8kqtXO9HXMpXq3PjEfuSl9aPP3bnvZfyD2el1fnT/Eceab79b7T+p98Jz7aZf++1Xz7fev47K81/clPLf/OFq7eme1rFb2/5T9RKI9mYdvZ/7Tbwfj47AAAAAAAAAAAAAAAAAAAAAAAAAGhXLiIORZIbvV3O5UZHV5/h/f8YyJXKleqRc+X52cmoPSt7KPpy9VtdDjbcD3U8ux9+vX7srvoTEfG/iPig/0BSv4/iZJdzBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC6gy2e/5/6qb/brQMAdsz+bjcAAOg4x38A2Hsc/wFg72nv+N+z4+0AADrH938A2Hsc/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANhhp0+dSoeVP5aXCml98uLC/HT54tHJYmV6dGa+MFooz10YnSqXp0rF0UJ55l7/r1QuX5iI2flLY9VipTpWWVg8M1Oen62eOT+TnyqeKfZ1JCsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2JzKwuJ0vlQqzilsobCyO5rR/UJPtjrtlvZ0tJDsjmZsc6HLOyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf4i/AwAA//+3ACFj")
open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x10540b, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x40042, 0x0)
preadv2(r0, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x0, 0x0, 0x7)

27.575912865s ago: executing program 4 (id=764):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000006c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
pwritev2(r2, 0x0, 0x0, 0x5412, 0x0, 0x0)

27.463456475s ago: executing program 4 (id=765):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000007000000020000000400000005"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10)
wait4(0x0, 0xfffffffffffffffe, 0x8, 0x0)

27.452494804s ago: executing program 35 (id=765):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000007000000020000000400000005"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10)
wait4(0x0, 0xfffffffffffffffe, 0x8, 0x0)

26.930855153s ago: executing program 7 (id=768):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.sectors\x00', 0x26e1, 0x0)
close(r0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a1202, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x2000140d)
write$cgroup_subtree(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="80fd01"], 0x9)

26.764972052s ago: executing program 7 (id=775):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000580)={[{@jqfmt_vfsv1}, {@stripe={'stripe', 0x3d, 0x8}}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodiscard}, {@nodelalloc}, {@acl}, {@dioread_lock}]}, 0x1, 0x572, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=")
lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0)
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000140)='.pending_reads\x00', 0x1a10c1, 0x9c37611dc13d0d83)
setuid(0xee00)
write$FUSE_DIRENTPLUS(r0, 0x0, 0x10)

26.669641552s ago: executing program 7 (id=776):
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x400c84, &(0x7f0000000340), 0x1, 0x786, &(0x7f0000001900)="$eJzs3c9rHGUfAPDvbJKmTfu+yQsvaL0YEDRQmpgaWwWFigcRLBT0bLtstqFmky3ZTWlCQIsIXgQVD4JeevLgj3rz6o+r/hcexFI1LVY8SGQ2s+2m2U03abIbzecDk32emdl8n+/Or2d3hpkA9qzh9E8u4nBEvJtEDGbjk4joq5V6I06uzndreamQDkmsrLz8a1Kb5+byUiEa3pM6mFUejIhv34o4klsft7KwOJ0vlYpzWX2sOnNhrLKwePT8TH6qOFWcPT4+MXHsxJMnjm9frr//sHjo2nsvPPbFyT/ffODqO98lcTIOZdMa89iyZ9dWh2M4+0z60o9wjefvO9juknS7AWxJumn2rG7lcTgGo6dWAgD+zV6PiBUAYI9JHP8BYI+p/w5wc3mpUB+6+4tEZ11/LiL2r+ZfP7+5OqU3O2e3v3YedOBmsubMSBIRQ9sQfzgiPv7q1c/SIbbrPCRAG964HBFnh4bX7/+TddcsbNbjG0zbl70O3zU+je8MNHTG12n/56lm/b/c7f5PNOn/9DfZdrei2fa/ZsSBbQiygeufRDzTcG3brYb8M0M9We0/tT5fX3LufKmY7tv+GxEj0def1sc3iDFy468braY19v9+e/+1T9P46eudOXI/9/avfc9kvpq/n5wbXb8c8VBvs/yT28s/adH/Pd1mjBeffvujVtPS/NN868P6/CO7OmlnrFyJeLTp8r9zRVuy4fWJY7XVYay+UjTx5Y8fDrSK37j80yGNX/8u0Anp8h/YOP+hpPF6zcrmY3x/ZfCbVtPunX/z9X9f8kqtXO9HXMpXq3PjEfuSl9aPP3bnvZfyD2el1fnT/Eceab79b7T+p98Jz7aZf++1Xz7fev47K81/clPLf/OFq7eme1rFb2/5T9RKI9mYdvZ/7Tbwfj47AAAAAAAAAAAAAAAAAAAAAAAAAGhXLiIORZIbvV3O5UZHV5/h/f8YyJXKleqRc+X52cmoPSt7KPpy9VtdDjbcD3U8ux9+vX7srvoTEfG/iPig/0BSv4/iZJdzBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC6gy2e/5/6qb/brQMAdsz+bjcAAOg4x38A2Hsc/wFg72nv+N+z4+0AADrH938A2Hsc/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANhhp0+dSoeVP5aXCml98uLC/HT54tHJYmV6dGa+MFooz10YnSqXp0rF0UJ55l7/r1QuX5iI2flLY9VipTpWWVg8M1Oen62eOT+TnyqeKfZ1JCsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2JzKwuJ0vlQqzilsobCyO5rR/UJPtjrtlvZ0tJDsjmZsc6HLOyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf4i/AwAA//+3ACFj")
open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x10540b, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x40042, 0x0)
preadv2(r0, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x0, 0x0, 0x7)

26.491178961s ago: executing program 7 (id=781):
r0 = epoll_create1(0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000004000000b703000008000040850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000002c0)='sys_enter\x00', r2}, 0x10)
epoll_pwait(r0, &(0x7f0000000140)=[{}], 0x1, 0x1f, 0x0, 0x0)

26.489063721s ago: executing program 6 (id=783):
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c41, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000016c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
pipe2(&(0x7f0000001440)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
splice(r0, 0x0, r1, 0x0, 0x2000, 0x0)

26.459571941s ago: executing program 6 (id=786):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.sectors\x00', 0x26e1, 0x0)
close(r0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a1202, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x2000140d)
write$cgroup_subtree(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="80fd01"], 0x9)

26.409432021s ago: executing program 6 (id=788):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000580)={[{@jqfmt_vfsv1}, {@stripe={'stripe', 0x3d, 0x8}}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodiscard}, {@nodelalloc}, {@acl}, {@dioread_lock}]}, 0x1, 0x572, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=")
lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0)
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000140)='.pending_reads\x00', 0x1a10c1, 0x9c37611dc13d0d83)
setuid(0xee00)
write$FUSE_DIRENTPLUS(r0, 0x0, 0x10)

26.378756541s ago: executing program 7 (id=789):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f00000008c0)=ANY=[@ANYBLOB="180200000400000000000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

26.317151681s ago: executing program 36 (id=789):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f00000008c0)=ANY=[@ANYBLOB="180200000400000000000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

26.314926161s ago: executing program 6 (id=793):
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x400c84, &(0x7f0000000340), 0x1, 0x786, &(0x7f0000001900)="$eJzs3c9rHGUfAPDvbJKmTfu+yQsvaL0YEDRQmpgaWwWFigcRLBT0bLtstqFmky3ZTWlCQIsIXgQVD4JeevLgj3rz6o+r/hcexFI1LVY8SGQ2s+2m2U03abIbzecDk32emdl8n+/Or2d3hpkA9qzh9E8u4nBEvJtEDGbjk4joq5V6I06uzndreamQDkmsrLz8a1Kb5+byUiEa3pM6mFUejIhv34o4klsft7KwOJ0vlYpzWX2sOnNhrLKwePT8TH6qOFWcPT4+MXHsxJMnjm9frr//sHjo2nsvPPbFyT/ffODqO98lcTIOZdMa89iyZ9dWh2M4+0z60o9wjefvO9juknS7AWxJumn2rG7lcTgGo6dWAgD+zV6PiBUAYI9JHP8BYI+p/w5wc3mpUB+6+4tEZ11/LiL2r+ZfP7+5OqU3O2e3v3YedOBmsubMSBIRQ9sQfzgiPv7q1c/SIbbrPCRAG964HBFnh4bX7/+TddcsbNbjG0zbl70O3zU+je8MNHTG12n/56lm/b/c7f5PNOn/9DfZdrei2fa/ZsSBbQiygeufRDzTcG3brYb8M0M9We0/tT5fX3LufKmY7tv+GxEj0def1sc3iDFy468braY19v9+e/+1T9P46eudOXI/9/avfc9kvpq/n5wbXb8c8VBvs/yT28s/adH/Pd1mjBeffvujVtPS/NN868P6/CO7OmlnrFyJeLTp8r9zRVuy4fWJY7XVYay+UjTx5Y8fDrSK37j80yGNX/8u0Anp8h/YOP+hpPF6zcrmY3x/ZfCbVtPunX/z9X9f8kqtXO9HXMpXq3PjEfuSl9aPP3bnvZfyD2el1fnT/Eceab79b7T+p98Jz7aZf++1Xz7fev47K81/clPLf/OFq7eme1rFb2/5T9RKI9mYdvZ/7Tbwfj47AAAAAAAAAAAAAAAAAAAAAAAAAGhXLiIORZIbvV3O5UZHV5/h/f8YyJXKleqRc+X52cmoPSt7KPpy9VtdDjbcD3U8ux9+vX7srvoTEfG/iPig/0BSv4/iZJdzBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC6gy2e/5/6qb/brQMAdsz+bjcAAOg4x38A2Hsc/wFg72nv+N+z4+0AADrH938A2Hsc/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANhhp0+dSoeVP5aXCml98uLC/HT54tHJYmV6dGa+MFooz10YnSqXp0rF0UJ55l7/r1QuX5iI2flLY9VipTpWWVg8M1Oen62eOT+TnyqeKfZ1JCsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2JzKwuJ0vlQqzilsobCyO5rR/UJPtjrtlvZ0tJDsjmZsc6HLOyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf4i/AwAA//+3ACFj")
open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x10540b, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x40042, 0x0)
preadv2(r0, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x0, 0x0, 0x7)

26.21874979s ago: executing program 6 (id=803):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da070000000000010902240001000000000904000009030000000921000000012222000905810308"], 0x0)
syz_usb_ep_write(r0, 0x81, 0x0, 0x0)
r1 = io_uring_setup(0x30d7, &(0x7f00000003c0)={0x0, 0x0, 0x800, 0x3})
close_range(r1, 0xffffffffffffffff, 0x0)
syz_usb_ep_write(r0, 0x81, 0x0, 0x0)

26.09547974s ago: executing program 6 (id=795):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x2, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10)
time(&(0x7f00000000c0))

26.04890783s ago: executing program 37 (id=795):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x2, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10)
time(&(0x7f00000000c0))

18.240453676s ago: executing program 9 (id=987):
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
renameat2(r1, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f0000000180)='./file1\x00', 0x4)
renameat2(r0, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2)

18.219933446s ago: executing program 9 (id=989):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000000c0)={0x4, 0x191000})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000500)={0x100000, 0x10f000, 0x1})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000240)={0x4000, 0x8000})

18.119901326s ago: executing program 9 (id=1000):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000001540)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newtaction={0xb0, 0x30, 0x301, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x9c, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x4}, 0x1, r3}}]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x48, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x4a, 0xa15, 0x30000000, 0x5, 0x5}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xb0}}, 0x0)

18.087134376s ago: executing program 9 (id=1004):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x8, &(0x7f0000000080)={[{@sb={'sb', 0x3d, 0x1}}, {@nodioread_nolock}]}, 0x4, 0x4f3, &(0x7f00000012c0)="$eJzs3c9vVEUcAPDvbru0lEJBOahRQUTRELY/gIZwES4aQ0iMxJMHqO3SNN1lm26JtHIoR+8kknjSP8GbBxNOHrx505sXPJigEg018bDmvV3apb+1P9Z2P5/k9b2ZWfY702Vm9g3sTgAt62hEzEbEnoi4FhE99fxM/YgLtSN53ONHt4fnHt0ezkS1euW3TFqe5EXDn0nsqz9nZ0S8/07ER5mlcSvTM+NDxWJhsp7unSpN9FamZ06NZes5A4P9g33nTp8d2LS2Hil99fDtsUsffPP1Sw++n33zk6Ra3Z/uT8sa27GZak3PRXdDXntEXNqKYE3SXv/7w86T9LZnIuJY2v97oi19NQGA3axa7YlqT2MaANjtkvv/7shk8/W1gO7IZvP52hre4ejKFsuVqZM95Zs3RiJdwzoYuez1sWKhr75WeDBymSTdn14vpAeeSt8tnI6IQxFxt2NvWp4fLhdHmvnGBwBa2L5F8/+fHbX5HwDY5TqbXQEAYNuZ/wGg9Zj/AaD1/Iv536cDAWCXcP8PAK3H/A8ArWfN+f/O9tQDANgW712+nBzVudr3Xz/5pu5TI4XKeL50czg/XJ6cyI+Wy6PFQn64Wl3r+Yrl8kT/mflkZXrmaql888bU1bHS0GjhaiG3lY0BANbl0JH7PyaT/uz5vekRDXs5mKthd8s2uwJA07Q1uwJA0/g8D7SuddzjWwaAXW6ZLXqfsuJ/Ebpn81fYqU48b/0fWtVG1v+tHcDO9t/W/9/a9HoA288cDq2rWs3Y8x8AWow1fmBD//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALao7PTLZfLoX+GzyM5vPR+yPiIORy1wfKxb6IuJARPzQketI0v3NrjQAsEHZXzL1/b9O9BzvXly6J/NXR3qOiI8/v/LZraGpqcn+JP/3+fype/X8gT3NaAAA0OjC0qzaPF0/N9zIP350e/jJsZ1VfHixtrloEneuftRK2qM9PXdGLiK6/sjU0zXJ+5W2TYg/eycinlto/62GCN3pGkht59PF8ZPY+7cg/sLvf3H87FPxs2lZcs6lv4tnN6Eu0GruX6yNk/W+l3Sxev/LxtH0vHz/70xHqI1Lxr9kLJlbMv5l58e/tiXxM2mfPzqfXr0mD898++6SzGpPrexOxAvty8XPzMfPLD/+5o6vs40/vfjysZXKql9EnFi2/U92pC6lw2zvVGmitzI9c2qsNDRaGC3cGBgY7B/sO3f67EBvukZd+/ndcjF+PX/ywErxk/Z3rRC/c/X2x2vrbP+Xf1/78JVV4r/x6vKv/+FV4idz4uvrjD/UdWHF7buT+CMrtH+N1z9OrjP+g59nRtb5UABgG1SmZ8aHisXC5BoXyXvNtR7jYmdexGzEZj1huigREf+HdrnYyEWzRyZgqy10+mbXBAAAAAAAAAAAAAAAWEllema8Y4s/rdXsNgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB7/RMAAP//TwTJNg==")
rmdir(&(0x7f0000000180)='./file0/../file0\x00')
mkdir(&(0x7f0000000000)='./control\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0)
mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0)

17.961928435s ago: executing program 9 (id=1014):
iopl(0x3)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r1)
prctl$PR_SET_IO_FLUSHER(0x39, 0x1)

17.731456505s ago: executing program 9 (id=1024):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f0000000a40), 0x26, 0x756, &(0x7f00000002c0)="$eJzs3M1rXOUaAPDnnGaafuTeyYUL9+pChBZaKD1Jmk27aty4KxQKbmtITkLISSZkJrUTC7auhdpsFARR1y7dCqX+Ae6koOBeEK1xIW5GzuSjNGam0ybpSPr7wcl53vP1vE/m8GYO5D0BvLReL38kEUMRcTUiqpvb04g42o6ORdzeOG790a2pckmi1br2S1KeFuut6va1ks31yWifEv+PiAeViHPv/z1vvbk6P1kU+fJme6SxsDRSb66en1uYnM1n88Wx8UujF8fHL46OP7WG//VY6+m3Lh2/9+2ba2vffdW4+9rA+SQm2nXHZm09XuaZbPxOKjGxY/viQSTro6TfHQAAoCfl9/wjETHQ/pZajSPtCAAAADhMWoMtAAAA4NBLot89AAAAAA7W1v8BbM3tPah5sJ38/EZEDO+Wf6A9hzjiWFQi4sR68sTMhGTjNNiT23ci4v7Ezvvvi/IOu73Ha4/uaD85R/roHq/Ofrhfjj8Tu40/6fb4E7uMPwNb707Yo87j3+P8RzqMf1d7zPH1p69UOua/E/HqwG75k+38SYf8b/eY/+7aB/c67Wt9HnFm178/yRO5urwfYmJmruj6+oEHf5592K3+E53yJ93rX+qx/nfXf5vvNJaU+c+e6v7575a/vCc+3OxHGhH3Ntdle21HjlML33/Trf7piNbzfP6f9Vj/j18O3uzxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhLI2IokjTbjtM0yyJORsR/40Ra1OqNczO1lcXpcl/EcFTSmbkiH42I6kY7Kdtj7fhx+8KO9nhE/OeH4xtJ54o8m6oV0/0uHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG0nI2IokjSLiDQifq+maZZFDPRw7uAL6B8AAACwT4b73QEAAADgwHn+BwAAgMPveZ//k33uBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCoXb1ypVxa649uTZXt6RvNlfnajfPTeX0+W1iZyqZqy0vZbK02W+TZVG3hadcrarWlsUuxcnOkkdcbI/Xm6vWF2spi4/rcwuRsfj2vvJCqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFZD7SVJs4hI23GaZlnEvyJiOCrJzFyRj0bEvyPiYbUyWLbH+t1pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9l29uTo/WRT5skAgeGHBexHxD+hGl6DfIxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP1Qb67OTxZFvlzvd08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADor/SnJCLK5Uz19NDOvUeTP6rtdUS888m1j25ONhrLY+X2X7e3Nz7e3H6hH/0HAACAl8LlZzl46zl96zkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgV/Xm6vxkUeTLewsuR3O1lXQ4pt81AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz+evAAAA//8KQsc4")
chdir(&(0x7f0000000240)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000b00)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0286687, &(0x7f0000000180)={0x1, 0x1, 0x0, 0x0})

17.726705285s ago: executing program 38 (id=1024):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f0000000a40), 0x26, 0x756, &(0x7f00000002c0)="$eJzs3M1rXOUaAPDnnGaafuTeyYUL9+pChBZaKD1Jmk27aty4KxQKbmtITkLISSZkJrUTC7auhdpsFARR1y7dCqX+Ae6koOBeEK1xIW5GzuSjNGam0ybpSPr7wcl53vP1vE/m8GYO5D0BvLReL38kEUMRcTUiqpvb04g42o6ORdzeOG790a2pckmi1br2S1KeFuut6va1ks31yWifEv+PiAeViHPv/z1vvbk6P1kU+fJme6SxsDRSb66en1uYnM1n88Wx8UujF8fHL46OP7WG//VY6+m3Lh2/9+2ba2vffdW4+9rA+SQm2nXHZm09XuaZbPxOKjGxY/viQSTro6TfHQAAoCfl9/wjETHQ/pZajSPtCAAAADhMWoMtAAAA4NBLot89AAAAAA7W1v8BbM3tPah5sJ38/EZEDO+Wf6A9hzjiWFQi4sR68sTMhGTjNNiT23ci4v7Ezvvvi/IOu73Ha4/uaD85R/roHq/Ofrhfjj8Tu40/6fb4E7uMPwNb707Yo87j3+P8RzqMf1d7zPH1p69UOua/E/HqwG75k+38SYf8b/eY/+7aB/c67Wt9HnFm178/yRO5urwfYmJmruj6+oEHf5592K3+E53yJ93rX+qx/nfXf5vvNJaU+c+e6v7575a/vCc+3OxHGhH3Ntdle21HjlML33/Trf7piNbzfP6f9Vj/j18O3uzxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhLI2IokjTbjtM0yyJORsR/40Ra1OqNczO1lcXpcl/EcFTSmbkiH42I6kY7Kdtj7fhx+8KO9nhE/OeH4xtJ54o8m6oV0/0uHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG0nI2IokjSLiDQifq+maZZFDPRw7uAL6B8AAACwT4b73QEAAADgwHn+BwAAgMPveZ//k33uBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCoXb1ypVxa649uTZXt6RvNlfnajfPTeX0+W1iZyqZqy0vZbK02W+TZVG3hadcrarWlsUuxcnOkkdcbI/Xm6vWF2spi4/rcwuRsfj2vvJCqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFZD7SVJs4hI23GaZlnEvyJiOCrJzFyRj0bEvyPiYbUyWLbH+t1pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9l29uTo/WRT5skAgeGHBexHxD+hGl6DfIxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP1Qb67OTxZFvlzvd08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADor/SnJCLK5Uz19NDOvUeTP6rtdUS888m1j25ONhrLY+X2X7e3Nz7e3H6hH/0HAACAl8LlZzl46zl96zkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgV/Xm6vxkUeTLewsuR3O1lXQ4pt81AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz+evAAAA//8KQsc4")
chdir(&(0x7f0000000240)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000b00)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0286687, &(0x7f0000000180)={0x1, 0x1, 0x0, 0x0})

5.174007016s ago: executing program 1 (id=1455):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000009500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sys_enter\x00', r1}, 0x10)
request_key(0x0, 0x0, 0x0, 0xfffffffffffffffe)

5.100601626s ago: executing program 1 (id=1457):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0)
ftruncate(r0, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r1, r0, 0x0, 0x578410e9)

4.239547714s ago: executing program 1 (id=1465):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="002208000000a20100c3ba"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000000), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r1, 0xc018480b, &(0x7f0000000040)={0xa, 0x100, 0x2, 0x6, 0x6, 0x6})

3.31055188s ago: executing program 8 (id=1484):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000014c0)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000140)='8', 0x1}], 0x1}}], 0x1, 0x4)
pipe(&(0x7f0000000440)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f00000002c0)=0x8001, 0x4)
splice(r0, 0x0, r2, 0x0, 0x39000, 0x0)

3.29784935s ago: executing program 8 (id=1485):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='./file0\x00', &(0x7f0000000200), 0x0, 0x0)
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x20, &(0x7f0000000b00)=ANY=[], 0x1, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
mount$bind(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)

3.26913906s ago: executing program 8 (id=1486):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000a9000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
r2 = fcntl$dupfd(r0, 0x0, r0)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})

3.1907474s ago: executing program 8 (id=1497):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000000100000007"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r1}, 0x10)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0600000004000000008000005c00000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000001000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000feffffff0000000000"], 0x48)

3.07196413s ago: executing program 8 (id=1499):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r1, 0x400455c8, 0x0)
ioctl$sock_bt_hci(r0, 0x400448dd, &(0x7f00000003c0))

2.456235308s ago: executing program 1 (id=1501):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f00009e2000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000002600)='\x00\x00\x03\x06\x00\x00\x00\x05\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80`4/\xe9\x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|c\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b7\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Xd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\x16\\n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x04;\xc5[\nja\xb9\'\xc9#\xfcx\x00\x00X\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~~\x84\\\xe4\x00B\x05\xd4\xea\xea\x7f=\xc6:\\N\xc3\xb7Vw\xc6\x9c\x96s\xaaHL\x96\xc72\n\x18Ynj\xceTS\xfbl\x0f\x9f8M\f\x89\xa1\xd2Hs`\x8bp\x8a\xc4%\xf8\x1d3\nV\x9a\xaf\x1f\xf96^\x93\xc1\xaf)\rg\x86\xd6\xea\xa9\x0f\x9a\xf1V\x1b\xbf\x8b\'-\xab\x8e\t7\xd3\xf7\xa9v\xfbY\xe6\x9b^d\x8c\xb1\xdd')
ioctl$ASHMEM_SET_NAME(r0, 0x40087707, &(0x7f0000000200)='\x00\x00\x00\x06\x00\x00\x00\x01\x00x\x92\x12\xbc\x00\x00\xbb\x0642\x9c\x1a\xd1\xcbx\xb0\xd6\x1e\x10gQ\xca\x0e;\xf7\'\x8c\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn\x05\x00\x00\x00-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \xac\xc4K\x03\xfa\x13Vz\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafd%\xf1\xdbjE\x01\xd1sD5hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\x851Y9OB\xdeB\xe1\x02-&\"1hS\x92\xe4$-\x02\x00\xe4\x8e\"\x85\xc9x\xef\x81E.r\x89\xe5\x00\x9e\x97\x96\xb8j\x81\xf0\xdca\xfb\xa6\xff\xff\xff\xff\x00\x00\x00\x00d\xf0\xf1j\x11\x12\xc0\xbb\xfdq~#\xf7\xa8\"$,\xf4\x84|\x89o\x00<\xa6-\xb0\xd3\x80\xbe\xcf\a\x00\xfc\xa6\xb1\x05\x94\x84l\xbfA\xeb\xd8\t\x00\x00\x00CvNhx461\x04N<\xedV\xcet\xaa~\xf3j\x94\xec\x92\x86uY\xf6\xb5\t?,~\xa67\\\xb9\xc9K\xf8\x9d\x96\xc0\xb5\xc7wF\x99\x12\x97T\x90.\x9c\xe3\x9a\xf1\xb9\x9c\x13\xbc\x19\xde/\xaahB\t\x97\a03\xcd\xb3\xc8\xd5l\x14!\xf9Xg2\x1d\xeeB\xccT\x0e\xd8\xef\xc8\xe9\xb4\xf3l\xc3\xf2\x998\xc8\xc2|2\xee\xb4W\x99f.\xeb\xe9\x05\xcbkz3+\xdd\xe1*8\x95@0t0\xad\xe3#\xd7\x19\xe7Q\xdfmI\xe5\x1e\xe4\x87\xc9\x8f\xa7\xe0\xd9v\xf6\x01\x9d\x8f`,\x1a8\x81I\x86l\x8f2\r:\xc1\x02\xd6Z%\xa7Ks\x8bUolS\x05\xbe\x97\x1fGe\x94\xa6\xa3\xab\xdb\r\x17\xff[\xb1\x00\xff\x7f\x00\x00\x00\x00')

824.126342ms ago: executing program 1 (id=1503):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x40, 0x0)
fgetxattr(r2, &(0x7f00000003c0)=@known='security.selinux\x00', 0x0, 0x0)

823.775183ms ago: executing program 8 (id=1507):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7ffffffb}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x5, &(0x7f0000000140)={0x1, &(0x7f00000000c0)=[{0x6}]})

781.875573ms ago: executing program 1 (id=1508):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002880)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000100)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000002200)={0x50, 0x0, r1, {0x7, 0x8, 0x2000000, 0x238d117e6f1c1b5b, 0x401, 0x7, 0x0, 0x0, 0x0, 0x0, 0x140}}, 0x50)
lstat(&(0x7f0000003900)='./file0/file0\x00', 0x0)

426.500032ms ago: executing program 0 (id=1511):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x8, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)

392.702072ms ago: executing program 0 (id=1513):
socket$inet6(0xa, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x2200054, &(0x7f0000000180), 0x4, 0x244, &(0x7f0000000480)="$eJzs3TFoE3scB/DfJU372oZH33vLgwfvPRARLRTdBAfrolCQIg6CChURJ2mF2uLWOrk46KzSyUXEzeooLsVFEZyqdKiLoMXB0kGHSHJpbW3F0sSc9D4fuCR397/73ZH7/i8E7i6A3OqJiP6IKEZEb0SUIiJZ3eD/dOipj051zgxFVCrHPyS1dul4anm57oiYjIj90b6ymvHpU/NLs0d2XRsr7bwzfbKzRbu3xsL83NHF24NXHwzsG3/+8t1gEv1Rrs9bvR/NlGwwrS2J+PNnFPtFJG1ZbwGbcezy/VfV3P8VETtq+S9FIdIv7/po+5NS7Ln1vWVvvH/xTyu3FWi+SqVUPQdOVoDcKUREOZJCX0SknwuFvr70N/zrYlfhwsjopd7zI2PD57LuqYBmKUfMHX7U8bD7m/y/Lab5B7avcvpXX81iMdttAVqrev7vPTOxO+Qfckf+Ybtp33RL+Yf8kn/IL/mH/JJ/yC/5h/ySf8gv+Yf8kn/Ir9X5BwDypdKxteuGl29s0+zrkYHWybr/AQAAAAAAAAAAAAAAAAAA1pvqnBlaHlpV8+nNiIVDEdG2Uf1i7XnEEb/VXrs+JtVmK5J0sYac/q/BFTToXsZXX//+Jtv6z/7Ntv7EcMTklYhYqk9Yc/wl9eNv6/74wfzS2QYLNOjAiWzrf76bbf2B2YjH1f5n70b9TyH+rr2v738OpvdP+/oA5S26+KnBFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAyXwIAAP//VeRflA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r0)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f00000001c0), 0x0)

315.981591ms ago: executing program 0 (id=1518):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x7, 0x10000, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0}, &(0x7f0000000080), &(0x7f0000000180)}, 0x20)
getxattr(&(0x7f0000000000)='./file0/file0\x00', &(0x7f00000000c0)=@known='system.advise\x00', 0x0, 0x0)

286.522961ms ago: executing program 3 (id=1521):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d)
r2 = socket$packet(0x11, 0x2, 0x300)
bind$packet(r2, &(0x7f0000000140)={0x11, 0x19, 0x0, 0x1, 0x49, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x21}}, 0x14)

273.947221ms ago: executing program 0 (id=1523):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000001a80)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000004000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000500)='mm_page_alloc\x00', r1}, 0x10)
unshare(0x62040200)

226.159501ms ago: executing program 5 (id=1524):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x12, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0xfffffa84, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @cgroup_sock_addr, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x12, 0x8, 0x4, 0x7cb4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x300, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x48)

225.757421ms ago: executing program 3 (id=1534):
setreuid(0xee01, 0x0)
getresuid(&(0x7f0000000280)=<r0=>0x0, &(0x7f00000002c0), &(0x7f0000000300))
setreuid(0x0, r0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_int(r1, 0x0, 0x13, &(0x7f0000000040)=0x3, 0x4)

211.771871ms ago: executing program 0 (id=1525):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe3, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

207.023241ms ago: executing program 3 (id=1526):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000006c0)='sys_enter\x00', r1}, 0x18)
personality(0x500006)

186.083891ms ago: executing program 3 (id=1527):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCGSID(r2, 0x4008af10, &(0x7f000000c540))

175.095861ms ago: executing program 5 (id=1528):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0xfffffffffffffdf4, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sched_process_fork\x00', r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

134.733431ms ago: executing program 3 (id=1529):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000080)="200000001e005f0914ffff56e1f68f9aba6568d2d10c00000029fffff807", 0x1e)
r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/current\x00', 0x2, 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP(r1, 0xd0009412, &(0x7f00000000c0))

134.335951ms ago: executing program 5 (id=1530):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x5, 0x1, 0x8e, 0xe7c9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_DELETE_BATCH(0x18, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xe30a, r2}, 0x38)

134.06371ms ago: executing program 3 (id=1531):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000200)={0x80000000})
write$UHID_CREATE(r0, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000600)=""/14, 0xe, 0x0, 0x3, 0x0, 0x0, 0xc07}}, 0x11c)
write$UHID_DESTROY(r0, &(0x7f0000000080), 0x4)

128.42417ms ago: executing program 0 (id=1532):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@sack_perm, @window, @sack_perm, @sack_perm, @timestamp, @timestamp, @timestamp, @timestamp], 0x20000149)
setsockopt$inet_tcp_int(r0, 0x6, 0x25, &(0x7f0000000240)=0x44800, 0x4)

61.11733ms ago: executing program 5 (id=1533):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.memory_spread_slab\x00', 0x2, 0x0)
write$cgroup_int(r1, &(0x7f00000003c0)=0x1000, 0x12)
mkdirat$cgroup(r0, &(0x7f0000000980)='syz0\x00', 0x1ff)

51.72602ms ago: executing program 5 (id=1535):
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10)
bind$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
sendmsg$tipc(r0, &(0x7f00000006c0)={&(0x7f0000000540)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10, 0x0}, 0x0)

0s ago: executing program 5 (id=1536):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc50c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x10}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0x7, {[@local=@item_012={0x1, 0x2, 0xa, "e6"}, @local=@item_4={0x3, 0x2, 0x1, "e900"}]}}, 0x0}, 0x0)

kernel console output (not intermixed with test programs):

op3): error, invalid access to FAT (entry 0x00000100)
[   40.183051][   T39] playstation 0003:054C:0DF2.000A: unknown main item tag 0x0
[   40.190317][ T1263] syz.3.412: attempt to access beyond end of device
[   40.190317][ T1263] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[   40.198422][   T39] playstation 0003:054C:0DF2.000A: item fetching failed at offset 3/5
[   40.214652][ T1263] syz.3.412: attempt to access beyond end of device
[   40.214652][ T1263] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[   40.217835][   T39] playstation 0003:054C:0DF2.000A: Parse failed
[   40.235588][   T39] playstation: probe of 0003:054C:0DF2.000A failed with error -22
[   40.246779][ T1263] syz.3.412: attempt to access beyond end of device
[   40.246779][ T1263] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128
[   40.276758][ T1273] netlink: 8 bytes leftover after parsing attributes in process `syz.4.417'.
[   40.307338][ T1279] loop0: detected capacity change from 0 to 512
[   40.317040][ T1279] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[   40.328715][ T1279] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it
[   40.337779][ T1285] netlink: 'syz.4.422': attribute type 4 has an invalid length.
[   40.339967][ T1279] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.420: Corrupt directory, running e2fsck is recommended
[   40.359611][ T1279] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117
[   40.369586][ T1279] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2186: inode #15: comm syz.0.420: corrupted in-inode xattr
[   40.390549][ T1279] EXT4-fs (loop0): Remounting filesystem read-only
[   40.405439][ T1279] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.420: couldn't read orphan inode 15 (err -117)
[   40.433090][   T39] usb 3-1: USB disconnect, device number 3
[   40.440178][ T1279] EXT4-fs (loop0): Remounting filesystem read-only
[   40.447808][ T1279] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   40.460237][ T1298] device bridge0 entered promiscuous mode
[   40.471463][ T1279] EXT4-fs error (device loop0): ext4_xattr_set_entry:1619: inode #2: comm syz.0.420: corrupted xattr entries
[   40.483040][ T1297] device bridge0 left promiscuous mode
[   40.491040][ T1279] EXT4-fs (loop0): Remounting filesystem read-only
[   40.573498][ T1318] loop3: detected capacity change from 0 to 512
[   40.582024][ T1318] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.438: inode #1: comm syz.3.438: iget: illegal inode #
[   40.594938][ T1318] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.438: error while reading EA inode 1 err=-117
[   40.607624][ T1318] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   40.620902][ T1318] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.438: inode #1: comm syz.3.438: iget: illegal inode #
[   40.635220][ T1318] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.438: error while reading EA inode 1 err=-117
[   40.647505][ T1318] EXT4-fs (loop3): 1 orphan inode deleted
[   40.654300][ T1318] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   40.676831][  T293] EXT4-fs (loop3): unmounting filesystem.
[   40.698077][   T39] hid-generic 0000:0003:0000.000B: unknown main item tag 0x0
[   40.706143][   T39] hid-generic 0000:0003:0000.000B: unknown main item tag 0x0
[   40.714040][   T39] hid-generic 0000:0003:0000.000B: unknown main item tag 0x0
[   40.730857][   T39] hid-generic 0000:0003:0000.000B: unknown main item tag 0x0
[   40.738186][   T39] hid-generic 0000:0003:0000.000B: unknown main item tag 0x0
[   40.745454][   T39] hid-generic 0000:0003:0000.000B: unknown main item tag 0x0
[   40.752656][   T39] hid-generic 0000:0003:0000.000B: unknown main item tag 0x0
[   40.768492][   T39] hid-generic 0000:0003:0000.000B: unknown main item tag 0x0
[   40.780114][   T39] hid-generic 0000:0003:0000.000B: unknown main item tag 0x0
[   40.792767][   T39] hid-generic 0000:0003:0000.000B: unknown main item tag 0x0
[   40.805419][   T39] hid-generic 0000:0003:0000.000B: unknown main item tag 0x0
[   40.819208][   T39] hid-generic 0000:0003:0000.000B: unknown main item tag 0x0
[   40.831885][   T39] hid-generic 0000:0003:0000.000B: unknown main item tag 0x0
[   40.845578][   T39] hid-generic 0000:0003:0000.000B: unknown main item tag 0x0
[   40.860522][   T39] hid-generic 0000:0003:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   40.989341][ T1329] loop4: detected capacity change from 0 to 40427
[   40.997949][ T1329] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   41.003203][ T1347] loop2: detected capacity change from 0 to 16
[   41.006159][ T1329] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   41.012414][ T1347] erofs: (device loop2): mounted with root inode @ nid 36.
[   41.022943][ T1329] F2FS-fs (loop4): invalid crc value
[   41.036368][   T46] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -23 in[46, 4050] out[9000]
[   41.038925][ T1329] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669)
[   41.047438][ T1347] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -23 in[46, 4050] out[4096]
[   41.095454][ T1329] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   41.102425][ T1329] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   41.146896][  T296] EXT4-fs (loop0): unmounting filesystem.
[   41.167797][ T1367] loop2: detected capacity change from 0 to 512
[   41.192042][ T1373] loop0: detected capacity change from 0 to 16
[   41.198494][ T1373] erofs: (device loop0): mounted with root inode @ nid 36.
[   41.219550][ T1367] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   41.237088][ T1367] ext4 filesystem being mounted at /76/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   41.261497][ T1381] syz.0.465[1381] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   41.261573][ T1381] syz.0.465[1381] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[   41.285319][ T1383] netlink: 96 bytes leftover after parsing attributes in process `syz.4.459'.
[   41.290419][  T295] EXT4-fs (loop2): unmounting filesystem.
[   41.411494][ T1407] loop4: detected capacity change from 0 to 128
[   41.419206][ T1407] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   41.428042][ T1407] ext4 filesystem being mounted at /71/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   41.448094][  T297] EXT4-fs (loop4): unmounting filesystem.
[   41.460497][   T39] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   41.474533][ T1412] netlink: 80 bytes leftover after parsing attributes in process `syz.4.478'.
[   41.483514][ T1412] netlink: 80 bytes leftover after parsing attributes in process `syz.4.478'.
[   41.492448][ T1412] netlink: 80 bytes leftover after parsing attributes in process `syz.4.478'.
[   41.650448][   T39] usb 4-1: Using ep0 maxpacket: 32
[   41.660353][   T39] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[   41.678584][   T39] usb 4-1: config 0 has no interface number 0
[   41.684876][   T39] usb 4-1: config 0 interface 184 has no altsetting 0
[   41.702531][   T39] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[   41.711452][   T39] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   41.719492][   T39] usb 4-1: Product: syz
[   41.723541][   T39] usb 4-1: Manufacturer: syz
[   41.727899][   T39] usb 4-1: SerialNumber: syz
[   41.733521][   T39] usb 4-1: config 0 descriptor??
[   41.749048][   T39] smsc75xx v1.0.0
[   41.791460][ T1428] loop0: detected capacity change from 0 to 1024
[   41.805298][ T1428] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   41.822794][ T1428] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   41.842119][ T1428] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   41.889192][  T296] EXT4-fs (loop0): unmounting filesystem.
[   42.041436][ T1450] xt_hashlimit: size too large, truncated to 1048576
[   42.221918][ T1462] device vlan2 entered promiscuous mode
[   42.339206][ T1467] loop2: detected capacity change from 0 to 16
[   42.345817][   T39] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[   42.360473][   T39] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[   42.381072][ T1467] erofs: (device loop2): mounted with root inode @ nid 36.
[   42.388378][   T39] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[   42.410194][   T39] smsc75xx: probe of 4-1:0.184 failed with error -71
[   42.431155][   T39] usb 4-1: USB disconnect, device number 5
[   42.566299][ T1485] loop2: detected capacity change from 0 to 1024
[   42.578697][ T1485] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   42.589932][ T1485] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   42.621262][ T1485] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   42.684396][  T295] EXT4-fs (loop2): unmounting filesystem.
[   42.734003][ T1503] xt_hashlimit: size too large, truncated to 1048576
[   42.915083][ T1518] device vlan2 entered promiscuous mode
[   42.950521][   T39] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[   43.023489][ T1522] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[   43.039714][ T1522] overlayfs: conflicting lowerdir path
[   43.055901][    T8] Bluetooth: hci0: Frame reassembly failed (-84)
[   43.140481][   T39] usb 5-1: Using ep0 maxpacket: 16
[   43.146527][   T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   43.167483][   T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   43.179560][   T39] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   43.202329][   T39] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   43.230478][   T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   43.249192][   T39] usb 5-1: config 0 descriptor??
[   43.264266][ T1543] loop5: detected capacity change from 0 to 1024
[   43.280538][ T1543] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   43.292334][ T1543] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   43.315432][ T1543] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   43.355161][  T514] EXT4-fs (loop5): unmounting filesystem.
[   43.664518][   T39] microsoft 0003:045E:07DA.000C: ignoring exceeding usage max
[   43.683348][   T39] microsoft 0003:045E:07DA.000C: unknown main item tag 0x0
[   43.690398][   T39] microsoft 0003:045E:07DA.000C: unknown main item tag 0x0
[   43.708202][   T39] microsoft 0003:045E:07DA.000C: unknown main item tag 0x0
[   43.723598][   T39] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.000C/input/input8
[   43.811194][   T28] kauditd_printk_skb: 47 callbacks suppressed
[   43.811208][   T28] audit: type=1400 audit(2000000273.324:441): avc:  denied  { read } for  pid=87 comm="acpid" name="event3" dev="devtmpfs" ino=573 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   43.839631][   T39] microsoft 0003:045E:07DA.000C: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[   43.841127][   T28] audit: type=1400 audit(2000000273.324:442): avc:  denied  { open } for  pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=573 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   43.874543][   T28] audit: type=1400 audit(2000000273.324:443): avc:  denied  { ioctl } for  pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=573 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   43.904987][    T6] usb 5-1: USB disconnect, device number 7
[   44.114657][ T1565] device vlan2 entered promiscuous mode
[   44.320466][  T649] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   44.435978][ T1578] loop4: detected capacity change from 0 to 2048
[   44.483457][ T1578] Alternate GPT is invalid, using primary GPT.
[   44.489514][ T1578]  loop4: p2 p3 p7
[   44.520461][  T649] usb 1-1: Using ep0 maxpacket: 32
[   44.526652][  T649] usb 1-1: config 254 has an invalid interface number: 205 but max is 0
[   44.534857][  T649] usb 1-1: config 254 has no interface number 0
[   44.547049][  T649] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=52.c6
[   44.555955][  T649] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   44.563777][  T649] usb 1-1: Product: syz
[   44.567709][  T649] usb 1-1: Manufacturer: syz
[   44.572174][  T649] usb 1-1: SerialNumber: syz
[   44.780995][ T1559] TCP: tcp_parse_options: Illegal window scaling value 249 > 14 received
[   44.789977][   T39] usb 1-1: USB disconnect, device number 4
[   44.810496][  T302] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[   44.992460][  T302] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   45.003221][  T302] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   45.012779][  T302] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   45.025404][  T302] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   45.034237][  T302] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   45.042552][  T302] usb 5-1: config 0 descriptor??
[   45.081211][ T1587] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=1587 comm=syz.5.551
[   45.130475][   T45] Bluetooth: hci0: command 0x1003 tx timeout
[   45.130497][  T824] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   45.172394][ T1594] SELinux:  Context system_u:object_r:devicekit_power_exec_t:s0 is not valid (left unmapped).
[   45.183638][   T28] audit: type=1400 audit(2000000274.704:444): avc:  denied  { relabelto } for  pid=1593 comm="syz.5.563" name="115" dev="tmpfs" ino=624 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:devicekit_power_exec_t:s0"
[   45.247705][   T28] audit: type=1400 audit(2000000274.724:445): avc:  denied  { associate } for  pid=1593 comm="syz.5.563" name="115" dev="tmpfs" ino=624 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:devicekit_power_exec_t:s0"
[   45.265420][ T1600] netlink: 'syz.5.557': attribute type 2 has an invalid length.
[   45.315552][   T28] audit: type=1400 audit(2000000274.744:446): avc:  denied  { write } for  pid=514 comm="syz-executor" name="115" dev="tmpfs" ino=624 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:devicekit_power_exec_t:s0"
[   45.342979][   T28] audit: type=1400 audit(2000000274.744:447): avc:  denied  { remove_name } for  pid=514 comm="syz-executor" name="binderfs" dev="tmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:devicekit_power_exec_t:s0"
[   45.371485][   T28] audit: type=1400 audit(2000000274.744:448): avc:  denied  { rmdir } for  pid=514 comm="syz-executor" name="115" dev="tmpfs" ino=624 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:devicekit_power_exec_t:s0"
[   45.484122][  T302] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[   45.496095][  T302] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[   45.499119][ T1622] loop2: detected capacity change from 0 to 256
[   45.503913][  T302] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[   45.529615][  T302] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[   45.538812][  T302] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[   45.548548][   T28] audit: type=1400 audit(2000000275.064:449): avc:  denied  { remount } for  pid=1621 comm="syz.2.568" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   45.548712][  T302] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[   45.575759][  T302] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[   45.583947][  T302] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[   45.592548][  T302] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[   45.600023][  T302] plantronics 0003:047F:FFFF.000D: No inputs registered, leaving
[   45.609685][  T302] plantronics 0003:047F:FFFF.000D: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[   45.669036][ T1612] loop5: detected capacity change from 0 to 40427
[   45.670226][ T1633] loop3: detected capacity change from 0 to 1024
[   45.685485][ T1612] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[   45.701037][ T1633] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   45.709670][ T1612] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[   45.729083][ T1612] F2FS-fs (loop5): invalid crc value
[   45.729122][ T1633] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   45.751841][ T1640] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   45.760944][   T28] audit: type=1400 audit(2000000275.264:450): avc:  denied  { create } for  pid=1638 comm="syz.0.575" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   45.789312][  T293] EXT4-fs (loop3): unmounting filesystem.
[   45.796439][ T1640] FAT-fs (loop1): unable to read boot sector
[   45.803223][ T1612] F2FS-fs (loop5): Found nat_bits in checkpoint
[   45.826176][  T302] usb 5-1: USB disconnect, device number 8
[   45.872341][ T1612] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[   45.879269][ T1612] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[   46.078839][ T1677] netlink: 60 bytes leftover after parsing attributes in process `syz.3.591'.
[   46.121766][ T1612] syz.5.562: attempt to access beyond end of device
[   46.121766][ T1612] loop5: rw=2049, sector=77824, nr_sectors = 2128 limit=40427
[   46.132748][ T1685] loop0: detected capacity change from 0 to 1024
[   46.143222][ T1685] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   46.143360][ T1612] syz.5.562: attempt to access beyond end of device
[   46.143360][ T1612] loop5: rw=2049, sector=79952, nr_sectors = 1968 limit=40427
[   46.154281][ T1685] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   46.171573][ T1612] syz.5.562: attempt to access beyond end of device
[   46.171573][ T1612] loop5: rw=2049, sector=49152, nr_sectors = 2064 limit=40427
[   46.193700][ T1612] syz.5.562: attempt to access beyond end of device
[   46.193700][ T1612] loop5: rw=2049, sector=51216, nr_sectors = 2032 limit=40427
[   46.208277][  T296] EXT4-fs (loop0): unmounting filesystem.
[   46.218979][ T1612] syz.5.562: attempt to access beyond end of device
[   46.218979][ T1612] loop5: rw=2049, sector=57344, nr_sectors = 4064 limit=40427
[   46.246813][ T1612] syz.5.562: attempt to access beyond end of device
[   46.246813][ T1612] loop5: rw=2049, sector=61408, nr_sectors = 6896 limit=40427
[   46.268304][ T1612] syz.5.562: attempt to access beyond end of device
[   46.268304][ T1612] loop5: rw=2049, sector=68304, nr_sectors = 2152 limit=40427
[   46.293491][ T1612] syz.5.562: attempt to access beyond end of device
[   46.293491][ T1612] loop5: rw=2049, sector=70456, nr_sectors = 4112 limit=40427
[   46.314067][ T1690] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=1690 comm=syz.0.605
[   46.335609][ T1612] syz.5.562: attempt to access beyond end of device
[   46.335609][ T1612] loop5: rw=2049, sector=74568, nr_sectors = 3256 limit=40427
[   46.378411][ T1612] syz.5.562: attempt to access beyond end of device
[   46.378411][ T1612] loop5: rw=2049, sector=81920, nr_sectors = 3960 limit=40427
[   46.392235][  T443] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[   46.404506][   T43] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   46.413715][   T43] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   46.581757][  T443] usb 4-1: config 0 has an invalid interface number: 20 but max is 0
[   46.589880][  T443] usb 4-1: config 0 has no interface number 0
[   46.606515][ T1702] loop5: detected capacity change from 0 to 1024
[   46.615830][  T443] usb 4-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[   46.624161][ T1702] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   46.641539][  T443] usb 4-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00
[   46.655843][  T443] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   46.668874][  T443] usb 4-1: Product: syz
[   46.671321][ T1702] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   46.692480][  T443] usb 4-1: Manufacturer: syz
[   46.696928][  T443] usb 4-1: SerialNumber: syz
[   46.703441][  T514] EXT4-fs (loop5): unmounting filesystem.
[   46.709720][  T443] usb 4-1: config 0 descriptor??
[   46.717711][ T1683] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   46.726791][  T443] usb-storage 4-1:0.20: USB Mass Storage device detected
[   46.730500][  T323] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[   46.743214][  T443] usb-storage 4-1:0.20: Quirks match for vid 04e6 pid 000b: 4
[   46.887055][ T1727] loop2: detected capacity change from 0 to 40427
[   46.894221][ T1727] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[   46.901849][ T1727] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   46.910718][ T1727] F2FS-fs (loop2): invalid crc value
[   46.917114][ T1727] F2FS-fs (loop2): Found nat_bits in checkpoint
[   46.930561][  T323] usb 5-1: Using ep0 maxpacket: 16
[   46.937898][ T1683] loop3: detected capacity change from 0 to 512
[   46.938226][  T323] usb 5-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90
[   46.944723][ T1683] EXT4-fs: quotafile must be on filesystem root
[   46.970484][  T323] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   46.978301][  T323] usb 5-1: Product: syz
[   46.982431][  T323] usb 5-1: Manufacturer: syz
[   46.984556][ T1727] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   46.986838][  T323] usb 5-1: SerialNumber: syz
[   46.987734][  T323] usb 5-1: config 0 descriptor??
[   47.000520][   T39] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[   47.003063][ T1727] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   47.018061][  T323] ums-onetouch 5-1:0.0: USB Mass Storage device detected
[   47.025148][  T443] scsi host1: usb-storage 4-1:0.20
[   47.191795][   T39] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   47.202601][   T39] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   47.212405][   T39] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   47.229223][   T39] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   47.238341][   T39] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   47.239555][  T649] usb 5-1: USB disconnect, device number 9
[   47.260981][   T24] usb 4-1: USB disconnect, device number 6
[   47.268000][   T39] usb 6-1: config 0 descriptor??
[   47.268641][    T8] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[   47.281921][    T8] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   47.306520][ T1739] netlink: 12 bytes leftover after parsing attributes in process `syz.0.613'.
[   47.351790][ T1743] bridge0: port 3(veth1_macvtap) entered blocking state
[   47.358693][ T1743] bridge0: port 3(veth1_macvtap) entered disabled state
[   47.547227][ T1756] loop2: detected capacity change from 0 to 1024
[   47.554155][ T1756] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   47.564594][ T1756] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   47.584486][  T295] EXT4-fs (loop2): unmounting filesystem.
[   47.689523][   T39] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[   47.696806][   T39] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[   47.703957][   T39] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[   47.711175][   T39] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[   47.718342][   T39] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[   47.725827][   T39] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[   47.733044][   T39] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[   47.740243][   T39] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[   47.747664][   T39] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[   47.755169][   T39] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving
[   47.774420][   T39] plantronics 0003:047F:FFFF.000E: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[   47.846212][ T1777] netlink: 'syz.4.629': attribute type 3 has an invalid length.
[   47.972438][   T24] usb 6-1: USB disconnect, device number 6
[   47.980517][ T1797] loop4: detected capacity change from 0 to 1024
[   47.987685][ T1797] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   47.996011][ T1797] EXT4-fs (loop4): orphan cleanup on readonly fs
[   48.003750][ T1797] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #3: comm syz.4.638: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 2(4), depth 0(0)
[   48.021713][ T1797] EXT4-fs error (device loop4): ext4_quota_enable:6982: comm syz.4.638: Bad quota inode: 3, type: 0
[   48.032526][ T1797] EXT4-fs warning (device loop4): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[   48.047118][ T1797] EXT4-fs (loop4): Cannot turn on quotas: error -117
[   48.053648][ T1797] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   48.073094][  T297] EXT4-fs (loop4): unmounting filesystem.
[   48.171801][ T1823] loop3: detected capacity change from 0 to 2048
[   48.178254][ T1823] EXT4-fs: Ignoring removed bh option
[   48.194068][ T1823] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   48.202938][ T1823] ext4 filesystem being mounted at /151/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   48.213574][ T1831] netlink: 12 bytes leftover after parsing attributes in process `syz.4.662'.
[   48.227148][  T293] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /151/file0: bad entry in directory: rec_len is smaller than minimal - offset=108, inode=646161, rec_len=0, size=4096 fake=0
[   48.248468][  T293] EXT4-fs (loop3): Remounting filesystem read-only
[   48.255934][  T293] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor: bg 0: block 345: padding at end of block bitmap is not set
[   48.270769][  T293] EXT4-fs (loop3): Remounting filesystem read-only
[   48.277145][  T293] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6170: Corrupt filesystem
[   48.286045][  T293] EXT4-fs (loop3): Remounting filesystem read-only
[   48.293698][  T293] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #16: comm syz-executor: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0)
[   48.311059][  T293] EXT4-fs (loop3): Remounting filesystem read-only
[   48.317451][  T293] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #16: comm syz-executor: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0)
[   48.334897][  T293] EXT4-fs (loop3): Remounting filesystem read-only
[   48.349300][ T1337] EXT4-fs (loop3): unmounting filesystem.
[   48.490477][  T649] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   48.572931][ T1835] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.579778][ T1835] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.587305][ T1835] device bridge_slave_0 entered promiscuous mode
[   48.594099][ T1835] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.601216][ T1835] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.608379][ T1835] device bridge_slave_1 entered promiscuous mode
[   48.658489][ T1842] netlink: 'syz.0.654': attribute type 3 has an invalid length.
[   48.672620][  T649] usb 3-1: Using ep0 maxpacket: 16
[   48.681799][  T649] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   48.698663][  T649] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   48.708855][  T649] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   48.724905][  T649] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   48.735858][  T649] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   48.746712][ T1835] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.753599][ T1835] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.760693][ T1835] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.760723][  T323] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[   48.767448][ T1835] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.785191][  T649] usb 3-1: config 0 descriptor??
[   48.813428][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   48.821148][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.828567][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.840771][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   48.848795][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.855674][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   48.864867][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   48.872910][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.879752][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.893285][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   48.902403][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   48.918675][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   48.933742][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   48.942020][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   48.949375][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   48.959802][ T1835] device veth0_vlan entered promiscuous mode
[   48.972194][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   48.972934][  T323] usb 6-1: config 0 has an invalid interface number: 20 but max is 0
[   48.981987][ T1835] device veth1_macvtap entered promiscuous mode
[   48.988324][  T323] usb 6-1: config 0 has no interface number 0
[   48.999845][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   49.002190][  T323] usb 6-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[   49.019477][    T8] device bridge_slave_1 left promiscuous mode
[   49.025585][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.033042][    T8] device bridge_slave_0 left promiscuous mode
[   49.033497][  T323] usb 6-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00
[   49.039033][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.047852][  T323] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   49.062518][  T323] usb 6-1: Product: syz
[   49.066446][  T323] usb 6-1: Manufacturer: syz
[   49.070895][  T323] usb 6-1: SerialNumber: syz
[   49.076500][  T323] usb 6-1: config 0 descriptor??
[   49.080637][    T8] device veth1_macvtap left promiscuous mode
[   49.081676][ T1834] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[   49.087291][    T8] device veth0_vlan left promiscuous mode
[   49.094868][  T323] usb-storage 6-1:0.20: USB Mass Storage device detected
[   49.120847][  T323] usb-storage 6-1:0.20: Quirks match for vid 04e6 pid 000b: 4
[   49.203602][  T649] microsoft 0003:045E:07DA.000F: ignoring exceeding usage max
[   49.213354][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   49.224496][  T649] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0
[   49.231569][  T649] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0
[   49.238641][  T649] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0
[   49.257450][   T28] kauditd_printk_skb: 4 callbacks suppressed
[   49.257465][   T28] audit: type=1400 audit(2000000001.360:455): avc:  denied  { mount } for  pid=1856 comm="syz.0.671" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[   49.293468][  T649] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.000F/input/input9
[   49.298827][   T28] audit: type=1400 audit(2000000001.390:456): avc:  denied  { remount } for  pid=1856 comm="syz.0.671" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[   49.317960][ T1834] loop5: detected capacity change from 0 to 512
[   49.325093][   T28] audit: type=1400 audit(2000000001.410:457): avc:  denied  { unmount } for  pid=296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[   49.330767][ T1834] EXT4-fs: quotafile must be on filesystem root
[   49.381461][  T649] microsoft 0003:045E:07DA.000F: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[   49.424069][  T323] scsi host1: usb-storage 6-1:0.20
[   49.424580][   T39] usb 3-1: USB disconnect, device number 4
[   49.642853][  T323] usb 6-1: USB disconnect, device number 7
[   49.945189][ T1864] loop4: detected capacity change from 0 to 1024
[   49.952637][ T1864] EXT4-fs: Ignoring removed nomblk_io_submit option
[   49.960124][   T28] audit: type=1400 audit(2000000002.060:458): avc:  denied  { mount } for  pid=1867 comm="syz.0.674" name="/" dev="ramfs" ino=22974 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[   49.991039][ T1864] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   50.009927][  T297] EXT4-fs (loop4): unmounting filesystem.
[   50.161818][ T1885] netlink: 'syz.5.668': attribute type 3 has an invalid length.
[   50.171983][   T28] audit: type=1400 audit(2000000002.280:459): avc:  denied  { setopt } for  pid=1887 comm="syz.3.683" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   50.219806][ T1898] syz.0.673 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   50.359508][ T1928] device veth1_macvtap left promiscuous mode
[   50.365522][ T1928] device macsec0 entered promiscuous mode
[   50.384114][ T1932] loop5: detected capacity change from 0 to 2048
[   50.395400][ T1937] loop0: detected capacity change from 0 to 512
[   50.402392][ T1937] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   50.415855][ T1937] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   50.427428][ T1937] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[   50.442418][ T1937] EXT4-fs (loop0): 1 truncate cleaned up
[   50.442767][ T1932] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[   50.447878][ T1937] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   50.466692][  T296] EXT4-fs (loop0): unmounting filesystem.
[   50.526758][  T607] EXT4-fs (loop5): unmounting filesystem.
[   50.568828][   T28] audit: type=1400 audit(2000000002.670:460): avc:  denied  { read write } for  pid=296 comm="syz-executor" name="loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   50.609258][   T28] audit: type=1400 audit(2000000002.670:461): avc:  denied  { open } for  pid=296 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   50.633484][   T28] audit: type=1400 audit(2000000002.670:462): avc:  denied  { ioctl } for  pid=296 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=114 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   50.668486][   T28] audit: type=1400 audit(2000000002.700:463): avc:  denied  { create } for  pid=1951 comm="syz.0.703" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   50.687745][   T28] audit: type=1400 audit(2000000002.710:464): avc:  denied  { ioctl } for  pid=1951 comm="syz.0.703" path="socket:[23623]" dev="sockfs" ino=23623 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   50.873377][ T1971] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.882828][ T1971] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.912850][ T1971] device bridge_slave_0 entered promiscuous mode
[   50.934483][ T1971] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.941917][ T1971] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.952323][ T1971] device bridge_slave_1 entered promiscuous mode
[   51.040424][ T1971] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.047305][ T1971] bridge0: port 2(bridge_slave_1) entered forwarding state
[   51.054423][ T1971] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.061196][ T1971] bridge0: port 1(bridge_slave_0) entered forwarding state
[   51.113753][ T2011] loop0: detected capacity change from 0 to 1024
[   51.121571][  T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   51.130100][  T326] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.138778][ T2011] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   51.150186][  T326] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.171735][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   51.181402][  T198] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.188268][  T198] bridge0: port 1(bridge_slave_0) entered forwarding state
[   51.197560][ T2011] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   51.207035][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   51.215764][  T198] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.222657][  T198] bridge0: port 2(bridge_slave_1) entered forwarding state
[   51.249885][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   51.249919][  T296] EXT4-fs (loop0): unmounting filesystem.
[   51.258637][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   51.277849][ T1971] device veth0_vlan entered promiscuous mode
[   51.291052][    T8] device bridge_slave_1 left promiscuous mode
[   51.297204][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.310719][    T8] device bridge_slave_0 left promiscuous mode
[   51.316719][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.329965][    T8] device veth1_macvtap left promiscuous mode
[   51.336208][    T8] device veth0_vlan left promiscuous mode
[   51.424332][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   51.432308][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   51.439689][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   51.447585][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   51.463856][ T1971] device veth1_macvtap entered promiscuous mode
[   51.477399][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   51.496015][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   51.504452][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   51.512840][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   51.521279][  T198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   51.565537][ T2043] loop2: detected capacity change from 0 to 512
[   51.566240][ T2042] device veth1_macvtap left promiscuous mode
[   51.577728][ T2042] device macsec0 entered promiscuous mode
[   51.581484][ T2043] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   51.595004][ T2043] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[   51.610219][ T2043] EXT4-fs (loop2): 1 truncate cleaned up
[   51.615724][ T2043] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   51.624721][ T2049] loop0: detected capacity change from 0 to 1024
[   51.637336][  T295] EXT4-fs (loop2): unmounting filesystem.
[   51.652250][ T2049] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   51.668020][ T2055] loop2: detected capacity change from 0 to 1024
[   51.675439][  T296] EXT4-fs (loop0): unmounting filesystem.
[   51.676149][ T2055] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   51.718589][ T2055] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[   51.743990][  T295] EXT4-fs (loop2): unmounting filesystem.
[   51.812646][ T2065] loop2: detected capacity change from 0 to 2048
[   51.821950][ T2065] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[   51.875053][ T1476] EXT4-fs (loop2): unmounting filesystem.
[   51.918041][ T2082] loop6: detected capacity change from 0 to 512
[   51.924944][ T2082] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[   51.937430][ T2082] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[   51.952612][ T2082] EXT4-fs (loop6): 1 truncate cleaned up
[   51.958182][ T2082] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[   51.980045][ T1971] EXT4-fs (loop6): unmounting filesystem.
[   52.007348][ T2086] loop6: detected capacity change from 0 to 1024
[   52.014467][ T2086] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   52.038991][ T2086] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[   52.045457][ T2089] loop4: detected capacity change from 0 to 1024
[   52.064407][ T1971] EXT4-fs (loop6): unmounting filesystem.
[   52.078452][ T2089] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   52.100216][  T297] EXT4-fs (loop4): unmounting filesystem.
[   52.141066][ T2099] loop4: detected capacity change from 0 to 2048
[   52.152234][ T2099] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[   52.168018][ T2095] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.175275][ T2095] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.183314][ T2095] device bridge_slave_0 entered promiscuous mode
[   52.193497][ T2095] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.200493][ T2095] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.207936][ T2095] device bridge_slave_1 entered promiscuous mode
[   52.208417][  T728] EXT4-fs (loop4): unmounting filesystem.
[   52.272045][ T2095] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.279019][ T2095] bridge0: port 2(bridge_slave_1) entered forwarding state
[   52.286160][ T2095] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.293024][ T2095] bridge0: port 1(bridge_slave_0) entered forwarding state
[   52.324989][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   52.332861][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.340167][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.352512][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   52.360751][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.367631][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   52.376417][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   52.384816][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.391722][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   52.407605][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   52.421159][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   52.447641][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   52.467163][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   52.475313][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   52.482933][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   52.492912][ T2095] device veth0_vlan entered promiscuous mode
[   52.518473][ T2107] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.525539][ T2107] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.533012][ T2107] device bridge_slave_0 entered promiscuous mode
[   52.541154][  T198] device bridge_slave_1 left promiscuous mode
[   52.547129][  T198] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.554419][  T198] device bridge_slave_0 left promiscuous mode
[   52.560356][  T198] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.568348][  T198] device veth1_macvtap left promiscuous mode
[   52.574394][  T198] device veth0_vlan left promiscuous mode
[   52.644753][ T2107] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.651851][ T2107] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.659225][ T2107] device bridge_slave_1 entered promiscuous mode
[   52.677289][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   52.685680][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   52.704668][ T2095] device veth1_macvtap entered promiscuous mode
[   52.724216][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   52.732355][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   52.747919][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   52.776027][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   52.784271][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   52.819417][ T2121] random: crng reseeded on system resumption
[   52.901815][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   52.909391][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   52.928853][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   52.937306][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.944186][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   52.951786][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   52.959838][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.966711][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   52.974588][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   52.994091][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   53.006075][ T2129] loop3: detected capacity change from 0 to 1024
[   53.021155][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   53.031388][ T2131] loop7: detected capacity change from 0 to 1024
[   53.036514][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   53.046755][ T2129] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   53.062966][ T2107] device veth0_vlan entered promiscuous mode
[   53.077756][ T2131] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[   53.080086][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   53.100008][ T2095] EXT4-fs (loop7): unmounting filesystem.
[   53.114364][ T2129] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[   53.137089][ T1835] EXT4-fs (loop3): unmounting filesystem.
[   53.146771][ T2138] loop7: detected capacity change from 0 to 2048
[   53.159762][ T2107] device veth1_macvtap entered promiscuous mode
[   53.169555][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   53.177883][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   53.185610][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   53.201409][ T2138] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[   53.214244][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   53.223834][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   53.326737][ T2161] loop8: detected capacity change from 0 to 1024
[   53.333889][ T2161] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   53.353045][ T2095] EXT4-fs (loop7): unmounting filesystem.
[   53.360257][ T2161] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[   53.381235][ T2165] loop6: detected capacity change from 0 to 1024
[   53.392691][ T2107] EXT4-fs (loop8): unmounting filesystem.
[   53.465412][ T2176] loop6: detected capacity change from 0 to 2048
[   53.557208][ T2181] loop3: detected capacity change from 0 to 512
[   53.566241][ T2183] loop7: detected capacity change from 0 to 7
[   53.574736][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   53.574764][  T198] device bridge_slave_1 left promiscuous mode
[   53.574825][  T198] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.583704][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[   53.596978][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   53.612841][ T2181] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   53.613048][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[   53.630910][ T2183]  loop7: unable to read partition table
[   53.631062][  T198] device bridge_slave_0 left promiscuous mode
[   53.640513][ T2183] loop_reread_partitions: partition scan of loop7 (ţ被xü—źŃŕ– ) failed (rc=-5)
[   53.642536][  T198] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.658507][ T2181] EXT4-fs (loop3): re-mounted. Quota mode: writeback.
[   53.666036][  T198] device dummy0 left promiscuous mode
[   53.677309][  T198] device veth1_macvtap left promiscuous mode
[   53.683689][  T198] device veth0_vlan left promiscuous mode
[   53.851505][ T2179] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.858459][ T2179] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.907533][ T2179] device bridge_slave_0 entered promiscuous mode
[   53.948607][ T2179] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.977433][ T2179] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.985168][ T2179] device bridge_slave_1 entered promiscuous mode
[   54.106213][ T2179] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.113192][ T2179] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.120279][ T2179] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.127088][ T2179] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.144770][ T2206] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.152130][ T2206] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.159496][ T2206] device bridge_slave_0 entered promiscuous mode
[   54.176455][ T2206] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.184424][ T2206] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.192345][ T2206] device bridge_slave_1 entered promiscuous mode
[   54.209914][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   54.217822][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.225550][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.249969][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   54.258327][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.265196][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.291435][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   54.299467][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.306331][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.319109][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   54.333711][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   54.376283][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   54.392480][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   54.401041][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   54.408263][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   54.419497][ T2179] device veth0_vlan entered promiscuous mode
[   54.438739][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   54.453739][ T2179] device veth1_macvtap entered promiscuous mode
[   54.466519][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   54.479692][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   54.493678][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   54.501934][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   54.509906][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.516760][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.524491][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   54.542345][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   54.550970][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   54.558984][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.565847][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.588691][   T28] kauditd_printk_skb: 112 callbacks suppressed
[   54.588709][   T28] audit: type=1400 audit(2000000006.690:577): avc:  denied  { create } for  pid=2219 comm="syz.8.816" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   54.627411][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   54.641174][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   54.649224][   T28] audit: type=1400 audit(2000000006.710:578): avc:  denied  { read } for  pid=2217 comm="syz.3.815" name="ptp0" dev="devtmpfs" ino=260 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   54.673446][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   54.686890][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   54.698941][ T2227] loop9: detected capacity change from 0 to 1024
[   54.705566][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   54.713860][   T28] audit: type=1400 audit(2000000006.710:579): avc:  denied  { open } for  pid=2217 comm="syz.3.815" path="/dev/ptp0" dev="devtmpfs" ino=260 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   54.721666][ T2227] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   54.737691][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   54.756457][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   54.764228][   T28] audit: type=1400 audit(2000000006.710:580): avc:  denied  { ioctl } for  pid=2217 comm="syz.3.815" path="/dev/ptp0" dev="devtmpfs" ino=260 ioctlcmd=0x3d0d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   54.789868][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   54.803768][ T2206] device veth0_vlan entered promiscuous mode
[   54.811523][   T28] audit: type=1400 audit(2000000006.720:581): avc:  denied  { bind } for  pid=2219 comm="syz.8.816" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   54.837664][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   54.852826][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   54.876827][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   54.888556][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   54.897551][   T28] audit: type=1400 audit(2000000006.720:582): avc:  denied  { listen } for  pid=2219 comm="syz.8.816" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   54.918143][   T28] audit: type=1400 audit(2000000006.720:583): avc:  denied  { accept } for  pid=2219 comm="syz.8.816" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   54.938832][   T28] audit: type=1400 audit(2000000006.770:584): avc:  denied  { setopt } for  pid=2219 comm="syz.8.816" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   54.958810][   T28] audit: type=1400 audit(2000000006.990:585): avc:  denied  { read write } for  pid=2233 comm="syz.3.806" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   54.983902][   T28] audit: type=1400 audit(2000000006.990:586): avc:  denied  { open } for  pid=2233 comm="syz.3.806" path="/dev/raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   54.984983][ T2206] device veth1_macvtap entered promiscuous mode
[   55.018075][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   55.026424][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   55.035370][   T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   55.053498][ T1648] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   55.061867][ T1648] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   55.100182][ T2238] loop1: detected capacity change from 0 to 1024
[   55.112206][  T198] device bridge_slave_1 left promiscuous mode
[   55.118275][  T198] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.126057][ T2238] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   55.131266][  T198] device bridge_slave_0 left promiscuous mode
[   55.139864][  T198] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.148132][ T2238] EXT4-fs (loop1): orphan cleanup on readonly fs
[   55.155408][  T198] device bridge_slave_1 left promiscuous mode
[   55.161553][  T323] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[   55.169011][ T2238] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #3: comm syz.1.796: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 2(4), depth 0(0)
[   55.173702][  T198] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.193880][   T39] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[   55.195763][ T2238] EXT4-fs error (device loop1): ext4_quota_enable:6982: comm syz.1.796: Bad quota inode: 3, type: 0
[   55.212118][  T198] device bridge_slave_0 left promiscuous mode
[   55.213683][ T2238] EXT4-fs warning (device loop1): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[   55.218205][  T198] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.232747][ T2238] EXT4-fs (loop1): Cannot turn on quotas: error -117
[   55.247226][  T198] device veth1_macvtap left promiscuous mode
[   55.253540][  T198] device veth0_vlan left promiscuous mode
[   55.259473][  T198] device veth1_macvtap left promiscuous mode
[   55.265478][  T198] device veth0_vlan left promiscuous mode
[   55.295029][ T2244] loop1: detected capacity change from 0 to 512
[   55.324104][ T2244] ext4 filesystem being mounted at /1/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   55.344501][ T2244] EXT4-fs (loop1): re-mounted. Quota mode: writeback.
[   55.371063][  T323] usb 4-1: Using ep0 maxpacket: 16
[   55.377710][  T323] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   55.393958][   T39] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   55.400494][  T323] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   55.404899][   T39] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   55.428351][   T39] usb 10-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[   55.447709][  T323] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   55.452037][   T39] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   55.467856][  T323] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   55.480073][   T39] usb 10-1: config 0 descriptor??
[   55.485428][  T323] usb 4-1: config 0 descriptor??
[   55.897031][   T39] hid-steam 0003:28DE:1142.0010: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.9-1/input0
[   55.907739][  T302] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   55.916713][   T39] hid-steam 0003:28DE:1142.0011: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.9-1/input0
[   55.932473][  T323] usbhid 4-1:0.0: can't add hid device: -71
[   55.938455][  T323] usbhid: probe of 4-1:0.0 failed with error -71
[   55.945329][  T323] usb 4-1: USB disconnect, device number 7
[   55.990501][   T39] hid-steam 0003:28DE:1142.0010: Steam wireless receiver connected
[   56.101618][  T302] usb 2-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice= 0.00
[   56.110655][  T302] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   56.111444][  T649] usb 10-1: USB disconnect, device number 2
[   56.119713][  T302] usb 2-1: config 0 descriptor??
[   56.126093][  T649] hid-steam 0003:28DE:1142.0010: Steam wireless receiver disconnected
[   56.500510][  T323] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   56.533294][  T302] playstation 0003:054C:0DF2.0012: unknown main item tag 0x0
[   56.540614][  T302] playstation 0003:054C:0DF2.0012: item fetching failed at offset 3/5
[   56.548750][  T302] playstation 0003:054C:0DF2.0012: Parse failed
[   56.554896][  T302] playstation: probe of 0003:054C:0DF2.0012 failed with error -22
[   56.666232][ T2290] loop3: detected capacity change from 0 to 1024
[   56.681706][  T323] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   56.692646][  T323] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   56.702494][  T323] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   56.715267][  T323] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   56.724154][  T323] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   56.732799][  T323] usb 1-1: config 0 descriptor??
[   56.749381][  T649] usb 2-1: USB disconnect, device number 2
[   56.781156][ T2301] netlink: 'syz.3.838': attribute type 4 has an invalid length.
[   56.794388][ T2301] netlink: 'syz.3.838': attribute type 17 has an invalid length.
[   56.803743][ T2301] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[   57.100482][   T19] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[   57.140775][  T323] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[   57.148089][  T323] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[   57.155320][  T323] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[   57.162541][  T323] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[   57.169678][  T323] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[   57.176951][  T323] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[   57.184188][  T323] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[   57.191371][  T323] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[   57.198493][  T323] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[   57.205911][  T323] plantronics 0003:047F:FFFF.0013: No inputs registered, leaving
[   57.214957][  T323] plantronics 0003:047F:FFFF.0013: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[   57.280473][   T19] usb 9-1: Using ep0 maxpacket: 16
[   57.286812][   T19] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   57.297733][   T19] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[   57.310333][   T19] usb 9-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[   57.319367][   T19] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   57.327856][   T19] usb 9-1: config 0 descriptor??
[   57.411144][    T6] usb 1-1: USB disconnect, device number 5
[   57.556574][ T2334] netlink: 'syz.1.851': attribute type 4 has an invalid length.
[   57.564705][ T2332] SELinux: failed to load policy
[   57.577670][ T2334] netlink: 'syz.1.851': attribute type 17 has an invalid length.
[   57.586456][ T2334] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[   57.611794][ T2338] loop1: detected capacity change from 0 to 512
[   57.622197][ T2338] ext4 filesystem being mounted at /15/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   57.752148][   T19] usbhid 9-1:0.0: can't add hid device: -71
[   57.757970][   T19] usbhid: probe of 9-1:0.0 failed with error -71
[   57.764740][   T19] usb 9-1: USB disconnect, device number 2
[   58.104657][ T2367] loop0: detected capacity change from 0 to 8192
[   58.159926][ T2371] loop0: detected capacity change from 0 to 512
[   58.166248][ T2371] EXT4-fs: Ignoring removed mblk_io_submit option
[   58.173077][ T2371] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   58.182157][ T2371] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c118, mo2=0002]
[   58.189983][ T2371] System zones: 1-12
[   58.194362][ T2371] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2186: inode #15: comm syz.0.869: corrupted in-inode xattr
[   58.206326][ T2371] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.869: couldn't read orphan inode 15 (err -117)
[   58.266557][ T2377] loop8: detected capacity change from 0 to 512
[   58.281810][ T2377] ext4 filesystem being mounted at /15/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   58.397699][ T2386] loop0: detected capacity change from 0 to 512
[   58.412594][ T2386] ext4 filesystem being mounted at /225/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   58.553710][ T2407] loop1: detected capacity change from 0 to 512
[   58.560151][ T2407] EXT4-fs: Ignoring removed mblk_io_submit option
[   58.566825][ T2407] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[   58.580077][ T2407] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c118, mo2=0002]
[   58.587942][ T2407] System zones: 1-12
[   58.592360][ T2407] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2186: inode #15: comm syz.1.880: corrupted in-inode xattr
[   58.604314][ T2407] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.880: couldn't read orphan inode 15 (err -117)
[   59.770597][  T824] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   59.770705][   T45] Bluetooth: hci0: command 0x1003 tx timeout
[   59.810064][ T2432] xt_hashlimit: size too large, truncated to 1048576
[   59.823276][ T2433] loop9: detected capacity change from 0 to 512
[   59.887174][ T2433] ext4 filesystem being mounted at /10/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   59.932991][ T2450] loop3: detected capacity change from 0 to 512
[   59.941162][ T2450] EXT4-fs: Ignoring removed mblk_io_submit option
[   59.948808][ T2450] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[   59.957876][ T2450] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c118, mo2=0002]
[   59.966720][ T2450] System zones: 1-12
[   59.971417][ T2450] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2186: inode #15: comm syz.3.897: corrupted in-inode xattr
[   59.986026][ T2450] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.897: couldn't read orphan inode 15 (err -117)
[   59.999247][   T28] kauditd_printk_skb: 25 callbacks suppressed
[   59.999263][   T28] audit: type=1400 audit(2000000012.100:612): avc:  denied  { connect } for  pid=2454 comm="syz.0.902" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   60.065634][   T28] audit: type=1400 audit(2000000012.170:613): avc:  denied  { create } for  pid=2462 comm="syz.3.914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   60.299874][ T2490] loop8: detected capacity change from 0 to 256
[   60.325338][ T2490] FAT-fs (loop8): Directory bread(block 64) failed
[   60.332520][ T2490] FAT-fs (loop8): Directory bread(block 65) failed
[   60.339411][ T2490] FAT-fs (loop8): Directory bread(block 66) failed
[   60.345969][ T2490] FAT-fs (loop8): Directory bread(block 67) failed
[   60.352817][ T2490] FAT-fs (loop8): Directory bread(block 68) failed
[   60.359214][ T2490] FAT-fs (loop8): Directory bread(block 69) failed
[   60.365678][ T2490] FAT-fs (loop8): Directory bread(block 70) failed
[   60.372089][ T2490] FAT-fs (loop8): Directory bread(block 71) failed
[   60.378640][ T2490] FAT-fs (loop8): Directory bread(block 72) failed
[   60.390137][ T2490] FAT-fs (loop8): Directory bread(block 73) failed
[   60.424392][ T2490] bio_check_eod: 9 callbacks suppressed
[   60.424409][ T2490] syz.8.918: attempt to access beyond end of device
[   60.424409][ T2490] loop8: rw=524288, sector=1736, nr_sectors = 32 limit=256
[   60.443566][ T2490] syz.8.918: attempt to access beyond end of device
[   60.443566][ T2490] loop8: rw=0, sector=1736, nr_sectors = 8 limit=256
[   60.501509][   T28] audit: type=1400 audit(2000000012.610:614): avc:  denied  { getopt } for  pid=2502 comm="syz.8.935" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   60.596700][ T2524] xt_hashlimit: size too large, truncated to 1048576
[   60.846561][ T1648] Bluetooth: hci0: Frame reassembly failed (-84)
[   60.891113][   T28] audit: type=1400 audit(2000000013.000:615): avc:  denied  { relabelfrom } for  pid=2542 comm="syz.9.942" name="" dev="pipefs" ino=27076 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[   61.031583][   T28] audit: type=1400 audit(2000000013.140:616): avc:  denied  { mac_admin } for  pid=2548 comm="syz.9.946" capability=33  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   61.052764][ T2549] SELinux:  Context · is not valid (left unmapped).
[   61.076511][   T28] audit: type=1400 audit(2000000013.170:617): avc:  denied  { create } for  pid=2550 comm="syz.3.947" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   61.097084][   T28] audit: type=1400 audit(2000000013.170:618): avc:  denied  { write } for  pid=2550 comm="syz.3.947" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   61.198830][   T28] audit: type=1400 audit(2000000013.300:619): avc:  denied  { read } for  pid=2574 comm="syz.3.959" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   61.229807][   T28] audit: type=1400 audit(2000000013.300:620): avc:  denied  { open } for  pid=2574 comm="syz.3.959" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   61.277773][   T28] audit: type=1400 audit(2000000013.380:621): avc:  denied  { unmount } for  pid=2107 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   61.309592][ T2584] loop3: detected capacity change from 0 to 1024
[   61.321815][ T2584] EXT4-fs: Ignoring removed orlov option
[   61.327620][ T2584] EXT4-fs (loop3): Test dummy encryption mode enabled
[   61.580814][ T2640] netlink: 20 bytes leftover after parsing attributes in process `syz.8.990'.
[   61.662287][ T2661] netlink: 28 bytes leftover after parsing attributes in process `syz.0.999'.
[   61.681184][ T2663] incfs: Options parsing error. -22
[   61.686301][ T2663] incfs: mount failed -22
[   61.699304][ T2669] loop9: detected capacity change from 0 to 512
[   61.728703][ T2674] tap0: tun_chr_ioctl cmd 1074025677
[   61.728759][ T2674] tap0: linktype set to 805
[   61.729053][ T2674] tap0: tun_chr_ioctl cmd 35111
[   61.731911][ T2669] ext4 filesystem being mounted at /42/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   61.773792][ T2669] EXT4-fs error (device loop9): ext4_empty_dir:3136: inode #12: comm syz.9.1004: invalid size
[   61.807044][ T2179] EXT4-fs error (device loop9): ext4_empty_dir:3136: inode #12: comm syz-executor: invalid size
[   61.818704][ T2179] EXT4-fs error (device loop9): ext4_empty_dir:3136: inode #12: comm syz-executor: invalid size
[   61.829517][ T2179] EXT4-fs error (device loop9): ext4_empty_dir:3136: inode #12: comm syz-executor: invalid size
[   61.843802][ T2179] EXT4-fs error (device loop9): ext4_empty_dir:3136: inode #12: comm syz-executor: invalid size
[   61.857661][ T2179] EXT4-fs error (device loop9): ext4_empty_dir:3136: inode #12: comm syz-executor: invalid size
[   61.864659][ T2695] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2695 comm=syz.0.1017
[   61.868623][ T2179] EXT4-fs error (device loop9): ext4_empty_dir:3136: inode #12: comm syz-executor: invalid size
[   61.890741][ T2179] EXT4-fs error (device loop9): ext4_empty_dir:3136: inode #12: comm syz-executor: invalid size
[   61.901336][ T2179] EXT4-fs error (device loop9): ext4_empty_dir:3136: inode #12: comm syz-executor: invalid size
[   61.912061][ T2179] EXT4-fs error (device loop9): ext4_empty_dir:3136: inode #12: comm syz-executor: invalid size
[   61.952476][ T2700] loop0: detected capacity change from 0 to 512
[   61.963726][ T2700] EXT4-fs (loop0): unsupported inode size: 143
[   61.969722][ T2700] EXT4-fs (loop0): blocksize: 1024
[   62.132332][ T2720] loop3: detected capacity change from 0 to 256
[   62.156808][ T2728] loop8: detected capacity change from 0 to 256
[   62.166096][ T2728] exFAT-fs (loop8): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x809ea061, utbl_chksum : 0x7319d30d)
[   62.223229][ T2729] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.230369][ T2729] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.238438][ T2729] device bridge_slave_0 entered promiscuous mode
[   62.246392][ T2729] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.253397][ T2729] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.261022][ T2729] device bridge_slave_1 entered promiscuous mode
[   62.401233][ T2753] netlink: 'syz.8.1044': attribute type 1 has an invalid length.
[   62.428316][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   62.440143][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   62.455957][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   62.471381][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.480009][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.486899][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.509425][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   62.517933][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.526284][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.533156][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.563868][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   62.563950][ T2761] sock: sock_set_timeout: `syz.8.1048' (pid 2761) tries to set negative timeout
[   62.571788][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   62.587874][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   62.605344][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   62.619087][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   62.627710][ T2763] loop8: detected capacity change from 0 to 128
[   62.635103][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   62.644138][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   62.654076][ T2729] device veth0_vlan entered promiscuous mode
[   62.666953][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   62.676777][ T2729] device veth1_macvtap entered promiscuous mode
[   62.687471][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   62.707208][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   62.835203][ T2775] loop5: detected capacity change from 0 to 1024
[   62.887669][ T2775] EXT4-fs (loop5): shut down requested (0)
[   62.893433][  T333] Bluetooth: hci0: command 0x1003 tx timeout
[   62.899267][  T824] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   62.938972][ T2781] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop5 ino=12
[   62.969056][ T2781] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop5 ino=12
[   62.993453][ T2784] loop1: detected capacity change from 0 to 256
[   63.009950][ T2781] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop5 ino=12
[   63.046214][ T2771] loop8: detected capacity change from 0 to 40427
[   63.059276][ T2771] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12
[   63.087430][ T2771] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[   63.131898][ T2771] F2FS-fs (loop8): Found nat_bits in checkpoint
[   63.196130][ T2802] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1063'.
[   63.227793][ T2771] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[   63.239139][ T2771] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[   63.300094][   T43] device bridge_slave_1 left promiscuous mode
[   63.310509][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.340879][   T43] device bridge_slave_0 left promiscuous mode
[   63.346870][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.362764][   T43] device veth1_macvtap left promiscuous mode
[   63.368625][   T43] device veth0_vlan left promiscuous mode
[   63.573853][ T2827] input: syz1 as /devices/virtual/input/input10
[   63.580503][ T2827] input: failed to attach handler leds to device input10, error: -6
[   63.684731][ T2843] tmpfs: Unknown parameter 'nolazytime˙˙'
[   63.695041][ T2813] loop3: detected capacity change from 0 to 40427
[   63.702337][ T2813] F2FS-fs (loop3): Image doesn't support compression
[   63.720703][ T2813] F2FS-fs (loop3): Image doesn't support compression
[   63.727262][ T2813] F2FS-fs (loop3): fault_type options not supported
[   63.748915][ T2813] F2FS-fs (loop3): invalid crc value
[   63.757674][ T2813] F2FS-fs (loop3): Found nat_bits in checkpoint
[   63.769727][ T2845] loop0: detected capacity change from 0 to 8192
[   63.810802][ T2845] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   63.834199][ T2859] input: syz1 as /devices/virtual/input/input11
[   63.842280][ T2859] input: failed to attach handler leds to device input11, error: -6
[   63.859749][ T2863] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1092'.
[   63.871779][ T2813] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   63.900861][ T2870] loop1: detected capacity change from 0 to 256
[   63.911389][ T2870] FAT-fs (loop1): bogus number of FAT sectors
[   63.917426][ T2870] FAT-fs (loop1): Can't find a valid FAT filesystem
[   63.958807][ T2881] loop8: detected capacity change from 0 to 256
[   64.001316][ T2883] f2fs_ckpt-7:3: attempt to access beyond end of device
[   64.001316][ T2883] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   64.189885][ T2904] tmpfs: Unknown parameter 'nolazytime˙˙'
[   64.208335][ T2897] loop8: detected capacity change from 0 to 8192
[   64.225233][ T2897] FAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   64.240193][ T2909] loop0: detected capacity change from 0 to 256
[   64.255200][ T2909] FAT-fs (loop0): bogus number of FAT sectors
[   64.278596][ T2909] FAT-fs (loop0): Can't find a valid FAT filesystem
[   64.551573][ T2939] netlink: 'syz.3.1126': attribute type 1 has an invalid length.
[   64.561329][ T2941] loop1: detected capacity change from 0 to 256
[   64.580145][ T2918] loop8: detected capacity change from 0 to 40427
[   64.608642][ T2918] F2FS-fs (loop8): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[   64.616677][ T2918] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[   64.635664][ T2918] F2FS-fs (loop8): invalid crc value
[   64.653449][ T2945] loop5: detected capacity change from 0 to 8192
[   64.662236][ T2918] F2FS-fs (loop8): Found nat_bits in checkpoint
[   64.672854][ T2956] loop1: detected capacity change from 0 to 256
[   64.689671][ T2956] FAT-fs (loop1): bogus number of FAT sectors
[   64.697107][ T2945] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   64.710485][ T2956] FAT-fs (loop1): Can't find a valid FAT filesystem
[   64.722631][ T2962] loop3: detected capacity change from 0 to 1024
[   64.760017][ T2962] EXT4-fs mount: 34 callbacks suppressed
[   64.760037][ T2962] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   64.773910][ T2967] loop5: detected capacity change from 0 to 512
[   64.777428][ T2962] EXT4-fs (loop3): shut down requested (0)
[   64.791101][ T2962] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop3 ino=12
[   64.792915][ T2967] EXT4-fs (loop5): unsupported inode size: 143
[   64.805861][ T2967] EXT4-fs (loop5): blocksize: 1024
[   64.811598][ T2962] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop3 ino=12
[   64.813488][ T2918] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[   64.820226][ T2962] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop3 ino=12
[   64.849223][ T2962] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop3 ino=12
[   64.860640][ T2918] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e4
[   64.862638][ T2962] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop3 ino=12
[   64.876832][ T2962] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop3 ino=14
[   64.885540][ T2962] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop3 ino=12
[   64.894778][ T2962] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop3 ino=12
[   64.903484][ T2962] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop3 ino=12
[   64.912123][ T2962] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop3 ino=12
[   64.946843][ T2962] SELinux: inode_doinit_use_xattr:  getxattr returned 5 for dev=loop3 ino=14
[   64.994245][ T2918] syz.8.1113: attempt to access beyond end of device
[   64.994245][ T2918] loop8: rw=2051, sector=36912, nr_sectors = 8152 limit=40427
[   65.021138][ T2918] syz.8.1113: attempt to access beyond end of device
[   65.021138][ T2918] loop8: rw=2051, sector=45096, nr_sectors = 85976 limit=40427
[   65.042985][ T1835] EXT4-fs (loop3): unmounting filesystem.
[   65.050027][ T2961] mmap: syz.0.1135 (2961) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   65.062195][ T2918] F2FS-fs (loop8): Issue discard(4614, 4614, 1019) failed, ret: -5
[   65.062225][ T2918] F2FS-fs (loop8): Issue discard(5637, 5637, 10747) failed, ret: -5
[   65.076569][ T2973] loop5: detected capacity change from 0 to 256
[   65.109800][ T2973] exfat: Deprecated parameter 'utf8'
[   65.119639][ T2973] exfat: Deprecated parameter 'namecase'
[   65.130627][ T2973] exfat: Deprecated parameter 'utf8'
[   65.145006][ T2973] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d)
[   65.250034][ T2994] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2994 comm=syz.1.1148
[   65.334019][ T3008] input: syz1 as /devices/virtual/input/input12
[   65.465834][   T28] kauditd_printk_skb: 74 callbacks suppressed
[   65.465849][   T28] audit: type=1400 audit(2000000017.570:696): avc:  denied  { append } for  pid=3024 comm="syz.1.1162" name="001" dev="devtmpfs" ino=178 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[   65.501160][  T302] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[   65.583732][ T3031] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=210 sclass=netlink_route_socket pid=3031 comm=syz.0.1165
[   65.606816][ T3033] netlink: 'syz.0.1166': attribute type 34 has an invalid length.
[   65.710490][   T19] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[   65.740557][  T302] usb 4-1: Using ep0 maxpacket: 32
[   65.746694][  T302] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   65.757471][  T302] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   65.767168][  T302] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[   65.776155][  T302] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   65.784538][  T302] usb 4-1: config 0 descriptor??
[   65.830478][  T443] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   65.890437][   T19] usb 6-1: Using ep0 maxpacket: 16
[   65.896531][   T19] usb 6-1: config 0 has an invalid interface number: 41 but max is 0
[   65.904489][   T19] usb 6-1: config 0 has no interface number 0
[   65.910339][   T19] usb 6-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[   65.920107][   T19] usb 6-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[   65.929891][   T19] usb 6-1: config 0 interface 41 has no altsetting 0
[   65.938781][   T19] usb 6-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[   65.947714][   T19] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   65.955531][   T19] usb 6-1: Product: syz
[   65.959479][   T19] usb 6-1: Manufacturer: syz
[   65.964483][   T19] usb 6-1: SerialNumber: syz
[   65.969511][   T19] usb 6-1: config 0 descriptor??
[   65.974572][ T3016] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[   65.981785][ T3016] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[   66.010457][  T443] usb 2-1: Using ep0 maxpacket: 32
[   66.016593][  T443] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   66.027350][  T443] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   66.036854][  T443] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[   66.045709][  T443] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   66.054202][  T443] usb 2-1: config 0 descriptor??
[   66.059777][  T443] hub 2-1:0.0: USB hub found
[   66.190405][ T3016] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[   66.200994][ T3016] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[   66.208052][  T302] savu 0003:1E7D:2D5A.0014: hiddev96,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[   66.261910][  T443] hub 2-1:0.0: config failed, can't read hub descriptor (err -90)
[   66.386067][  T198] Bluetooth: hci0: Frame reassembly failed (-84)
[   66.471463][  T302] usb 4-1: USB disconnect, device number 8
[   66.477755][  T443] usbhid 2-1:0.0: can't add hid device: -71
[   66.483556][  T443] usbhid: probe of 2-1:0.0 failed with error -71
[   66.520748][  T443] usb 2-1: USB disconnect, device number 3
[   66.830477][   T24] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   66.987051][ T3061] loop1: detected capacity change from 0 to 256
[   66.996096][ T3061] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x46ae1815, utbl_chksum : 0xe619d30d)
[   67.008574][ T3061] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186)
[   67.020494][   T24] usb 1-1: Using ep0 maxpacket: 8
[   67.020908][   T28] audit: type=1400 audit(2000000019.130:697): avc:  denied  { remove_name } for  pid=3060 comm="syz.1.1177" name="file1" dev="loop1" ino=1048653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   67.048476][   T19] CoreChips: probe of 6-1:0.41 failed with error -71
[   67.056407][   T19] usb 6-1: USB disconnect, device number 8
[   67.056498][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   67.064303][   T28] audit: type=1400 audit(2000000019.160:698): avc:  denied  { unlink } for  pid=3060 comm="syz.1.1177" name="file1" dev="loop1" ino=1048653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   67.072158][   T24] usb 1-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00
[   67.103191][ T3065] SELinux:  Context $ is not valid (left unmapped).
[   67.109132][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   67.118310][   T28] audit: type=1400 audit(2000000019.210:699): avc:  denied  { relabelto } for  pid=3064 comm="syz.3.1179" name="file0" dev="tmpfs" ino=531 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="$"
[   67.141867][   T24] usb 1-1: config 0 descriptor??
[   67.148367][   T24] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[   67.156750][   T28] audit: type=1400 audit(2000000019.210:700): avc:  denied  { associate } for  pid=3064 comm="syz.3.1179" name="file0" dev="tmpfs" ino=531 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="$"
[   67.181169][   T28] audit: type=1400 audit(2000000019.270:701): avc:  denied  { rmdir } for  pid=1835 comm="syz-executor" name="file0" dev="tmpfs" ino=531 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="$"
[   67.295033][ T3077] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1184'.
[   67.317658][ T3079] loop1: detected capacity change from 0 to 256
[   67.326256][   T28] audit: type=1400 audit(2000000019.430:702): avc:  denied  { remount } for  pid=3078 comm="syz.1.1185" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   67.360445][   T28] audit: type=1400 audit(2000000019.460:703): avc:  denied  { mount } for  pid=3080 comm="syz.1.1186" name="/" dev="configfs" ino=14607 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[   67.383089][   T28] audit: type=1400 audit(2000000019.470:704): avc:  denied  { search } for  pid=3080 comm="syz.1.1186" name="/" dev="configfs" ino=14607 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[   67.390601][ T3074] loop3: detected capacity change from 0 to 40427
[   67.411939][ T3074] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[   67.419510][ T3074] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   67.428482][   T28] audit: type=1400 audit(2000000019.530:705): avc:  denied  { ioctl } for  pid=3082 comm="syz.1.1187" path="/dev/fuse" dev="devtmpfs" ino=93 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[   67.444074][ T3074] F2FS-fs (loop3): Found nat_bits in checkpoint
[   67.486768][ T3074] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   67.493739][ T3074] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   67.524751][ T3074] syz.3.1183: attempt to access beyond end of device
[   67.524751][ T3074] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   67.545954][ T1835] syz-executor: attempt to access beyond end of device
[   67.545954][ T1835] loop3: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[   67.753681][ T3123] xt_bpf: check failed: parse error
[   67.918112][ T3150] loop5: detected capacity change from 0 to 512
[   67.924464][   T24] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   67.932558][ T3150] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   67.944793][ T3150] EXT4-fs (loop5): 1 truncate cleaned up
[   67.950320][ T3150] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[   67.961688][ T3150] EXT4-fs error (device loop5): ext4_generic_delete_entry:2729: inode #2: block 13: comm syz.5.1216: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[   67.982027][ T3150] EXT4-fs error (device loop5) in ext4_delete_entry:2800: Corrupt filesystem
[   67.999017][ T2729] EXT4-fs (loop5): unmounting filesystem.
[   68.131686][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   68.142657][   T24] usb 2-1: New USB device found, idVendor=046d, idProduct=c50c, bcdDevice= 0.00
[   68.152022][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   68.160661][   T24] usb 2-1: config 0 descriptor??
[   68.410460][  T824] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   68.410650][  T333] Bluetooth: hci0: command 0x1003 tx timeout
[   68.471475][ T3193] netlink: 20 bytes leftover after parsing attributes in process `syz.8.1235'.
[   68.480345][ T3193] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1235'.
[   68.567745][   T24] logitech 0003:046D:C50C.0015: unbalanced delimiter at end of report description
[   68.577175][   T24] logitech 0003:046D:C50C.0015: parse failed
[   68.583041][   T24] logitech: probe of 0003:046D:C50C.0015 failed with error -22
[   68.651776][ T3203] netlink: 116 bytes leftover after parsing attributes in process `syz.8.1240'.
[   68.660814][ T3203] Zero length message leads to an empty skb
[   68.698987][ T3209] netlink: 87 bytes leftover after parsing attributes in process `syz.8.1243'.
[   68.771415][   T19] usb 2-1: USB disconnect, device number 4
[   68.940716][ T3226] loop5: detected capacity change from 0 to 256
[   68.949672][ T3226] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x46ae1815, utbl_chksum : 0xe619d30d)
[   68.961842][ T3226] exFAT-fs (loop5): bogus allocation bitmap size(need : 2, cur : 17179869186)
[   69.032114][ T3230] loop5: detected capacity change from 0 to 128
[   69.038658][ T3230] EXT4-fs (loop5): Test dummy encryption mode enabled
[   69.046579][ T3230] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[   69.055204][ T3230] ext4 filesystem being mounted at /55/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   69.067987][ T3230] fscrypt: AES-256-XTS using implementation "xts-aes-aesni"
[   69.083270][ T2729] EXT4-fs (loop5): unmounting filesystem.
[   69.263453][ T3257] overlayfs: invalid origin (00000079000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[   69.295982][ T3262] xt_hashlimit: size too large, truncated to 1048576
[   69.460437][   T19] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[   69.566622][    T6] usb 1-1: USB disconnect, device number 6
[   69.650441][   T19] usb 4-1: Using ep0 maxpacket: 8
[   69.656747][   T19] usb 4-1: unable to get BOS descriptor or descriptor too short
[   69.679119][   T19] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   69.711640][   T19] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 2015, setting to 1024
[   69.745507][   T19] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[   69.771063][   T19] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 16
[   69.793700][   T19] usb 4-1: string descriptor 0 read error: -22
[   69.805188][   T19] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   69.823867][   T19] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   69.840898][ T3254] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[   69.850101][ T3254] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[   69.910256][ T3265] TCP: TCP_TX_DELAY enabled
[   69.968139][ T3279] SELinux:  Context  is not valid (left unmapped).
[   70.068243][ T3254] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[   70.078754][ T3254] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[   70.295461][   T19] cdc_ether: probe of 4-1:1.0 failed with error -32
[   70.303045][ T3281] loop1: detected capacity change from 0 to 40427
[   70.310575][ T3281] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[   70.319173][   T19] usb 4-1: USB disconnect, device number 9
[   70.329241][ T3281] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   70.350500][ T3281] F2FS-fs (loop1): invalid crc value
[   70.356937][ T3281] F2FS-fs (loop1): Found nat_bits in checkpoint
[   70.411277][ T3281] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   70.418210][ T3281] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[   70.463276][ T3281] syz.1.1275: attempt to access beyond end of device
[   70.463276][ T3281] loop1: rw=2051, sector=36912, nr_sectors = 8152 limit=40427
[   70.477666][ T3281] syz.1.1275: attempt to access beyond end of device
[   70.477666][ T3281] loop1: rw=2051, sector=45096, nr_sectors = 85976 limit=40427
[   70.492524][ T3281] F2FS-fs (loop1): Issue discard(4614, 4614, 1019) failed, ret: -5
[   70.492559][ T3281] F2FS-fs (loop1): Issue discard(5637, 5637, 10747) failed, ret: -5
[   70.631164][   T28] kauditd_printk_skb: 11 callbacks suppressed
[   70.631180][   T28] audit: type=1400 audit(2000000022.733:717): avc:  denied  { name_bind } for  pid=3335 comm="syz.5.1297" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[   70.662144][ T3339] device bridge0 entered promiscuous mode
[   70.673965][ T3338] device bridge0 left promiscuous mode
[   70.776261][   T28] audit: type=1400 audit(2000000022.873:718): avc:  denied  { nlmsg_write } for  pid=3351 comm="syz.5.1305" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   70.827044][ T3359] loop7: detected capacity change from 0 to 6
[   70.845981][ T3364] loop3: detected capacity change from 0 to 128
[   70.853875][ T3364] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   70.862190][   T28] audit: type=1400 audit(2000000022.953:719): avc:  denied  { read } for  pid=3363 comm="syz.5.1310" name="usbmon0" dev="devtmpfs" ino=155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   70.890253][ T3364] ext4 filesystem being mounted at /130/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   70.895775][   T28] audit: type=1400 audit(2000000022.953:720): avc:  denied  { open } for  pid=3363 comm="syz.5.1310" path="/dev/usbmon0" dev="devtmpfs" ino=155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   70.934520][ T1835] EXT4-fs (loop3): unmounting filesystem.
[   70.954087][ T3373] loop5: detected capacity change from 0 to 256
[   70.960489][ T3373] exfat: Deprecated parameter 'namecase'
[   70.968738][ T3373] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d)
[   70.984835][ T3373] exFAT-fs (loop5): hint_cluster is invalid (1)
[   70.991584][ T3373] exFAT-fs (loop5): error, invalid access to exfat cache (entry 0x00000000)
[   71.000089][ T3373] exFAT-fs (loop5): error, failed to bmap (inode : ffff88813324ddb0 iblock : 9, err : -5)
[   71.009928][ T3373] syz.5.1313: attempt to access beyond end of device
[   71.009928][ T3373] loop5: rw=2049, sector=34359738488, nr_sectors = 8 limit=256
[   71.024924][ T3373] exFAT-fs (loop5): error, invalid access to exfat cache (entry 0x00000000)
[   71.033546][ T3373] exFAT-fs (loop5): error, failed to bmap (inode : ffff88813324ddb0 iblock : 4, err : -5)
[   71.217136][   T28] audit: type=1400 audit(2000000023.313:721): avc:  denied  { bind } for  pid=3388 comm="syz.8.1321" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   71.236279][   T28] audit: type=1400 audit(2000000023.313:722): avc:  denied  { name_bind } for  pid=3388 comm="syz.8.1321" src=512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[   71.256863][   T28] audit: type=1400 audit(2000000023.313:723): avc:  denied  { node_bind } for  pid=3388 comm="syz.8.1321" src=512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[   71.277239][   T28] audit: type=1400 audit(2000000023.313:724): avc:  denied  { setopt } for  pid=3388 comm="syz.8.1321" lport=512 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   71.360482][   T19] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[   71.590505][   T19] usb 6-1: Using ep0 maxpacket: 32
[   71.596660][   T19] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[   71.604741][   T19] usb 6-1: config 0 has no interface number 0
[   71.611019][   T19] usb 6-1: config 0 interface 184 has no altsetting 0
[   71.623970][   T19] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[   71.633225][   T19] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   71.641209][   T19] usb 6-1: Product: syz
[   71.645126][   T19] usb 6-1: Manufacturer: syz
[   71.649554][   T19] usb 6-1: SerialNumber: syz
[   71.655841][   T19] usb 6-1: config 0 descriptor??
[   71.661467][   T19] smsc75xx v1.0.0
[   71.682384][ T3416] loop1: detected capacity change from 0 to 512
[   71.684124][ T3418] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1335'.
[   71.689240][ T3416] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   71.697347][ T3418] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1335'.
[   71.716925][ T3416] EXT4-fs (loop1): 1 truncate cleaned up
[   71.722804][ T3416] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[   71.736581][ T3416] EXT4-fs error (device loop1): ext4_generic_delete_entry:2729: inode #2: block 13: comm syz.1.1334: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[   71.757011][ T3416] EXT4-fs error (device loop1) in ext4_delete_entry:2800: Corrupt filesystem
[   71.772936][ T2206] EXT4-fs (loop1): unmounting filesystem.
[   71.789070][ T3423] incfs: Options parsing error. -22
[   71.794389][ T3423] incfs: mount failed -22
[   71.813859][   T28] audit: type=1400 audit(2000000023.913:725): avc:  denied  { connect } for  pid=3427 comm="syz.1.1338" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   71.833760][   T28] audit: type=1400 audit(2000000023.913:726): avc:  denied  { write } for  pid=3427 comm="syz.1.1338" path="socket:[29689]" dev="sockfs" ino=29689 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   71.972308][ T3450] loop3: detected capacity change from 0 to 512
[   71.979695][ T3450] EXT4-fs (loop3): unsupported inode size: 143
[   71.985808][ T3450] EXT4-fs (loop3): blocksize: 1024
[   72.001434][ T3452] loop1: detected capacity change from 0 to 8192
[   72.008784][ T3452] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   72.236449][ T3489] loop0: detected capacity change from 0 to 128
[   72.244537][ T3490] loop3: detected capacity change from 0 to 128
[   72.248665][ T3489] EXT4-fs (loop0): Test dummy encryption mode enabled
[   72.260068][ T3489] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   72.268863][ T3489] ext4 filesystem being mounted at /301/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   72.270939][   T19] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[   72.280449][ T3490] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[   72.293794][   T19] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[   72.298518][ T3490] ext4 filesystem being mounted at /143/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   72.308960][ T3496] netlink: 'syz.1.1369': attribute type 3 has an invalid length.
[   72.325269][   T19] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[   72.328249][ T3490] fscrypt (loop3, inode 12): Unsupported encryption modes (contents 0, filenames 0)
[   72.335343][ T3496] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1369'.
[   72.353689][   T19] smsc75xx: probe of 6-1:0.184 failed with error -71
[   72.354343][ T1835] EXT4-fs (loop3): unmounting filesystem.
[   72.361383][   T19] usb 6-1: USB disconnect, device number 9
[   72.408582][  T296] EXT4-fs (loop0): unmounting filesystem.
[   72.516715][ T3517] loop1: detected capacity change from 0 to 512
[   72.523877][ T3517] EXT4-fs (loop1): unsupported inode size: 143
[   72.529930][ T3517] EXT4-fs (loop1): blocksize: 1024
[   72.665060][ T3538] kvm [3537]: vcpu0, guest rIP: 0xfff0 unimplemented HWCR wrmsr: 0x5fd0000000000
[   73.123023][ T3608] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1422'.
[   73.150464][  T443] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   73.161303][ T3611] loop3: detected capacity change from 0 to 256
[   73.175770][ T3611] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00000001)
[   73.176231][ T3596] loop5: detected capacity change from 0 to 40427
[   73.185663][ T3611] FAT-fs (loop3): Filesystem has been set read-only
[   73.192622][ T3596] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[   73.199654][ T3611] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00000001)
[   73.206070][ T3596] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[   73.223550][  T302] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   73.235892][ T3596] F2FS-fs (loop5): Found nat_bits in checkpoint
[   73.274521][ T3596] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[   73.281539][ T3596] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[   73.341958][  T443] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   73.352097][  T443] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[   73.371734][  T443] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[   73.390536][  T443] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   73.408596][  T443] usb 1-1: SerialNumber: syz
[   73.414283][  T302] usb 2-1: New USB device found, idVendor=056a, idProduct=0028, bcdDevice= 0.00
[   73.424510][  T302] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   73.437196][  T302] usb 2-1: config 0 descriptor??
[   73.483899][ T3636] tap0: tun_chr_ioctl cmd 1074025677
[   73.489158][ T3636] tap0: linktype set to 805
[   73.494170][ T3636] tap0: tun_chr_ioctl cmd 35111
[   73.526157][ T3642] loop5: detected capacity change from 0 to 512
[   73.532853][ T3642] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[   73.544667][ T3642] EXT4-fs (loop5): 1 truncate cleaned up
[   73.550646][ T3642] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[   73.625573][  T443] usb 1-1: 0:2 : does not exist
[   73.635908][  T443] usb 1-1: USB disconnect, device number 7
[   73.672823][ T3654] loop3: detected capacity change from 0 to 256
[   73.679307][ T3654] FAT-fs (loop3): bogus number of FAT sectors
[   73.685311][ T3654] FAT-fs (loop3): Can't find a valid FAT filesystem
[   73.830436][  T322] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[   73.862376][  T302] wacom 0003:056A:0028.0016: item fetching failed at offset 2/5
[   73.870172][  T302] wacom 0003:056A:0028.0016: parse failed
[   73.876028][  T302] wacom: probe of 0003:056A:0028.0016 failed with error -22
[   74.040851][  T322] usb 6-1: no configurations
[   74.045382][  T322] usb 6-1: can't read configurations, error -22
[   74.071083][   T19] usb 2-1: USB disconnect, device number 5
[   74.154852][ T3680] loop0: detected capacity change from 0 to 1024
[   74.180835][ T3680] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   74.199239][ T3680] EXT4-fs (loop0): orphan cleanup on readonly fs
[   74.210509][  T322] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[   74.220893][ T3680] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5887: Corrupt filesystem
[   74.252075][ T3680] EXT4-fs (loop0): Remounting filesystem read-only
[   74.258426][ T3680] EXT4-fs error (device loop0): ext4_dirty_inode:6091: inode #3: comm syz.0.1451: mark_inode_dirty error
[   74.290102][ T3680] EXT4-fs (loop0): Remounting filesystem read-only
[   74.300029][ T3680] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:477: comm syz.0.1451: Invalid block bitmap block 3 in block_group 0
[   74.328932][ T3676] loop8: detected capacity change from 0 to 40427
[   74.335822][ T3680] EXT4-fs (loop0): Remounting filesystem read-only
[   74.342936][ T3676] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12
[   74.343509][ T3680] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5887: Corrupt filesystem
[   74.359734][ T3676] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[   74.367976][ T3680] EXT4-fs (loop0): Remounting filesystem read-only
[   74.373189][ T3676] F2FS-fs (loop8): invalid crc value
[   74.375789][ T3680] EXT4-fs error (device loop0): ext4_dirty_inode:6091: inode #3: comm syz.0.1451: mark_inode_dirty error
[   74.391172][ T3680] EXT4-fs (loop0): Remounting filesystem read-only
[   74.397627][ T3680] EXT4-fs error (device loop0): ext4_map_blocks:634: inode #3: block 1: comm syz.0.1451: lblock 6 mapped to illegal pblock 1 (length 1)
[   74.412506][ T3676] F2FS-fs (loop8): Found nat_bits in checkpoint
[   74.420893][  T322] usb 6-1: no configurations
[   74.425350][  T322] usb 6-1: can't read configurations, error -22
[   74.431525][ T3680] EXT4-fs (loop0): Remounting filesystem read-only
[   74.437790][ T3680] EXT4-fs error (device loop0): ext4_map_blocks:634: inode #3: block 48: comm syz.0.1451: lblock 0 mapped to illegal pblock 48 (length 1)
[   74.455709][ T3676] F2FS-fs (loop8): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[   74.460516][  T322] usb usb6-port1: attempt power cycle
[   74.468408][ T3680] EXT4-fs (loop0): Remounting filesystem read-only
[   74.476317][ T3680] EXT4-fs error (device loop0): ext4_acquire_dquot:6788: comm syz.0.1451: Failed to acquire dquot type 0
[   74.487533][ T3676] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[   74.487679][ T3680] EXT4-fs (loop0): Remounting filesystem read-only
[   74.501034][ T3676] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[   74.519475][ T3680] EXT4-fs error (device loop0): ext4_map_blocks:634: inode #3: block 49: comm syz.0.1451: lblock 1 mapped to illegal pblock 49 (length 1)
[   74.533856][ T3680] EXT4-fs (loop0): Remounting filesystem read-only
[   74.540195][ T3680] EXT4-fs error (device loop0): ext4_acquire_dquot:6788: comm syz.0.1451: Failed to acquire dquot type 0
[   74.551751][ T3680] EXT4-fs (loop0): Remounting filesystem read-only
[   74.558110][ T3680] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5887: Corrupt filesystem
[   74.568542][ T3680] EXT4-fs (loop0): Remounting filesystem read-only
[   74.575459][ T3680] EXT4-fs error (device loop0): ext4_evict_inode:279: inode #15: comm syz.0.1451: mark_inode_dirty error
[   74.586760][ T3693] input: syz1 as /devices/virtual/input/input13
[   74.595649][ T3680] EXT4-fs (loop0): Remounting filesystem read-only
[   74.602517][ T3680] EXT4-fs warning (device loop0): ext4_evict_inode:282: couldn't mark inode dirty (err -117)
[   74.613075][ T3680] EXT4-fs (loop0): 1 orphan inode deleted
[   74.618709][ T3680] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   74.656424][ T3680] syz.0.1451 (3680) used greatest stack depth: 19688 bytes left
[   74.667464][  T296] EXT4-fs (loop0): unmounting filesystem.
[   74.698864][ T3706] loop0: detected capacity change from 0 to 1024
[   74.728947][ T3706] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   74.738868][ T3706] EXT4-fs warning (device loop0): ext4_empty_dir:3156: inode #11: comm syz.0.1461: directory missing '..'
[   74.756782][  T296] EXT4-fs (loop0): unmounting filesystem.
[   74.891003][  T322] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[   74.900718][ T3702] loop3: detected capacity change from 0 to 40427
[   74.907630][ T3702] F2FS-fs (loop3): fault_injection options not supported
[   74.915162][ T3702] F2FS-fs (loop3): invalid crc value
[   74.921631][ T3702] F2FS-fs (loop3): Found nat_bits in checkpoint
[   74.931303][  T322] usb 6-1: no configurations
[   74.935752][  T322] usb 6-1: can't read configurations, error -22
[   74.959212][ T3702] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   74.976479][ T1835] syz-executor: attempt to access beyond end of device
[   74.976479][ T1835] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   75.070504][    T6] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[   75.100471][  T322] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[   75.131235][  T322] usb 6-1: no configurations
[   75.135640][  T322] usb 6-1: can't read configurations, error -22
[   75.141915][  T322] usb usb6-port1: unable to enumerate USB device
[   75.251959][    T6] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   75.261943][    T6] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[   75.271268][    T6] usb 9-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[   75.280127][    T6] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   75.287952][    T6] usb 9-1: SerialNumber: syz
[   75.300459][  T322] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[   75.482268][  T322] usb 1-1: unable to get BOS descriptor or descriptor too short
[   75.494919][    T6] usb 9-1: 0:2 : does not exist
[   75.500197][  T322] usb 1-1: unable to read config index 0 descriptor/start: -71
[   75.501352][    T6] usb 9-1: USB disconnect, device number 3
[   75.520439][  T322] usb 1-1: can't read configurations, error -71
[   75.810571][  T302] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   75.850508][  T323] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[   76.005671][  T302] usb 2-1: Using ep0 maxpacket: 32
[   76.012994][  T302] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   76.025347][ T3739] loop0: detected capacity change from 0 to 128
[   76.031000][  T302] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   76.032801][ T3739] FAT-fs (loop0): Directory bread(block 162) failed
[   76.042490][  T302] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[   76.048750][   T28] kauditd_printk_skb: 27 callbacks suppressed
[   76.048767][   T28] audit: type=1400 audit(2000000028.153:748): avc:  denied  { setopt } for  pid=3740 comm="syz.8.1473" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   76.057484][  T302] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.062715][ T3739] FAT-fs (loop0): Directory bread(block 163) failed
[   76.095877][  T302] usb 2-1: config 0 descriptor??
[   76.096746][  T323] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   76.101622][ T3739] FAT-fs (loop0): Directory bread(block 164) failed
[   76.119735][ T3739] FAT-fs (loop0): Directory bread(block 165) failed
[   76.124455][  T323] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   76.126949][ T3739] FAT-fs (loop0): Directory bread(block 166) failed
[   76.138479][  T323] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[   76.145304][ T3739] FAT-fs (loop0): Directory bread(block 167) failed
[   76.155359][  T323] usb 4-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[   76.162415][ T3739] FAT-fs (loop0): Directory bread(block 168) failed
[   76.180545][  T323] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.192277][  T323] usb 4-1: config 0 descriptor??
[   76.197274][ T3739] FAT-fs (loop0): Directory bread(block 169) failed
[   76.210840][ T3739] FAT-fs (loop0): Directory bread(block 162) failed
[   76.217404][ T3739] FAT-fs (loop0): Directory bread(block 163) failed
[   76.224620][ T3739] syz.0.1474: attempt to access beyond end of device
[   76.224620][ T3739] loop0: rw=3, sector=226, nr_sectors = 6 limit=128
[   76.238410][ T3739] syz.0.1474: attempt to access beyond end of device
[   76.238410][ T3739] loop0: rw=2051, sector=232, nr_sectors = 2 limit=128
[   76.308005][ T3756] loop8: detected capacity change from 0 to 512
[   76.323567][ T3756] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[   76.332372][ T3756] ext4 filesystem being mounted at /157/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   76.355235][ T2107] EXT4-fs (loop8): unmounting filesystem.
[   76.476393][   T28] audit: type=1400 audit(2000000028.573:749): avc:  denied  { remount } for  pid=3767 comm="syz.8.1485" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   76.523863][  T302] savu 0003:1E7D:2D5A.0017: hiddev96,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0
[   76.536416][ T2729] EXT4-fs (loop5): unmounting filesystem.
[   76.606322][  T323] isku 0003:1E7D:319C.0018: invalid report_size 23040
[   76.620458][  T323] isku 0003:1E7D:319C.0018: item 0 2 1 7 parsing failed
[   76.627423][  T323] isku 0003:1E7D:319C.0018: parse failed
[   76.634302][  T323] isku: probe of 0003:1E7D:319C.0018 failed with error -22
[   76.702094][ T1648] Bluetooth: hci0: Frame reassembly failed (-84)
[   76.708282][ T1648] Bluetooth: hci0: Frame reassembly failed (-84)
[   76.753622][ T3783] loop5: detected capacity change from 0 to 128
[   76.761331][ T3783] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[   76.769743][ T3783] ext4 filesystem being mounted at /97/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   76.783413][ T3783] fscrypt (loop5, inode 12): Unsupported encryption modes (contents 0, filenames 0)
[   76.798571][ T2729] EXT4-fs (loop5): unmounting filesystem.
[   76.801365][  T302] usb 2-1: USB disconnect, device number 6
[   76.813542][  T323] usb 4-1: USB disconnect, device number 10
[   76.891622][ T3790] loop5: detected capacity change from 0 to 512
[   76.902006][ T3790] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   76.910991][ T3790] ext4 filesystem being mounted at /100/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   76.931110][ T2729] EXT4-fs (loop5): unmounting filesystem.
[   77.139593][ T3794] loop5: detected capacity change from 0 to 512
[   77.152321][ T3794] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[   77.161209][ T3794] ext4 filesystem being mounted at /101/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   77.174312][   T28] audit: type=1400 audit(2000000029.273:750): avc:  denied  { setattr } for  pid=3793 comm="syz.5.1506" name="file1" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   77.214101][ T2729] EXT4-fs (loop5): unmounting filesystem.
[   77.227871][ T3804] input: syz1 as /devices/virtual/input/input14
[   77.317266][   T28] audit: type=1400 audit(2000000029.413:751): avc:  denied  { map } for  pid=3807 comm="syz.1.1501" path="/dev/ashmem" dev="devtmpfs" ino=265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   77.500473][  T323] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[   77.681501][  T323] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   77.692198][  T323] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   77.701746][  T323] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   77.714422][  T323] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   77.723393][  T323] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   77.731705][  T323] usb 1-1: config 0 descriptor??
[   78.139326][  T323] plantronics 0003:047F:FFFF.0019: No inputs registered, leaving
[   78.147749][  T323] plantronics 0003:047F:FFFF.0019: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[   78.411382][  T323] usb 1-1: USB disconnect, device number 10
[   78.420716][   T28] audit: type=1400 audit(2000000030.523:752): avc:  denied  { write } for  pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   78.441767][   T28] audit: type=1400 audit(2000000030.523:753): avc:  denied  { remove_name } for  pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   78.463877][   T28] audit: type=1400 audit(2000000030.523:754): avc:  denied  { rename } for  pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   78.485665][   T28] audit: type=1400 audit(2000000030.523:755): avc:  denied  { add_name } for  pid=84 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   78.507900][   T28] audit: type=1400 audit(2000000030.523:756): avc:  denied  { unlink } for  pid=84 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   78.530098][   T28] audit: type=1400 audit(2000000030.523:757): avc:  denied  { create } for  pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   78.730636][  T824] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   78.731527][  T333] Bluetooth: hci0: command 0x1003 tx timeout
[   78.742635][ T3779] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[   79.120883][ T3819] loop3: detected capacity change from 0 to 40427
[   79.127700][ T3819] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[   79.135689][ T3819] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   79.144692][ T3819] F2FS-fs (loop3): invalid crc value
[   79.152012][ T3819] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669)
[   79.183666][ T3819] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   79.190666][ T3819] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   79.385935][ T3843] loop0: detected capacity change from 0 to 128
[   79.412586][ T3843] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   79.423277][ T3843] ext4 filesystem being mounted at /327/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   79.452179][  T296] EXT4-fs (loop0): unmounting filesystem.
[   79.461348][ T3854] netem: change failed
[   79.486605][ T3859] loop5: detected capacity change from 0 to 256
[   79.506542][ T3859] FAT-fs (loop5): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00000001)
[   79.516394][ T3859] FAT-fs (loop5): Filesystem has been set read-only
[   79.523776][ T3859] FAT-fs (loop5): error, fat_get_cluster: invalid start cluster (i_pos 0, start 00000001)
[   79.649418][  T322] hid-generic 0000:0003:0000.001A: unknown main item tag 0x0
[   79.657357][  T322] hid-generic 0000:0003:0000.001A: unknown main item tag 0x0
[   79.668092][  T322] hid-generic 0000:0003:0000.001A: unknown main item tag 0x0
[   79.675535][  T322] hid-generic 0000:0003:0000.001A: unknown main item tag 0x0
[   79.682969][  T322] hid-generic 0000:0003:0000.001A: unknown main item tag 0x0
[   79.690466][  T322] hid-generic 0000:0003:0000.001A: unknown main item tag 0x0
[   79.697848][  T322] hid-generic 0000:0003:0000.001A: unknown main item tag 0x0
[   79.707530][  T322] hid-generic 0000:0003:0000.001A: unknown main item tag 0x0
[   79.714995][  T322] hid-generic 0000:0003:0000.001A: unknown main item tag 0x0
[   79.723848][  T322] hid-generic 0000:0003:0000.001A: unknown main item tag 0x0
[   79.731983][  T322] hid-generic 0000:0003:0000.001A: unknown main item tag 0x0
[   79.739342][  T322] hid-generic 0000:0003:0000.001A: unknown main item tag 0x0
[   79.746577][  T322] hid-generic 0000:0003:0000.001A: unknown main item tag 0x0
[   79.754451][  T322] hid-generic 0000:0003:0000.001A: unknown main item tag 0x0
[   79.767764][  T322] hid-generic 0000:0003:0000.001A: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   79.790532][  T323] ==================================================================
[   79.798425][  T323] BUG: KASAN: use-after-free in enqueue_timer+0xa6/0x480
[   79.805280][  T323] Write of size 8 at addr ffff88810ce2ca00 by task kworker/0:3/323
[   79.813002][  T323] 
[   79.815177][  T323] CPU: 0 PID: 323 Comm: kworker/0:3 Tainted: G        W          6.1.118-syzkaller-00021-gd12538e9da37 #0
[   79.826285][  T323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   79.836353][  T323] Workqueue: pm hcd_resume_work
[   79.841039][  T323] Call Trace:
[   79.844165][  T323]  <TASK>
[   79.846941][  T323]  dump_stack_lvl+0x151/0x1b7
[   79.851455][  T323]  ? nf_tcp_handle_invalid+0x3f1/0x3f1
[   79.856747][  T323]  ? _printk+0xd1/0x111
[   79.860740][  T323]  ? __virt_addr_valid+0x242/0x2f0
[   79.865686][  T323]  print_report+0x158/0x4e0
[   79.870024][  T323]  ? __virt_addr_valid+0x242/0x2f0
[   79.874973][  T323]  ? kasan_complete_mode_report_info+0x90/0x1b0
[   79.881047][  T323]  ? enqueue_timer+0xa6/0x480
[   79.885561][  T323]  kasan_report+0x13c/0x170
[   79.889900][  T323]  ? enqueue_timer+0xa6/0x480
[   79.894435][  T323]  __asan_report_store8_noabort+0x17/0x20
[   79.899969][  T323]  enqueue_timer+0xa6/0x480
[   79.904312][  T323]  __mod_timer+0x8d3/0xcf0
[   79.908581][  T323]  ? mod_timer_pending+0x30/0x30
[   79.913334][  T323]  ? __tasklet_schedule+0x20/0x20
[   79.918195][  T323]  ? _raw_spin_lock+0xa4/0x1b0
[   79.922795][  T323]  ? _raw_spin_trylock_bh+0x190/0x190
[   79.928006][  T323]  schedule_timeout+0x187/0x380
[   79.932691][  T323]  ? irqentry_exit+0x30/0x40
[   79.937117][  T323]  ? sysvec_call_function_single+0x61/0xc0
[   79.942757][  T323]  ? console_conditional_schedule+0x10/0x10
[   79.948486][  T323]  ? update_process_times+0x1b0/0x1b0
[   79.953695][  T323]  ? _raw_spin_unlock_irq+0x48/0x70
[   79.958727][  T323]  wait_for_common+0x39a/0x640
[   79.963327][  T323]  ? usb_autoresume_device+0x23/0x60
[   79.968446][  T323]  ? usb_remote_wakeup+0x5a/0xc0
[   79.973226][  T323]  ? wait_for_completion+0x20/0x20
[   79.978171][  T323]  ? usb_submit_urb+0x118c/0x1840
[   79.983031][  T323]  wait_for_completion_timeout+0xe/0x10
[   79.988409][  T323]  usb_start_wait_urb+0x177/0x350
[   79.993273][  T323]  ? usb_api_blocking_completion+0xb0/0xb0
[   79.998915][  T323]  ? __kasan_check_write+0x14/0x20
[   80.003861][  T323]  usb_control_msg+0x2ad/0x4c0
[   80.008459][  T323]  ? usb_anchor_empty+0x40/0x40
[   80.013148][  T323]  hub_ext_port_status+0xfe/0x6b0
[   80.018008][  T323]  hub_activate+0x872/0x1d00
[   80.022435][  T323]  ? hub_irq+0x430/0x430
[   80.026515][  T323]  ? __kasan_check_write+0x14/0x20
[   80.031458][  T323]  ? mutex_unlock+0xb2/0x260
[   80.035883][  T323]  hub_resume+0x9a/0x350
[   80.039964][  T323]  ? usb_hub_find_child+0x13b/0x1f0
[   80.045022][  T323]  ? hub_suspend+0xa90/0xa90
[   80.049602][  T323]  ? usbfs_notify_resume+0xcf/0xe0
[   80.054547][  T323]  usb_resume_both+0x72d/0xda0
[   80.059149][  T323]  ? usb_resume+0xa0/0xa0
[   80.063320][  T323]  ? autosuspend_check+0x590/0x590
[   80.068259][  T323]  usb_runtime_resume+0x21/0x30
[   80.072948][  T323]  __rpm_callback+0x2f3/0x7b0
[   80.077471][  T323]  ? __update_runtime_status+0x14f/0x2d0
[   80.082950][  T323]  ? autosuspend_check+0x590/0x590
[   80.087877][  T323]  rpm_resume+0xed8/0x15c0
[   80.092141][  T323]  ? __pm_runtime_resume+0x90/0x90
[   80.097080][  T323]  ? _raw_spin_lock+0x1b0/0x1b0
[   80.101770][  T323]  ? __kasan_check_write+0x14/0x20
[   80.106715][  T323]  ? mutex_lock+0xb1/0x1e0
[   80.110963][  T323]  ? _raw_spin_unlock+0x4c/0x70
[   80.115659][  T323]  __pm_runtime_resume+0x6d/0x90
[   80.120435][  T323]  usb_autoresume_device+0x23/0x60
[   80.125380][  T323]  usb_remote_wakeup+0x5a/0xc0
[   80.129970][  T323]  hcd_resume_work+0x3b/0x40
[   80.134407][  T323]  process_one_work+0x73d/0xcb0
[   80.139087][  T323]  worker_thread+0xa60/0x1260
[   80.143612][  T323]  kthread+0x26d/0x300
[   80.147509][  T323]  ? worker_clr_flags+0x1a0/0x1a0
[   80.152364][  T323]  ? kthread_blkcg+0xd0/0xd0
[   80.156799][  T323]  ret_from_fork+0x1f/0x30
[   80.161046][  T323]  </TASK>
[   80.163908][  T323] 
[   80.166077][  T323] Allocated by task 3779:
[   80.170247][  T323]  kasan_set_track+0x4b/0x70
[   80.174673][  T323]  kasan_save_alloc_info+0x1f/0x30
[   80.179614][  T323]  __kasan_kmalloc+0x9c/0xb0
[   80.184043][  T323]  __kmalloc+0xb4/0x1e0
[   80.188034][  T323]  hci_alloc_dev_priv+0x27/0x1c00
[   80.192893][  T323]  hci_uart_tty_ioctl+0x401/0xa70
[   80.197754][  T323]  tty_ioctl+0x903/0xc50
[   80.201836][  T323]  __se_sys_ioctl+0x114/0x190
[   80.206346][  T323]  __x64_sys_ioctl+0x7b/0x90
[   80.210774][  T323]  x64_sys_call+0x98/0x9a0
[   80.215024][  T323]  do_syscall_64+0x3b/0xb0
[   80.219284][  T323]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   80.225005][  T323] 
[   80.227174][  T323] Freed by task 3779:
[   80.230994][  T323]  kasan_set_track+0x4b/0x70
[   80.235420][  T323]  kasan_save_free_info+0x2b/0x40
[   80.240283][  T323]  ____kasan_slab_free+0x131/0x180
[   80.245238][  T323]  __kasan_slab_free+0x11/0x20
[   80.249829][  T323]  __kmem_cache_free+0x21d/0x410
[   80.254606][  T323]  kfree+0x7a/0xf0
[   80.258164][  T323]  hci_release_dev+0x14d3/0x1640
[   80.262934][  T323]  bt_host_release+0x83/0xa0
[   80.267365][  T323]  device_release+0x95/0x1c0
[   80.271789][  T323]  kobject_put+0x178/0x260
[   80.276040][  T323]  put_device+0x1f/0x30
[   80.280034][  T323]  hci_dev_cmd+0x2be/0x9b0
[   80.284288][  T323]  hci_sock_ioctl+0x415/0x7f0
[   80.288799][  T323]  sock_do_ioctl+0x152/0x450
[   80.293224][  T323]  sock_ioctl+0x455/0x740
[   80.297391][  T323]  __se_sys_ioctl+0x114/0x190
[   80.301904][  T323]  __x64_sys_ioctl+0x7b/0x90
[   80.306331][  T323]  x64_sys_call+0x98/0x9a0
[   80.310584][  T323]  do_syscall_64+0x3b/0xb0
[   80.314834][  T323]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   80.320568][  T323] 
[   80.322735][  T323] Last potentially related work creation:
[   80.328293][  T323]  kasan_save_stack+0x3b/0x60
[   80.332804][  T323]  __kasan_record_aux_stack+0xb4/0xc0
[   80.338010][  T323]  kasan_record_aux_stack_noalloc+0xb/0x10
[   80.343652][  T323]  insert_work+0x56/0x310
[   80.347823][  T323]  __queue_work+0x9b6/0xd70
[   80.352173][  T323]  queue_work_on+0x105/0x170
[   80.356587][  T323]  __hci_cmd_sync_sk+0xc2a/0xf70
[   80.361361][  T323]  hci_cmd_sync_status+0x52/0x130
[   80.366216][  T323]  hci_dev_cmd+0x39e/0x9b0
[   80.370472][  T323]  hci_sock_ioctl+0x415/0x7f0
[   80.374984][  T323]  sock_do_ioctl+0x152/0x450
[   80.379411][  T323]  sock_ioctl+0x455/0x740
[   80.383576][  T323]  __se_sys_ioctl+0x114/0x190
[   80.388095][  T323]  __x64_sys_ioctl+0x7b/0x90
[   80.392526][  T323]  x64_sys_call+0x98/0x9a0
[   80.396767][  T323]  do_syscall_64+0x3b/0xb0
[   80.401027][  T323]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   80.406748][  T323] 
[   80.408920][  T323] Second to last potentially related work creation:
[   80.415340][  T323]  kasan_save_stack+0x3b/0x60
[   80.419857][  T323]  __kasan_record_aux_stack+0xb4/0xc0
[   80.425063][  T323]  kasan_record_aux_stack_noalloc+0xb/0x10
[   80.430705][  T323]  insert_work+0x56/0x310
[   80.434868][  T323]  __queue_work+0x9b6/0xd70
[   80.439212][  T323]  queue_work_on+0x105/0x170
[   80.443660][  T323]  hci_cmd_timeout+0x199/0x200
[   80.448236][  T323]  process_one_work+0x73d/0xcb0
[   80.452925][  T323]  worker_thread+0xa60/0x1260
[   80.457437][  T323]  kthread+0x26d/0x300
[   80.461342][  T323]  ret_from_fork+0x1f/0x30
[   80.465594][  T323] 
[   80.467766][  T323] The buggy address belongs to the object at ffff88810ce2c000
[   80.467766][  T323]  which belongs to the cache kmalloc-8k of size 8192
[   80.481654][  T323] The buggy address is located 2560 bytes inside of
[   80.481654][  T323]  8192-byte region [ffff88810ce2c000, ffff88810ce2e000)
[   80.494933][  T323] 
[   80.497102][  T323] The buggy address belongs to the physical page:
[   80.503353][  T323] page:ffffea0004338a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10ce28
[   80.513419][  T323] head:ffffea0004338a00 order:3 compound_mapcount:0 compound_pincount:0
[   80.521580][  T323] flags: 0x4000000000010200(slab|head|zone=1)
[   80.527501][  T323] raw: 4000000000010200 ffffea0004c03600 dead000000000004 ffff888100043500
[   80.535906][  T323] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[   80.544317][  T323] page dumped because: kasan: bad access detected
[   80.550580][  T323] page_owner tracks the page as allocated
[   80.556121][  T323] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 1407, tgid 1406 (syz.4.476), ts 41418198998, free_ts 37587347310
[   80.578427][  T323]  post_alloc_hook+0x213/0x220
[   80.583024][  T323]  prep_new_page+0x1b/0x110
[   80.587364][  T323]  get_page_from_freelist+0x2f41/0x2fc0
[   80.592745][  T323]  __alloc_pages+0x234/0x610
[   80.597171][  T323]  alloc_slab_page+0x6c/0xf0
[   80.601611][  T323]  new_slab+0x90/0x3e0
[   80.605504][  T323]  ___slab_alloc+0x6f9/0xb80
[   80.609930][  T323]  __slab_alloc+0x5d/0xa0
[   80.614097][  T323]  __kmem_cache_alloc_node+0x207/0x2a0
[   80.619395][  T323]  __kmalloc+0xa3/0x1e0
[   80.623383][  T323]  mb_cache_create+0x171/0x620
[   80.627985][  T323]  ext4_xattr_create_cache+0x13/0x20
[   80.633105][  T323]  ext4_fill_super+0x61c9/0x8460
[   80.637898][  T323]  get_tree_bdev+0x440/0x680
[   80.642304][  T323]  ext4_get_tree+0x1c/0x20
[   80.646558][  T323]  vfs_get_tree+0x88/0x290
[   80.650814][  T323] page last free stack trace:
[   80.655323][  T323]  free_unref_page_prepare+0x83d/0x850
[   80.660620][  T323]  free_unref_page+0xb2/0x5c0
[   80.665134][  T323]  __free_pages+0x61/0xf0
[   80.669313][  T323]  __free_slab+0xce/0x1a0
[   80.673462][  T323]  __unfreeze_partials+0x165/0x1a0
[   80.678411][  T323]  put_cpu_partial+0xa9/0x100
[   80.682926][  T323]  __slab_free+0x1c8/0x280
[   80.687179][  T323]  ___cache_free+0xc6/0xd0
[   80.691430][  T323]  qlist_free_all+0xc5/0x140
[   80.695856][  T323]  kasan_quarantine_reduce+0x15a/0x180
[   80.701148][  T323]  __kasan_slab_alloc+0x24/0x80
[   80.705839][  T323]  slab_post_alloc_hook+0x53/0x2c0
[   80.710785][  T323]  kmem_cache_alloc_node+0x188/0x330
[   80.715906][  T323]  __alloc_skb+0xcc/0x2d0
[   80.720073][  T323]  tcp_stream_alloc_skb+0x46/0x340
[   80.725018][  T323]  tcp_sendmsg_locked+0xda6/0x4000
[   80.729964][  T323] 
[   80.732137][  T323] Memory state around the buggy address:
[   80.737609][  T323]  ffff88810ce2c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   80.745504][  T323]  ffff88810ce2c980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   80.753402][  T323] >ffff88810ce2ca00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   80.761304][  T323]                    ^
[   80.765204][  T323]  ffff88810ce2ca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   80.773105][  T323]  ffff88810ce2cb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   80.781001][  T323] ==================================================================
[   80.788899][  T323] Disabling lock debugging due to kernel taint
[   80.810499][    C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[   80.822072][    C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[   80.830302][    C0] CPU: 0 PID: 3883 Comm: syz.0.1532 Tainted: G    B   W          6.1.118-syzkaller-00021-gd12538e9da37 #0
[   80.841412][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   80.851309][    C0] RIP: 0010:__queue_work+0x4f1/0xd70
[   80.856418][    C0] Code: 39 03 0f 84 40 01 00 00 e8 8c 6b 2a 00 4c 89 e7 e8 e4 e3 d6 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 60 e1 71 00 49 8b 3e e8 98 dc d6
[   80.875860][    C0] RSP: 0018:ffffc90000007c78 EFLAGS: 00010046
[   80.881763][    C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff8881243ed100
[   80.889582][    C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[   80.897386][    C0] RBP: ffffc90000007d00 R08: ffffffff814b186b R09: 0000000000000007
[   80.905196][    C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff88810ce2c9c8
[   80.913006][    C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88810ce2c9e0
[   80.920820][    C0] FS:  00007f27f92526c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   80.929585][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   80.936011][    C0] CR2: 0000000020691000 CR3: 000000012fff6000 CR4: 00000000003506b0
[   80.943820][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   80.951629][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   80.959444][    C0] Call Trace:
[   80.962567][    C0]  <IRQ>
[   80.965258][    C0]  ? __die_body+0x62/0xb0
[   80.969425][    C0]  ? die_addr+0x9f/0xd0
[   80.973417][    C0]  ? exc_general_protection+0x317/0x4c0
[   80.978802][    C0]  ? _raw_spin_lock+0x1b0/0x1b0
[   80.983487][    C0]  ? asm_exc_general_protection+0x27/0x30
[   80.989043][    C0]  ? __queue_work+0x28b/0xd70
[   80.993552][    C0]  ? __queue_work+0x4f1/0xd70
[   80.998064][    C0]  ? __queue_work+0x29c/0xd70
[   81.002587][    C0]  delayed_work_timer_fn+0x61/0x80
[   81.007528][    C0]  ? queue_work_node+0x1d0/0x1d0
[   81.012299][    C0]  call_timer_fn+0x3b/0x2d0
[   81.016640][    C0]  ? queue_work_node+0x1d0/0x1d0
[   81.021414][    C0]  __run_timers+0x756/0xa10
[   81.025753][    C0]  ? calc_index+0x270/0x270
[   81.030093][    C0]  ? sched_clock+0x9/0x10
[   81.034262][    C0]  ? sched_clock_cpu+0x71/0x2b0
[   81.038945][    C0]  run_timer_softirq+0x69/0xf0
[   81.043544][    C0]  handle_softirqs+0x1db/0x650
[   81.048146][    C0]  __irq_exit_rcu+0x52/0xf0
[   81.052483][    C0]  irq_exit_rcu+0x9/0x10
[   81.056562][    C0]  sysvec_apic_timer_interrupt+0xa9/0xc0
[   81.062031][    C0]  </IRQ>
[   81.064808][    C0]  <TASK>
[   81.067586][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[   81.073398][    C0] RIP: 0010:kasan_check_range+0x6/0x2a0
[   81.078782][    C0] Code: c6 48 89 c7 e8 eb 32 5f 03 31 c0 5d c3 0f 0b eb 02 0f 0b b8 ea ff ff ff 5d c3 cc cc cc cc cc cc cc cc cc cc 55 48 89 e5 41 57 <41> 56 41 55 41 54 53 b0 01 48 85 f6 0f 84 a4 01 00 00 48 89 fb 48
[   81.098229][    C0] RSP: 0018:ffffc90002387a88 EFLAGS: 00000246
[   81.104235][    C0] RAX: ffffffff8277a4ae RBX: 00007fffffffeff8 RCX: ffffffff8277a4bc
[   81.112043][    C0] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc90002387b40
[   81.119856][    C0] RBP: ffffc90002387a90 R08: ffffffff8277a49f R09: ffffffff844b4745
[   81.127664][    C0] R10: 0000000000000004 R11: ffff8881243ed100 R12: 0000000000000008
[   81.135473][    C0] R13: 000000001f96e7a1 R14: ffffc90002387b40 R15: 00000000206919a0
[   81.143289][    C0]  ? tcp_repair_options_est+0x1e5/0x640
[   81.148666][    C0]  ? _copy_from_user+0x4f/0xc0
[   81.153271][    C0]  ? _copy_from_user+0x5e/0xc0
[   81.157868][    C0]  ? _copy_from_user+0x6c/0xc0
[   81.162468][    C0]  __kasan_check_write+0x14/0x20
[   81.167241][    C0]  _copy_from_user+0x6c/0xc0
[   81.171666][    C0]  tcp_repair_options_est+0x198/0x640
[   81.176877][    C0]  ? copy_from_sockptr+0xa0/0xa0
[   81.181649][    C0]  do_tcp_setsockopt+0x189e/0x2330
[   81.186603][    C0]  ? tcp_set_window_clamp+0x5d0/0x5d0
[   81.191802][    C0]  ? selinux_socket_setsockopt+0x260/0x360
[   81.197447][    C0]  ? selinux_socket_getsockopt+0x340/0x340
[   81.203088][    C0]  ? _raw_spin_lock_bh+0xa4/0x1b0
[   81.207948][    C0]  tcp_setsockopt+0x57/0xe0
[   81.212290][    C0]  sock_common_setsockopt+0xa2/0xc0
[   81.217322][    C0]  ? sock_common_recvmsg+0x240/0x240
[   81.222440][    C0]  __sys_setsockopt+0x4dc/0x8b0
[   81.227126][    C0]  ? __ia32_sys_recv+0xb0/0xb0
[   81.231736][    C0]  ? fpregs_restore_userregs+0x130/0x290
[   81.237197][    C0]  __x64_sys_setsockopt+0xbf/0xd0
[   81.242058][    C0]  x64_sys_call+0x1a2/0x9a0
[   81.246403][    C0]  do_syscall_64+0x3b/0xb0
[   81.250650][    C0]  ? clear_bhb_loop+0x55/0xb0
[   81.255172][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   81.260889][    C0] RIP: 0033:0x7f27f8385d29
[   81.265143][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   81.284585][    C0] RSP: 002b:00007f27f9252038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   81.292830][    C0] RAX: ffffffffffffffda RBX: 00007f27f8575fa0 RCX: 00007f27f8385d29
[   81.300642][    C0] RDX: 0000000000000016 RSI: 0000000000000006 RDI: 0000000000000003
[   81.308451][    C0] RBP: 00007f27f8401b08 R08: 0000000020000149 R09: 0000000000000000
[   81.316261][    C0] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000000
[   81.324074][    C0] R13: 0000000000000000 R14: 00007f27f8575fa0 R15: 00007ffdf83720b8
[   81.331892][    C0]  </TASK>
[   81.334749][    C0] Modules linked in:
[   81.338485][    C0] ---[ end trace 0000000000000000 ]---
[   81.343780][    C0] RIP: 0010:__queue_work+0x4f1/0xd70
[   81.348901][    C0] Code: 39 03 0f 84 40 01 00 00 e8 8c 6b 2a 00 4c 89 e7 e8 e4 e3 d6 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 60 e1 71 00 49 8b 3e e8 98 dc d6
[   81.368340][    C0] RSP: 0018:ffffc90000007c78 EFLAGS: 00010046
[   81.374244][    C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff8881243ed100
[   81.382054][    C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[   81.389864][    C0] RBP: ffffc90000007d00 R08: ffffffff814b186b R09: 0000000000000007
[   81.397676][    C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff88810ce2c9c8
[   81.405485][    C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88810ce2c9e0
[   81.413297][    C0] FS:  00007f27f92526c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   81.422060][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   81.428500][    C0] CR2: 0000000020691000 CR3: 000000012fff6000 CR4: 00000000003506b0
[   81.436301][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   81.444107][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   81.451922][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[   81.459230][    C0] Kernel Offset: disabled
[   81.463355][    C0] Rebooting in 86400 seconds..