last executing test programs: 3.543146348s ago: executing program 1: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000f80)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0x40, 0x13, 0x6, @random="41e53d9ac4df"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000001740)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)={0x40, 0x19, 0x2, "b3f0"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000580)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="000001000000b7"], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00'}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER(0x500, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) 3.482422257s ago: executing program 4: unshare(0x22000600) r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r0, 0x80045503, 0xffffffffffffffff) 3.472222659s ago: executing program 4: sendmsg$TIPC_CMD_SET_LINK_WINDOW(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="38001a", @ANYRES16=0x0, @ANYBLOB="080127bd7000fbdbdf25010000000000000009410000001c0018000000046574683a76657468305f746f5f626f6e64000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000001) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000680)) openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0) write$selinux_attr(0xffffffffffffffff, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d) socket$inet_udp(0x2, 0x2, 0x0) eventfd(0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000a40)={{{@in6=@private0, @in6}}, {{@in=@broadcast}, 0x0, @in6=@private1}}, &(0x7f0000000b40)=0xe8) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000dc0)={'wg1\x00', {0x2, 0x4e23, @private}}) getresgid(0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x38, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_SETUP={0x8, 0x70, [@NL80211_MESH_SETUP_USERSPACE_AMPE={0x4}]}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x1f}]}, 0x38}}, 0x0) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x20000044) r5 = accept$packet(r0, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) ioctl$sock_SIOCGPGRP(r1, 0x8904, 0x0) splice(0xffffffffffffffff, &(0x7f0000000500)=0x92, r5, &(0x7f00000005c0)=0xffffffffffffffff, 0x401, 0x5) recvmsg(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000001c0)=""/157, 0x9d}], 0x1, &(0x7f00000002c0)=""/206, 0xce}, 0x20) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r6 = socket(0x10, 0x3, 0x0) timer_create(0x4f8ec3f182b9ca7f, 0x0, &(0x7f00000014c0)) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000080)={0x1}, 0x10) write(r6, &(0x7f0000000000)="240000001a005f0214f9f407000903000a00000001000001000000000400070001000000", 0x24) ioctl$sock_SIOCGPGRP(r6, 0x8904, &(0x7f0000000600)) 2.62567326s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xbf22}, 0x48) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f0000000100)={r0, &(0x7f00000000c0), &(0x7f0000000080)=@udp}, 0x20) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4) write$binfmt_elf64(r1, &(0x7f0000000680)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [], "", ['\x00', '\x00']}, 0x240) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000300)=[@window, @mss, @window, @timestamp, @sack_perm, @timestamp, @mss, @sack_perm], 0x8) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r1, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd14b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a663afd02facb08dd9695f854c7b031d9af8bd7350897996b5208b23030cc0feb84570730eaf24b9f2ac05d0feb3be07a29f887095f36f3c8f0e77e45509acd14a5be4a1572dd4cd1231087b830fa03e071571d4abd694710ef140469cf6df8a59839aafe046a5bffb97e5247be901789eafd726ba090337a2c49207e6b900c7e982472e6aac70e5d52ca2c1bab47b1f6d00f9601e2281686c21f770ae96e0ffec4b30496d012fa00958f794cdbd721bd155cae87", 0x109e8, 0x805, 0x0, 0x6) ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, &(0x7f00000012c0)) 2.551362022s ago: executing program 4: r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=ANY=[@ANYBLOB="180800009a000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d0000850000001a000000bca900000000000035090100000000009500000000000000bf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001700)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x4, 0x0, 0x0) ioctl$int_in(r1, 0x5421, &(0x7f0000000300)=0x208) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00'}, 0x10) ioperm(0x0, 0x80, 0x0) sendto$inet6(r1, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) shutdown(r1, 0x1) 2.541666844s ago: executing program 0: syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fcntl$lock(r0, 0x25, &(0x7f00000002c0)) r1 = open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x0) r2 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) flock(r2, 0x6) close(r1) 2.527189766s ago: executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000007dc0)=[{&(0x7f0000000040)={0x120, 0x10, 0x0, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @ipv4=@private=0xa010100}, @nested={0xe1, 0x0, 0x0, 0x1, [@generic="3e9936be4db0aa9883b54c0c76c1d38bb8a855cb2d34710fa1bbcb25eb864acbe2273e1d3b1b68fca4f420fce00535ea4699c592d2d5d9d2703df16e1764488162a1a5fa13d5dffbcb64fa90da267352b0f7f8a4d488b6bc5a817db452dd7c813bace8aede23b47d51987ec7fb92e131e3e422be056ef5e0c00dfb76f434f5a5868f33199d2d050b51d3ca41e30cdac049c7092180fd6d472bb1fbec1b3f61", @generic="cf36338525d7c87bf531ff089bb0f5bb661ce8caa081fb3bda92be86a5891f9c5d01fe4dcf8eeb7373e25e32cc2e7b34859b30076ac63181131ff7f44b62"]}, @typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @typed={0x4}]}, @typed={0x9, 0x0, 0x0, 0x0, @binary="84cc01aae4"}]}, 0x120}], 0x1}, 0x0) 2.484159413s ago: executing program 4: socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, 0x0}, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "df3e0400000000000000000000000609000040"}) syz_open_pts(r1, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x8, 0xb}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="1201000064172f2057155081ed29010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io(r3, &(0x7f00000003c0)={0x2c, &(0x7f0000000200)={0x0, 0xa, 0x59, {0x59, 0x10, "64f16728dca6c3fa72b658081bb84fba77b2123222b8c8627f0096b3d0944b049b39ce286cf448f9ddd08d6b0b63b69b7a71abb70915b387628821a418dc75c702b54ca45d49264f19e3e52431000b27160d0a2f794a5d"}}, &(0x7f0000000900)=ANY=[@ANYBLOB="001094551ab9de27030400000004031204"], &(0x7f0000000080)={0x0, 0xf, 0x19, {0x5, 0xf, 0x19, 0x2, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x4, 0x0, 0x9, 0x9}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x1, 0x1f, 0x7, 0x9}]}}, &(0x7f0000000280)={0x20, 0x29, 0xf, {0xf, 0x29, 0x20, 0x2, 0x0, 0x2, "3fd82b78", "07cb9ab7"}}, &(0x7f0000000380)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x87, 0x3, 0x7f, 0x81, 0x40, 0xb681, 0x3}}}, &(0x7f0000000840)={0x84, &(0x7f0000000400)={0x40, 0x11, 0x2a, "6c21d4a52008767993fd2c33459212b7cfcd0a5234c588d6d040c73174cf65864abc9e147f511d1374c3"}, 0x0, 0x0, &(0x7f00000004c0)={0x20, 0x0, 0x4, {0x1, 0x1}}, &(0x7f0000000a40)=ANY=[@ANYBLOB="36000400000000000400d434c1f5090d3bdf91fa94b16991cdc8a0ff00afe50ac452eef97f6af9d010b6b3a1ef2b9318a61f869a9f3433f3210e012fdd727edd0dc7edc27548a41c6a6e81fa8020bc952730537fe0391216a27fbaf760bf9f6a1abdae071bf62939daf38198df01f46e3d89946e864f1d58098226511f028e92cbf4f54952d6cdcde0271e79b7531af9f052edce3f074d59803f58"], &(0x7f0000000540)={0x40, 0x7, 0x2}, &(0x7f0000000580)={0x40, 0x9, 0x1, 0x3f}, &(0x7f00000005c0)={0x40, 0xb, 0x2, "89e4"}, &(0x7f0000000600)={0x40, 0xf, 0x2, 0x2}, &(0x7f0000000640)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, &(0x7f0000000680)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}}, &(0x7f00000006c0)={0x40, 0x19, 0x2, "d256"}, &(0x7f0000000700)={0x40, 0x1a, 0x2, 0xee6b}, &(0x7f0000000740)={0x40, 0x1c, 0x1, 0x1f}, &(0x7f0000000780)={0x40, 0x1e, 0x1, 0x10}, &(0x7f0000000800)={0x40, 0x21, 0x1, 0x1}}) syz_usb_control_io(r3, 0x0, &(0x7f0000000940)={0x84, &(0x7f0000000040)={0x0, 0x0, 0x1, "c9"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) close(0xffffffffffffffff) 2.455137137s ago: executing program 0: sendmsg$TIPC_CMD_SET_LINK_WINDOW(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="38001a", @ANYRES16=0x0, @ANYBLOB="080127bd7000fbdbdf25010000000000000009410000001c0018000000046574683a76657468305f746f5f626f6e64000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000001) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000680)) openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0) write$selinux_attr(0xffffffffffffffff, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d) socket$inet_udp(0x2, 0x2, 0x0) eventfd(0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000a40)={{{@in6=@private0, @in6}}, {{@in=@broadcast}, 0x0, @in6=@private1}}, &(0x7f0000000b40)=0xe8) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000dc0)={'wg1\x00', {0x2, 0x4e23, @private}}) getresgid(0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x38, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_SETUP={0x8, 0x70, [@NL80211_MESH_SETUP_USERSPACE_AMPE={0x4}]}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x1f}]}, 0x38}}, 0x0) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000c40)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x20000044) r5 = accept$packet(r0, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) ioctl$sock_SIOCGPGRP(r1, 0x8904, 0x0) splice(0xffffffffffffffff, &(0x7f0000000500)=0x92, r5, &(0x7f00000005c0)=0xffffffffffffffff, 0x401, 0x5) recvmsg(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000001c0)=""/157, 0x9d}], 0x1, &(0x7f00000002c0)=""/206, 0xce}, 0x20) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) r6 = socket(0x10, 0x3, 0x0) timer_create(0x4f8ec3f182b9ca7f, 0x0, &(0x7f00000014c0)) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000080)={0x1}, 0x10) write(r6, &(0x7f0000000000)="240000001a005f0214f9f407000903000a00000001000001000000000400070001000000", 0x24) ioctl$sock_SIOCGPGRP(r6, 0x8904, &(0x7f0000000600)) 1.595693591s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xbf22}, 0x48) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f0000000100)={r0, &(0x7f00000000c0), &(0x7f0000000080)=@udp}, 0x20) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4) write$binfmt_elf64(r1, &(0x7f0000000680)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [], "", ['\x00', '\x00']}, 0x240) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000300)=[@window, @mss, @window, @timestamp, @sack_perm, @timestamp, @mss, @sack_perm], 0x8) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r1, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd14b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a663afd02facb08dd9695f854c7b031d9af8bd7350897996b5208b23030cc0feb84570730eaf24b9f2ac05d0feb3be07a29f887095f36f3c8f0e77e45509acd14a5be4a1572dd4cd1231087b830fa03e071571d4abd694710ef140469cf6df8a59839aafe046a5bffb97e5247be901789eafd726ba090337a2c49207e6b900c7e982472e6aac70e5d52ca2c1bab47b1f6d00f9601e2281686c21f770ae96e0ffec4b30496d012fa00958f794cdbd721bd155cae87", 0x109e8, 0x805, 0x0, 0x6) ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, &(0x7f00000012c0)) 1.576542044s ago: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000fdffffff0000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000057000000"], 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r5}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_int(r6, &(0x7f00000000c0)='cgroup.max.depth\x00', 0x2, 0x0) write$cgroup_int(r7, &(0x7f0000000040)=0x60000000000, 0x12) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$TUNSETOFFLOAD(r8, 0x40086607, 0x20001412) ioctl$SIOCSIFHWADDR(r8, 0x8924, &(0x7f0000000a00)={'wg2\x00', @remote}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffffdd, 0xa}, [@ldst={0x3, 0x2, 0x3, 0x1c10a1, 0x0, 0x3a}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0x8}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r4, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0], 0x0, 0xec, &(0x7f00000003c0)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000400), &(0x7f00000004c0), 0x8, 0xcb, 0x8, 0x8, &(0x7f0000000540)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x4, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) 1.335411082s ago: executing program 3: syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fcntl$lock(r0, 0x25, &(0x7f00000002c0)) r1 = open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x0) r2 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) flock(r2, 0x6) close(r1) 1.246298125s ago: executing program 3: socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always']) chdir(&(0x7f0000000140)='./file0\x00') r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ftruncate(r0, 0x8208200) r1 = open(&(0x7f0000000780)='./bus\x00', 0x14117e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600402, 0x7ffffe, 0x4002011, r1, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) dup(r4) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000080)=ANY=[@ANYBLOB]) mmap(&(0x7f00004d0000/0x3000)=nil, 0x3000, 0x1800001, 0x28011, r1, 0x1000) 1.21543038s ago: executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000a00)={[{@jqfmt_vfsv1}, {}, {@barrier_val}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@nouid32}, {@nodiscard}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x3f}}]}, 0xfc, 0x565, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhvoggz04mUvX1h8TBOej6HCg7zO0d2U0XUaTjrUO3B7ciy8yBBEH4h/gu4/Df8C/YqCDIaPogwiVm9502ZofbZeZbPl84Lbn3HPTc0/O/Z6ek5uQAIbW0exHIeLliPgmiTjYVDYaeeHR9eNWH1ybybYk1tY+/TOJJN/XOD7Jf+/PMy9FxK9fRZwobK63urwyXyqX08U8P1FbuDxRXV45eXGhNJfOpZempqdPvzU99e47b/esra+f+/v7T+58ePrrY6vf/Xzv0K0kzsSBvKy5HU/genPmaOnfPDUWZx47cLIHlQ2SpN8nwI6M5HE+FtkYcDBG8qgHnn9fRsQaMKQS8Q9DqjEPaKzte7QOfmbc/2B9AbS5/aPrr43EnvraaN9q8sjKKFvvjveg/qyOX/64fSvbovPrEHu75AG25fqNiDg1Orp5/Evy8W/nTtVfPO7s8TqG7f8P9NOdbP7zRqv5T2Fj/hMt5j/7W8TuTnSP/8K9HlTTVjb/e6/l/Hdj6BofyXMv1Od8Y8mFi+X0VES8GBHHY2x3lu90P+f06t21dmXN879sy+pvzAXz87g3uvvRx8yWaqUnaXOz+zciXmk5/002+j9p0f/Z83Fui3UcSW+/2q6se/ufrrWfIl5r2f8P72glne9PTtSvh4nGVbHZXzeP/NayYG//25/1/77O7R9Pmu/XVrdfx497/knble30+t+VfFZP78r3XS3VaouTEbuSjzfvn3r42Ea+cXzW/uPHOo9/ra7/bPH1+Rbbf/PwzbaHDkL/z26r/7efuPvRFz+0q39r/f9mPXU837OV8W+rJ/gkzx0AAAAAAAAMmkJEHIikUNxIFwrF4vr7Ow7HvkK5Uq2duFBZujQb9c/KjsdYoXGn+2DT+yEm8/fDNvJTj+WnI+JQRHw7sreeL85UyrP9bjwAAAAAAAAAAAAAAAAAAAAMiP1tPv+f+X2k32cHPHX1LzbY3e+zAPqh61f+9+KbnoCB1DX+geeW+IfhJf5heIl/GF7iH4aX+IfhJf5heIl/AAAAAAAAAAAAAAAAAAAAAAAAAAAA6KlzZ89m29rqg2szWX72yvLSfOXKydm0Ol9cWJopzlQWLxfnKpW5clqcqSx0+3vlSuXy5FQsXZ2opdXaRHV55fxCZelS7fzFhdJcej4d+19aBQAAAAAAAAAAAAAAAAAAAM+W6vLKfKlcThcl2ibej4E4jafZwHU7evjooLRCoqeJPg9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDkvwAAAP//O8E2Ug==") prctl$PR_GET_TAGGED_ADDR_CTRL(0x38) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000ac0)=@newtaction={0x14}, 0x14}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x22301, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000000040)={0x0, 0x12}, &(0x7f0000000200)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000300)={0x0, 0x989680}, 0x0) timer_create(0x2, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000500)=0x0) timer_settime(r1, 0x1, &(0x7f0000000480)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) bind$unix(r2, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) mount$9p_fd(0x0, &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB, @ANYBLOB=',context=']) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x1}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000002180)={0xffffffffffffffff, 0xffffffffffffffff}) prctl$PR_GET_TAGGED_ADDR_CTRL(0x38) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYBLOB="2e81c244f5e93ac78aae3e0ea0a1713f6b002a469ce6bbdeeec19a571b05"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8923, &(0x7f0000000800)={'pim6reg1\x00', @link_local={0x1, 0x37}}) 1.15334196s ago: executing program 2: r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=ANY=[@ANYBLOB="180800009a000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b706000014000000b7030000000d0000850000001a000000bca900000000000035090100000000009500000000000000bf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001700)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x4, 0x0, 0x0) ioctl$int_in(r1, 0x5421, &(0x7f0000000300)=0x208) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00'}, 0x10) ioperm(0x0, 0x80, 0x0) sendto$inet6(r1, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) shutdown(r1, 0x1) 1.132995183s ago: executing program 2: setreuid(0x0, 0xee00) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, 0x0, 0x0) 1.109430237s ago: executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000026001fff000300"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800e0001007769726567756172640000000400028008000a"], 0x40}}, 0x0) 1.08802469s ago: executing program 2: capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000010000000731199000000000016000000000000009500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) 1.068390923s ago: executing program 2: unshare(0x22000600) r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r0, 0x80045503, 0xffffffffffffffff) 1.059036565s ago: executing program 2: bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000900000000000000000000009500000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) r2 = getegid() write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000004dc0)=ANY=[@ANYBLOB="6006000000000000", @ANYRES64=0x0, @ANYBLOB="06000000000000000000000000000000040000000000000000000080000000000600000006000000040000000000000001000000000000000800000000000000080000000000000007000000000000000000000000000000000000004e000000010000000080000008000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="03000000a9f9ffff000000000300000000000000060000000000000006000000ef0600006b667265650000000300000000000000030000000000000007000000000000000000000000000000100000000080000001000000000000000100000000000000feffffffffffffff1f000000000000000500000000000000050000000000000004000000020000000100000000c0000006000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="06000000d821000000000000030000000000000006000000000000000100000001000100bf0000000000000005000000000000000200000000000000ffffffffffffffff3a0100000000000000000000ff0100000300000000000000ff7f000000000000000400000000000014ca00000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="c0000000580d0000000000000500000000000000be57ffffffffffff01000000000000000000000000000000050000000000000003000000000000000500000000000000010000000000000020000000000800000400000000000000ffffffffffffff7f0900000000000000070000000000000002000000000000000600000000000000050000000000000001000000001000001f000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ffffffff0000000000000000040000000000000000000000000000000d000000bdbf000073636865645f737769746368000000000500000000000000000000000000000007000000000000000900000000000000060000000300000000000000000000009f000000000000000080ffffffffffff06000000000000000100010000000000fd000000000000000700000000000000020000000020000007000000", @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="018000000000000000000000040000000000000000000000000000000a0000000600000077697265677561726400000000000000020000000000000003200000000000000200000000000000ba580000000000000010000001000000010000000000000008000000000000007f0000000000000001000000010000000e000000000000000101000000000000040000000600000085a500000060000003000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="286500002500000000000000000000000000000020001000000000000a000000ff0100007769726567756172640000000000000002000000000000000300000000000000ff01000000000000bdaa000000000000e20f0000ff070000030000000000000081d80000000000001f000000000000000a00000000000000080000000000000005000000000000000600000003000000040000000020000006000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0100000000000000000000000600000000000000060000000000000008000000070000002d262d3a2727235c03000000000000000000000000000000080000000000000006000000000000000100000003000000050000000000000007000000000000000100000000000000030000000000000000000000000000801f0000000000000001000000030000000100000000c00000ffffff7f", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0400000000004100000000000200000000000000ff0f00000000000000000000000000800300000000000000010000000000000000000000000000000500000000000000ffffffff008000000300000000000000030000000000000006000000000000000900000000000000ff0000000000000003000000000000005241ffffe35900000180000000a0000001000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0100000006000000000000000200000000000000030000000000000001000000e30c00000000000000000000040000000000000001000000000000000200000000000000cd8700000000000008000000040000000500000000000000008000000000000002000000000000000200000000000000feffffffffffffff0100000000000000ffffffff01000080d000000000c0000007000000", @ANYRES32=0x0, @ANYRES32=r2, @ANYBLOB="f7ffffff01040000000000000500000000000000890000000000000001000000dbf3ffff0000000000000000"], 0x660) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1], 0x0}, 0x90) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x4, 0xc, &(0x7f00000002c0)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000807b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000300), 0xffffffffffffffff) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r6}, 0x10) sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x5, 0x2}, 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x5}]}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="c8010000", @ANYRES16=r5, @ANYBLOB="0100000000000000000001000000060006000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5426c010880f4000080060005000180000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff240002001bc715ee4868b12a49f4df11bc05475489f6a27c4d6483ad2fa5e45903b0ce851400040002000000ac1414aa00000000000000008c00098028000080060001000a00000014000200ff020000000000000000000000000001050003000000000028000080060001000a000000140002000000000000000000000000000000000105000300030000001c000080060001000200da0008000200e000000105000300000000001c000080060001000200000008000200ac141400050003000000000074000080200004000a004e2200000000fc0000000000000000000000000000000400000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff080003000100000024000200cde20bc0d9b90ac13642d7b66459dd9db5e20b4b16d3d23f2cb03a8aa417dce6080007000000000014000200776730"], 0x1c8}}, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r9}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x74000000, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c00000010004b0400f4ed00000000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c00028008000400000000000600060000000000060009"], 0x4c}}, 0x0) 699.304021ms ago: executing program 0: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x2000040, &(0x7f00000007c0)={[{@errors_remount}, {@nodiscard}, {@noquota}, {@init_itable}, {@stripe={'stripe', 0x3d, 0x79}}, {@resgid}, {@sysvgroups}, {@delalloc}, {@usrquota}]}, 0x10, 0x4d2, &(0x7f00000002c0)="$eJzs3c9rHG8ZAPBnJtlvf+VrUvVQC7bFVtKi3U0a2wYPtYLYU8Fa7zUmmxCyyYbspm1CkRTvCiIqePLkRfAPEKR/gggFvUsVRbTVgwd1ZWdnaxt3m0i3OzX5fGA67zvv7j7P27Az88687ARwaJ2LiJsRMRIRlyJiPN+e5sutdvudzutePH80316SaLXu/jmJJN/W/awkX5+IiJ2IOBoRX70V8Y3kv+M2trZX5mq16kZerzRX1yuNre3Ly6tzS9Wl6trMzPS12euzV2enBtLPiYi48aXff/87P/nyjV989sFv7/3x4jfbaY3l7a/2Y5A6XS9l/xddoxGx8S6CFWAkX5f6tH97ZIjJAACwp/Y5/kcj4lPZ+f94jGRnpwAAAMBB0vrCWPwjiWgBAAAAB1aazYFN0nI+F2As0rRc7szh/XgcT2v1RvMzi/XNtYXOXNmJKKWLy7XqVD5XeCJKSbs+nc+x7dav7KrPRMTJiPje+LGsXp6v1xaKvvgBAAAAh8SJXeP/v41n4/8jRecFAAAADNhE0QkAAAAA75zxPwAAABx8xv8AAABwoH3l9u320uo+/3rh/tbmSv3+5YVqY6W8ujlfnq9vrJeX6vWl7Df7Vvf6vFq9vv65WNt8WGlWG81KY2v73mp9c615b/m1R2ADAAAAQ3Ty7JPfJBGx8/lj2dL2QdFJAUOR7NGePSTkWV753RASAoZmpOgEgMKMFp0AUJhS0QkAhdvrOkDfyTu/HHwuAADAuzH5if73/10bgIMtLToBAGDo3P+Hw6v0+gzAq8VlAhTlI3u0v/39/1brf0oIAAAYuLFsSdJyfi9wLNK0XI74MHssQClZXK5Vp/Lxwa/HS0fa9ensncmec4YBAAAAAAAAAAAAAAAAAAAAAAAAgI5WK4kWAAAAcKBFpH9Isl/zj5gcvzC2+/rAB8nfx7N1RDz40d0fPJxrNjem29v/8nJ784f59itFXMEAAAAAduuO07vjeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYpBfPH813l2HG/dMXI2KiZ/yzR7PV0ShFxPG/JjH6yvuSiBgZQPydxxFxqlf8pJ1WTEQni17xjxUYP42IEwOID4fZk/b+52av718a57J17+/faL68rf77vzS6+7+RPvufD/cZ4/TTn1X6xn8ccXq09/6nGz/pE//8PuN//Wvb2/3aWj+OmOx5/Elei1Vprq5XGlvbl5dX55aqS9W1mZnpa7PXZ6/OTlUWl2vV/N+eMb77yZ//6039P94n/sQe/b+wz/7/8+nD5x/rFEu94l883/v4e6pP/DQ/9n06L7fbJ7vlnU75VWd++qszb+r/Qp/+v/z79zjQtmNe3Gf/L9351rN9vhQAGILG1vbKXK1W3fh/LKTxXqShMJDCkfcjDYVOoeg9EwAAMGj/OekvOhMAAAAAAAAAAAAAAAAAAAA4vIbxc2K7Y+4U01UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDf6dwAAAP//sf7Zeg==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r3, &(0x7f0000000200)=@abs={0x1}, 0x6e) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff}) r5 = getpid() sendmmsg$unix(r4, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000000)=@abs={0x1}, 0x3, 0x0, 0x0, &(0x7f0000000400)=[@cred={{0x1c, 0x1, 0x2, {r5}}}, @rights={{0x14, 0x1, 0x1, [r4]}}], 0x38}}], 0x2, 0x0) fsopen(&(0x7f0000000000)='tmpfs\x00', 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000005b00)) r7 = open(&(0x7f0000000000)='./bus\x00', 0x60342, 0x0) r8 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) ftruncate(r7, 0x2007ffd) sendfile(r7, r8, 0x0, 0x1000000201005) r9 = open(&(0x7f0000000100)='./bus\x00', 0x14113e, 0x0) write$binfmt_script(r9, &(0x7f0000000080), 0x208e24b) 568.154141ms ago: executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r1, 0x4068aea3, &(0x7f00000006c0)={0xa4, 0x0, 0x1}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000200)={0x0, 0x1, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d, 0x0, 0x0, 0x0, 0x0, '\x00', 0x9}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 451.553779ms ago: executing program 3: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 201.486908ms ago: executing program 1: bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000008c0)={0xffffffffffffffff, 0xe0, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000580)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000006c0)=ANY=[@ANYBLOB="b000000000000000", @ANYRES64=0x0, @ANYBLOB='\x00'/102, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000088be000039dd564720460000000000000099d1ebd8"], 0xb0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000800)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000740)=[0x1, 0x1, 0x1, 0x1, 0x1]}, 0x90) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000180), 0x6db6e559) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000005c0), 0x48) 88.732316ms ago: executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f00000000c0)=0x7e6, 0x4) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000180)=0x6, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x36, &(0x7f0000000100)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@rr={0x7, 0x3, 0x82}]}}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0) recvmmsg(r0, &(0x7f0000003100)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002a80)=""/180, 0x10}}], 0x1, 0x0, 0x0) 73.781008ms ago: executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "2af01c3d0040fbffffffffffffff00"}) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETAW(r1, 0x5407, &(0x7f0000000240)={0x46d, 0xf, 0x0, 0x20ff, 0x0, "4cca8e4d4235a1f6"}) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x13) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)) 55.411381ms ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000040000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000005000000850000002300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) unlink(&(0x7f0000000140)='./cgroup\x00') 46.504982ms ago: executing program 1: setreuid(0x0, 0xee00) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, 0x0, 0x0) 37.702074ms ago: executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000000)={'ip6tnl0\x00', &(0x7f00000005c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @private1={0xfc, 0x1, '\x00', 0x1}}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000000c0)={'syztnl1\x00', &(0x7f0000000100)={'ip6_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @rand_addr=' \x01\x00'}}) 0s ago: executing program 4: unshare(0x22000600) r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r0, 0x80045503, 0xffffffffffffffff) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.114' (ED25519) to the list of known hosts. 2024/06/18 05:22:38 fuzzer started 2024/06/18 05:22:38 dialing manager at 10.128.0.163:30000 [ 21.607325][ T23] audit: type=1400 audit(1718688158.389:66): avc: denied { node_bind } for pid=345 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 21.627620][ T23] audit: type=1400 audit(1718688158.389:67): avc: denied { name_bind } for pid=345 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 21.671950][ T23] audit: type=1400 audit(1718688158.449:68): avc: denied { mounton } for pid=353 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.673568][ T353] cgroup1: Unknown subsys name 'net' [ 21.694462][ T23] audit: type=1400 audit(1718688158.449:69): avc: denied { mount } for pid=353 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.706358][ T353] cgroup1: Unknown subsys name 'net_prio' [ 21.722853][ T23] audit: type=1400 audit(1718688158.489:70): avc: denied { setattr } for pid=354 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=839 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.736607][ T353] cgroup1: Unknown subsys name 'devices' [ 21.761929][ T23] audit: type=1400 audit(1718688158.539:71): avc: denied { unmount } for pid=353 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.782489][ T23] audit: type=1400 audit(1718688158.539:72): avc: denied { mounton } for pid=358 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 21.796386][ T360] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 21.807883][ T23] audit: type=1400 audit(1718688158.539:73): avc: denied { mount } for pid=358 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 21.838432][ T23] audit: type=1400 audit(1718688158.589:74): avc: denied { relabelto } for pid=360 comm="mkswap" name="swap-file" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.863658][ T23] audit: type=1400 audit(1718688158.589:75): avc: denied { write } for pid=360 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.888984][ T359] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 21.959197][ T353] cgroup1: Unknown subsys name 'hugetlb' [ 21.964859][ T353] cgroup1: Unknown subsys name 'rlimit' 2024/06/18 05:22:38 starting 5 executor processes [ 22.425816][ T369] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.432718][ T369] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.440280][ T369] device bridge_slave_0 entered promiscuous mode [ 22.447147][ T369] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.454074][ T369] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.461378][ T369] device bridge_slave_1 entered promiscuous mode [ 22.610975][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.617832][ T372] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.625205][ T372] device bridge_slave_0 entered promiscuous mode [ 22.644201][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.651114][ T372] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.658502][ T372] device bridge_slave_1 entered promiscuous mode [ 22.717287][ T374] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.724121][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.731583][ T374] device bridge_slave_0 entered promiscuous mode [ 22.741871][ T374] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.748814][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.756090][ T374] device bridge_slave_1 entered promiscuous mode [ 22.796672][ T375] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.803511][ T375] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.810898][ T375] device bridge_slave_0 entered promiscuous mode [ 22.817720][ T369] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.824528][ T369] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.831692][ T369] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.838438][ T369] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.857780][ T375] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.864607][ T375] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.872012][ T375] device bridge_slave_1 entered promiscuous mode [ 22.901719][ T373] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.908822][ T373] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.916162][ T373] device bridge_slave_0 entered promiscuous mode [ 22.923154][ T373] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.930170][ T373] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.937715][ T373] device bridge_slave_1 entered promiscuous mode [ 23.009853][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.016884][ T372] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.023998][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.030769][ T372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.091971][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.099183][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.106339][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.113595][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.122372][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.129700][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.153243][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.161488][ T74] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.168329][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.212317][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.219954][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.228092][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.234907][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.242258][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.250150][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.289105][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.297922][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.305763][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.313290][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.321975][ T393] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.328822][ T393] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.336774][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.344695][ T393] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.351536][ T393] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.358827][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.366864][ T393] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.373672][ T393] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.397284][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 23.416624][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.424384][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.431785][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.439561][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.447628][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.455791][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.462634][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.469864][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.478000][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.485945][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.492780][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.500065][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 23.517912][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.525816][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.533801][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.543893][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.551326][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.559489][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.567498][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.574308][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.607592][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.615539][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.623842][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.632237][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.640310][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.648497][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.656538][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.664335][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.672210][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.680234][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.688271][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.696299][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.704379][ T74] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.711325][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.718947][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.727114][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.735218][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.742069][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.749199][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.757316][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.765382][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.773372][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.781224][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 23.804585][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.812545][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.820897][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.829516][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.837879][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.845863][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.868990][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.877555][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.892451][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.900692][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.911195][ T396] EXT4-fs (loop0): Journaled quota options ignored when QUOTA feature is enabled [ 23.920477][ T396] EXT4-fs (loop0): Ignoring removed nobh option [ 23.926884][ T396] EXT4-fs: Warning: mounting with data=journal disables delayed allocation and O_DIRECT support! [ 23.950338][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.959866][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.968200][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.976255][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.985569][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.993919][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.994035][ T396] [EXT4 FS bs=4096, gc=1, bpg=95, ipg=32, mo=e002e018, mo2=0000] [ 24.002547][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.009859][ T396] System zones: 0-2, 18-18, 34-34 [ 24.018137][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.030892][ T396] EXT4-fs (loop0): 1 orphan inode deleted [ 24.031082][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.036418][ T396] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug,debug,nogrpid,grpjquota=,usrjquota=w5T)`)YFnA@T<3ڂ$rcnHwC" -8/,barrier,nobh,bsddf,noquota,,errors=continue [ 24.044481][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.066096][ T396] ext4 filesystem being mounted at /root/syzkaller-testdir2958882097/syzkaller.bIOKyq/0/file1 supports timestamps until 2038 (0x7fffffff) [ 24.074312][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.095173][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.103029][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.110989][ T396] EXT4-fs warning (device loop0): verify_group_input:165: Last group not full [ 24.111049][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.138336][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.146334][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.167772][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.175838][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.208200][ T399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.216296][ T399] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.232854][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.250515][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.259245][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.268663][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.278410][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.304758][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.316826][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.325120][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.336047][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.379401][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.388855][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.397991][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.408847][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.475299][ T416] syz-executor.3 (416) used greatest stack depth: 21496 bytes left [ 24.512801][ T429] A link change request failed with some changes committed already. Interface veth0_to_team may have been left with an inconsistent configuration, please check. [ 24.757845][ T429] veth0_to_team: Caught tx_queue_len zero misconfig [ 24.809687][ T369] syz-executor.0 (369) used greatest stack depth: 19480 bytes left [ 24.824247][ T418] F2FS-fs (loop1): invalid crc_offset: 16 [ 24.829553][ T440] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 24.837709][ T433] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.855204][ T418] F2FS-fs (loop1): Found nat_bits in checkpoint [ 24.896406][ T433] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.914327][ T433] device bridge_slave_0 entered promiscuous mode [ 24.917604][ T418] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 24.940323][ T442] attempt to access beyond end of device [ 24.940323][ T442] loop1: rw=2049, want=45104, limit=40427 [ 24.951491][ T433] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.966986][ T433] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.984504][ T433] device bridge_slave_1 entered promiscuous mode [ 25.090323][ T433] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.097228][ T433] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.104293][ T433] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.111089][ T433] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.143070][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.151836][ T394] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.163968][ T394] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.183638][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.191774][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.198614][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.206318][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.214582][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.221447][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.328292][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.337747][ T456] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 25.377997][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.416721][ T457] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.424564][ T457] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.453793][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.471862][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.490695][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.687103][ T9] device bridge_slave_1 left promiscuous mode [ 25.693124][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.706855][ T456] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.726619][ T456] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 25.747054][ T487] capability: warning: `syz-executor.0' uses 32-bit capabilities (legacy support in use) [ 25.748365][ T456] usb 5-1: New USB device found, idVendor=056a, idProduct=0028, bcdDevice= 0.00 [ 25.776453][ T456] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.786075][ T456] usb 5-1: config 0 descriptor?? [ 25.786294][ T9] device bridge_slave_0 left promiscuous mode [ 25.786372][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.828957][ T452] F2FS-fs (loop3): invalid crc value [ 25.872432][ T452] F2FS-fs (loop3): Found nat_bits in checkpoint [ 25.923241][ T452] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 26.259188][ T456] wacom 0003:056A:0028.0001: Unknown device_type for 'HID 056a:0028'. Assuming pen. [ 26.270559][ T456] wacom 0003:056A:0028.0001: hidraw0: USB HID v0.00 Device [HID 056a:0028] on usb-dummy_hcd.4-1/input0 [ 26.282601][ T456] input: Wacom Intuos5 touch L Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:056A:0028.0001/input/input4 [ 26.513467][ T456] usb 5-1: USB disconnect, device number 2 [ 26.719716][ T529] Zero length message leads to an empty skb [ 26.719729][ T23] kauditd_printk_skb: 64 callbacks suppressed [ 26.719736][ T23] audit: type=1400 audit(1718688163.499:140): avc: denied { write } for pid=527 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 26.751533][ T23] audit: type=1400 audit(1718688163.529:141): avc: denied { nlmsg_write } for pid=527 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 26.780672][ T399] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 26.914542][ T541] request_module fs-hugetlbfs succeeded, but still no fs? [ 26.925348][ T23] audit: type=1400 audit(1718688163.709:142): avc: denied { write } for pid=538 comm="syz-executor.0" name="001" dev="devtmpfs" ino=832 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 27.156617][ T399] usb 2-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e [ 27.171692][ T399] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.187698][ T399] usb 2-1: config 0 descriptor?? [ 27.237180][ T399] usb 2-1: bad CDC descriptors [ 27.508999][ T23] audit: type=1400 audit(1718688164.289:143): avc: denied { create } for pid=521 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 27.509942][ T522] syz-executor.1[522] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 27.509992][ T522] syz-executor.1[522] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 27.557889][ T23] audit: type=1400 audit(1718688164.339:144): avc: denied { write } for pid=521 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 27.569682][ T74] usb 2-1: USB disconnect, device number 2 [ 27.629091][ T550] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 27.637031][ T23] audit: type=1400 audit(1718688164.419:145): avc: denied { create } for pid=571 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 27.657411][ T550] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 27.667758][ T550] F2FS-fs (loop4): invalid crc value [ 27.677648][ T23] audit: type=1400 audit(1718688164.439:146): avc: denied { ioctl } for pid=571 comm="syz-executor.2" path="socket:[13070]" dev="sockfs" ino=13070 ioctlcmd=0x7459 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 27.710905][ T550] F2FS-fs (loop4): Found nat_bits in checkpoint [ 27.748506][ T583] overlayfs: empty lowerdir [ 27.763939][ T550] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 27.770835][ T550] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 27.959512][ T456] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 28.018740][ T588] attempt to access beyond end of device [ 28.018740][ T588] loop4: rw=2049, want=53656, limit=40427 [ 28.140455][ T23] audit: type=1400 audit(1718688164.779:147): avc: denied { write } for pid=549 comm="syz-executor.4" name="memory.events" dev="loop4" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 28.220488][ T374] attempt to access beyond end of device [ 28.220488][ T374] loop4: rw=2049, want=45104, limit=40427 [ 28.370450][ T599] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 28.379763][ T599] ext4 filesystem being mounted at /root/syzkaller-testdir4232869007/syzkaller.DaY0yE/18/file0 supports timestamps until 2038 (0x7fffffff) [ 28.411666][ T599] EXT4-fs error (device loop0): ext4_search_dir:1509: inode #2: block 3: comm syz-executor.0: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0 [ 28.434003][ T23] audit: type=1400 audit(1718688165.219:148): avc: denied { create } for pid=598 comm="syz-executor.0" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 28.538313][ T456] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 28.554072][ T456] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 28.566569][ T456] usb 3-1: New USB device found, idVendor=056a, idProduct=0028, bcdDevice= 0.00 [ 28.575617][ T456] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.662993][ T23] audit: type=1400 audit(1718688165.419:149): avc: denied { create } for pid=598 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 28.683342][ T456] usb 3-1: config 0 descriptor?? [ 29.351151][ T456] wacom 0003:056A:0028.0002: Unknown device_type for 'HID 056a:0028'. Assuming pen. [ 29.368707][ T456] wacom 0003:056A:0028.0002: hidraw0: USB HID v0.00 Device [HID 056a:0028] on usb-dummy_hcd.2-1/input0 [ 29.380610][ T456] input: Wacom Intuos5 touch L Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:056A:0028.0002/input/input7 [ 29.435076][ T621] F2FS-fs (loop3): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 29.448855][ T621] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 29.466134][ T621] F2FS-fs (loop3): invalid crc value [ 29.478790][ T621] F2FS-fs (loop3): Found nat_bits in checkpoint [ 29.523932][ T621] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 29.524393][ T456] usb 3-1: USB disconnect, device number 2 [ 29.531926][ T621] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 29.751482][ T644] attempt to access beyond end of device [ 29.751482][ T644] loop3: rw=2049, want=53656, limit=40427 [ 29.915701][ T646] syz-executor.1 (pid 646) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 29.944822][ T646] fscrypt: AES-128-CTS-CBC using implementation "cts(cbc-aes-aesni)" [ 29.968871][ T372] attempt to access beyond end of device [ 29.968871][ T372] loop3: rw=2049, want=45104, limit=40427 [ 30.883079][ T18] hid-generic 0000:0000:0000.0003: item fetching failed at offset 0/1 [ 30.891371][ T18] hid-generic: probe of 0000:0000:0000.0003 failed with error -22 [ 30.980201][ T668] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 30.990643][ T668] ext4 filesystem being mounted at /root/syzkaller-testdir1482846650/syzkaller.dA7GV0/8/bus supports timestamps until 2038 (0x7fffffff) [ 31.006311][ T675] ====================================================== [ 31.006311][ T675] WARNING: the mand mount option is being deprecated and [ 31.006311][ T675] will be removed in v5.15! [ 31.006311][ T675] ====================================================== [ 31.080948][ T675] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 31.098134][ T675] EXT4-fs (loop3): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,grpid,nomblk_io_submit,stripe=0x000000000004ffff,norecovery,errors=remount-ro,bsddf, [ 31.210237][ T675] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 31.230672][ T675] EXT4-fs error (device loop3): ext4_validate_block_bitmap:409: comm syz-executor.3: bg 0: block 2: invalid block bitmap [ 31.245784][ T675] EXT4-fs (loop3): Remounting filesystem read-only [ 31.265421][ T683] F2FS-fs (loop1): invalid crc_offset: 16 [ 31.271379][ T702] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 31.274038][ T675] EXT4-fs error (device loop3): ext4_read_inline_dir:1594: inode #12: block 5: comm syz-executor.3: path /root/syzkaller-testdir3642193260/syzkaller.ym5EtE/20/file1/file0: bad entry in directory: directory entry overrun - offset=24, inode=13, rec_len=7952, size=80 fake=0 [ 31.316342][ T683] F2FS-fs (loop1): Found nat_bits in checkpoint [ 31.395149][ T683] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 31.419044][ T705] attempt to access beyond end of device [ 31.419044][ T705] loop1: rw=2049, want=45104, limit=40427 [ 31.506913][ T18] hid-generic 0000:0000:0000.0004: item fetching failed at offset 0/1 [ 31.543960][ T18] hid-generic: probe of 0000:0000:0000.0004 failed with error -22 [ 31.730933][ T23] kauditd_printk_skb: 24 callbacks suppressed [ 31.730941][ T23] audit: type=1400 audit(1718688168.509:174): avc: denied { connect } for pid=727 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 32.033747][ T23] audit: type=1400 audit(1718688168.809:175): avc: denied { create } for pid=736 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 32.053895][ T23] audit: type=1400 audit(1718688168.829:176): avc: denied { write } for pid=736 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 32.403332][ T767] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 32.429146][ T767] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 32.701443][ T784] 9pnet: Insufficient options for proto=fd [ 32.707223][ T23] audit: type=1400 audit(1718688169.479:177): avc: denied { bind } for pid=780 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 32.727545][ T23] audit: type=1400 audit(1718688169.479:178): avc: denied { write } for pid=780 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 32.755390][ T781] EXT4-fs (loop1): can't mount with dioread_nolock if block size != PAGE_SIZE [ 32.930141][ T23] audit: type=1400 audit(1718688169.709:179): avc: denied { map } for pid=794 comm="syz-executor.1" path="socket:[13660]" dev="sockfs" ino=13660 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 32.972289][ T797] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 32.988451][ T394] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 33.014224][ T799] EXT4-fs (loop3): mounted filesystem without journal. Opts: max_batch_time=0x000000000000009b,inode_readahead_blks=0x0000000000008000,minixdf,,errors=continue [ 33.034327][ T799] ext4 filesystem being mounted at /root/syzkaller-testdir3642193260/syzkaller.ym5EtE/28/bus supports timestamps until 2038 (0x7fffffff) [ 33.053611][ T799] EXT4-fs error (device loop3): ext4_find_dest_de:2063: inode #12: block 32: comm syz-executor.3: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 33.116958][ T767] syz-executor.0 (767) used greatest stack depth: 18264 bytes left [ 33.371323][ T816] EXT4-fs (loop4): can't mount with dioread_nolock if block size != PAGE_SIZE [ 33.380095][ T23] audit: type=1400 audit(1718688170.149:180): avc: denied { write } for pid=823 comm="syz-executor.3" path="socket:[14665]" dev="sockfs" ino=14665 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 33.526709][ T394] usb 3-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 33.535570][ T394] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 33.732943][ T394] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 33.743448][ T394] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 33.754165][ T394] usb 3-1: config 1 interface 1 has no altsetting 0 [ 33.823657][ T850] netlink: 344 bytes leftover after parsing attributes in process `syz-executor.0'. [ 33.916595][ T394] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 33.937329][ T394] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.945123][ T394] usb 3-1: Product: syz [ 34.038485][ T864] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 34.176284][ T394] usb 3-1: Manufacturer: syz [ 34.180877][ T394] usb 3-1: SerialNumber: syz [ 34.214098][ T865] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 34.249756][ T23] audit: type=1400 audit(1718688171.019:181): avc: denied { connect } for pid=870 comm="syz-executor.1" laddr=172.20.20.170 lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 34.326646][ T457] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 34.596832][ T394] usb 3-1: 2:1 : unknown format tag 0x0 is detected. processed as MPEG. [ 34.605837][ T394] usb 3-1: found format II with max.bitrate = 0, frame size=0 [ 34.618442][ T394] usb 3-1: 2:1 : unknown format tag 0x0 is detected. processed as MPEG. [ 34.627089][ T394] usb 3-1: found format II with max.bitrate = 0, frame size=0 [ 34.733152][ T394] usb 3-1: USB disconnect, device number 3 [ 34.748043][ T370] udevd[370]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 34.876579][ T457] usb 1-1: config index 0 descriptor too short (expected 45, got 36) [ 34.885306][ T457] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 34.896729][ T896] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 34.905424][ T457] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 34.914462][ T457] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 34.923934][ T457] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 34.928609][ T896] ext4 filesystem being mounted at /root/syzkaller-testdir1482846650/syzkaller.dA7GV0/32/bus supports timestamps until 2038 (0x7fffffff) [ 34.946709][ T457] usb 1-1: config 0 descriptor?? [ 35.090478][ T901] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 35.091962][ T905] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 35.106606][ T901] ext4 filesystem being mounted at /root/syzkaller-testdir1482846650/syzkaller.dA7GV0/33/file0 supports timestamps until 2038 (0x7fffffff) [ 35.139893][ T23] audit: type=1400 audit(1718688171.919:182): avc: denied { setopt } for pid=909 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 35.173192][ T901] EXT4-fs error (device loop4): ext4_search_dir:1509: inode #2: block 3: comm syz-executor.4: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0 [ 35.443202][ T919] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 35.541872][ T852] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 35.657404][ T457] usb 1-1: string descriptor 0 read error: -71 [ 35.665531][ T457] usb 1-1: USB disconnect, device number 2 [ 35.782928][ T933] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 35.796615][ T933] ext4 filesystem being mounted at /root/syzkaller-testdir1625959188/syzkaller.34Iixb/31/bus supports timestamps until 2038 (0x7fffffff) [ 35.876528][ T74] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 35.915933][ T939] [ 35.923902][ T939] ********************************************************** [ 35.931731][ T939] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 35.939492][ T939] ** ** [ 35.946714][ T939] ** trace_printk() being used. Allocating extra memory. ** [ 35.953877][ T939] ** ** [ 35.961326][ T939] ** This means that this is a DEBUG kernel and it is ** [ 35.968930][ T939] ** unsafe for production use. ** [ 35.976109][ T939] ** ** [ 35.983345][ T939] ** If you see this message and you are not debugging ** [ 35.990552][ T939] ** the kernel, report this immediately to your vendor! ** [ 35.999130][ T939] ** ** [ 36.006380][ T939] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 36.013711][ T939] ********************************************************** [ 36.059239][ T951] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 36.069789][ T941] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_batch_time=0x000000000000009b,inode_readahead_blks=0x0000000000008000,minixdf,,errors=continue [ 36.088172][ T941] ext4 filesystem being mounted at /root/syzkaller-testdir2662657963/syzkaller.608Nl5/33/bus supports timestamps until 2038 (0x7fffffff) [ 36.126559][ T74] usb 4-1: Using ep0 maxpacket: 8 [ 36.151949][ T23] audit: type=1400 audit(1718688172.929:183): avc: denied { mount } for pid=952 comm="syz-executor.4" name="/" dev="loop4" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 36.167542][ T941] EXT4-fs error (device loop1): ext4_find_dest_de:2063: inode #12: block 32: comm syz-executor.1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 36.256611][ T74] usb 4-1: config 135 has an invalid interface number: 230 but max is 0 [ 36.264745][ T74] usb 4-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 36.275408][ T74] usb 4-1: config 135 has no interface number 0 [ 36.281747][ T74] usb 4-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 36.418113][ T966] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 36.427406][ T966] ext4 filesystem being mounted at /root/syzkaller-testdir1625959188/syzkaller.34Iixb/37/bus supports timestamps until 2038 (0x7fffffff) [ 36.456688][ T74] usb 4-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 36.465829][ T74] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 36.488983][ T74] usb 4-1: Product: syz [ 36.491917][ T975] EXT4-fs error (device loop4): ext4_validate_block_bitmap:418: comm syz-executor.4: bg 0: block 131: padding at end of block bitmap is not set [ 36.496365][ T74] usb 4-1: Manufacturer: syz [ 36.518288][ T975] EXT4-fs error (device loop4) in ext4_free_blocks:5019: Corrupt filesystem [ 36.519563][ T74] usb 4-1: SerialNumber: syz [ 36.527225][ T975] EXT4-fs (loop4): 1 truncate cleaned up [ 36.537308][ T975] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,barrier=0x00000000000054d2,block_validity,,errors=continue [ 36.563980][ T374] EXT4-fs error (device loop4): ext4_empty_dir:2990: inode #11: comm syz-executor.4: invalid size [ 36.576579][ T735] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 36.600199][ T374] EXT4-fs error (device loop4): __ext4_iget:5217: inode #13: block 7962: comm syz-executor.4: invalid block [ 36.638288][ T374] EXT4-fs error (device loop4): __ext4_iget:5217: inode #13: block 7962: comm syz-executor.4: invalid block [ 36.786614][ T74] uvcvideo: Found UVC 0.00 device syz (18ec:3288) [ 36.793973][ T74] uvcvideo: No valid video chain found. [ 36.836522][ T735] usb 1-1: Using ep0 maxpacket: 32 [ 36.839171][ T988] F2FS-fs (loop2): user quota file already specified [ 36.876083][ T994] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.883064][ T994] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.890832][ T994] device bridge_slave_0 entered promiscuous mode [ 36.897559][ T994] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.904375][ T994] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.915697][ T994] device bridge_slave_1 entered promiscuous mode [ 36.989588][ T74] usb 4-1: USB disconnect, device number 2 [ 37.010213][ T1001] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_batch_time=0x000000000000009b,inode_readahead_blks=0x0000000000008000,minixdf,,errors=continue [ 37.011956][ T994] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.026594][ T1001] ext4 filesystem being mounted at /root/syzkaller-testdir2662657963/syzkaller.608Nl5/39/bus supports timestamps until 2038 (0x7fffffff) [ 37.032882][ T994] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.053786][ T994] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.060569][ T994] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.065461][ T1001] EXT4-fs error (device loop1): ext4_find_dest_de:2063: inode #12: block 32: comm syz-executor.1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 37.108976][ T456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 37.116278][ T456] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.131848][ T456] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.149743][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 37.158506][ T393] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.165362][ T393] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.173052][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 37.181290][ T393] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.188156][ T393] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.190804][ T1010] overlayfs: './bus' not a directory [ 37.195353][ T23] kauditd_printk_skb: 13 callbacks suppressed [ 37.195361][ T23] audit: type=1400 audit(1718688173.969:197): avc: denied { read } for pid=1009 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 37.237026][ T456] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 37.244828][ T456] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 37.255330][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 37.267564][ T457] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 37.280769][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 37.292996][ T457] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 37.296711][ T735] usb 1-1: New USB device found, idVendor=04b8, idProduct=0521, bcdDevice=45.9b [ 37.310121][ T735] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.318156][ T456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 37.318221][ T735] usb 1-1: Product: syz [ 37.330105][ T735] usb 1-1: Manufacturer: syz [ 37.334472][ T735] usb 1-1: SerialNumber: syz [ 37.339803][ T735] usb 1-1: config 0 descriptor?? [ 37.358363][ T23] audit: type=1400 audit(1718688174.139:198): avc: denied { mounton } for pid=994 comm="syz-executor.4" path="/dev/binderfs" dev="devtmpfs" ino=11155 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 37.382315][ T735] pl2303 1-1:0.0: required endpoints missing [ 37.416872][ T467] device bridge_slave_1 left promiscuous mode [ 37.424469][ T467] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.425972][ T1014] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.1'. [ 37.440540][ T467] device bridge_slave_0 left promiscuous mode [ 37.446792][ T467] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.524870][ T1022] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 37.584225][ T735] usb 1-1: USB disconnect, device number 3 [ 37.633468][ T1035] 9pnet: Insufficient options for proto=fd [ 37.747624][ T1045] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 37.755424][ T1045] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e018, mo2=0002] [ 37.763259][ T1045] System zones: 0-1, 15-15, 18-18, 34-34 [ 37.769597][ T1045] EXT4-fs (loop2): orphan cleanup on readonly fs [ 37.775900][ T1045] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0 [ 37.785090][ T1045] EXT4-fs warning (device loop2): ext4_enable_quotas:6100: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 37.799570][ T1045] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 37.911741][ T1045] EXT4-fs error (device loop2): ext4_orphan_get:1260: comm syz-executor.2: bad orphan inode 16 [ 37.922708][ T457] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 37.932348][ T1045] ext4_test_bit(bit=15, block=18) = 1 [ 37.939848][ T1045] is_bad_inode(inode)=0 [ 37.943934][ T1045] NEXT_ORPHAN(inode)=0 [ 37.949331][ T1045] max_ino=32 [ 37.952472][ T1045] i_nlink=2 [ 37.955601][ T1045] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 37.980484][ T1045] fscrypt (loop2, inode 16): Error -61 getting encryption context [ 38.036734][ T393] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 38.195881][ T1061] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 38.276574][ T393] usb 4-1: Using ep0 maxpacket: 32 [ 38.280648][ T1063] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'. [ 38.298916][ T457] usb 2-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 38.312763][ T457] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 38.325343][ T457] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 38.335046][ T457] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 38.355779][ T457] usb 2-1: config 1 interface 1 has no altsetting 0 [ 38.429306][ T1083] EXT4-fs (loop2): Ignoring removed orlov option [ 38.435634][ T1083] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 38.447739][ T1083] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue [ 38.474717][ T23] audit: type=1400 audit(1718688175.249:199): avc: denied { mounton } for pid=1082 comm="syz-executor.2" path="/root/syzkaller-testdir1625959188/syzkaller.34Iixb/53/file1/file0/bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 38.503523][ T23] audit: type=1400 audit(1718688175.259:200): avc: denied { map } for pid=1082 comm="syz-executor.2" path="/root/syzkaller-testdir1625959188/syzkaller.34Iixb/53/file1/file0/bus" dev="devtmpfs" ino=9193 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 38.531924][ T1083] EXT4-fs error (device loop2): get_max_inline_xattr_value_size:68: inode #12: comm syz-executor.2: corrupt xattr in inline inode [ 38.546652][ T457] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 38.555635][ T457] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 38.563787][ T457] usb 2-1: Product: syz [ 38.567901][ T457] usb 2-1: Manufacturer: syz [ 38.572317][ T457] usb 2-1: SerialNumber: syz [ 38.581991][ T1083] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2221: inode #12: comm syz-executor.2: corrupted in-inode xattr [ 38.611040][ T23] audit: type=1400 audit(1718688175.389:201): avc: denied { unlink } for pid=375 comm="syz-executor.2" name="file0" dev="loop2" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 38.634217][ T23] audit: type=1400 audit(1718688175.389:202): avc: denied { unlink } for pid=375 comm="syz-executor.2" name="file1" dev="loop2" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 38.636643][ T393] usb 4-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 38.657114][ T23] audit: type=1400 audit(1718688175.389:203): avc: denied { unmount } for pid=375 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 38.666128][ T393] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 38.687581][ T23] audit: type=1400 audit(1718688175.419:204): avc: denied { unlink } for pid=375 comm="syz-executor.2" name="bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 38.747120][ T394] hid-generic 0000:0000:0000.0005: item fetching failed at offset 0/1 [ 38.756348][ T394] hid-generic: probe of 0000:0000:0000.0005 failed with error -22 [ 38.867313][ T393] usb 4-1: Product: syz [ 38.871313][ T393] usb 4-1: Manufacturer: syz [ 38.875727][ T393] usb 4-1: SerialNumber: syz [ 38.881237][ T393] usb 4-1: config 0 descriptor?? [ 38.946783][ T457] usb 2-1: 2:1 : unknown format tag 0x0 is detected. processed as MPEG. [ 38.959300][ T457] usb 2-1: found format II with max.bitrate = 0, frame size=0 [ 38.967667][ T457] usb 2-1: 2:1 : unknown format tag 0x0 is detected. processed as MPEG. [ 38.976449][ T457] usb 2-1: found format II with max.bitrate = 0, frame size=0 [ 38.991043][ T23] audit: type=1400 audit(1718688175.769:205): avc: denied { write } for pid=1100 comm="syz-executor.2" name="kvm" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 39.033874][ T457] usb 2-1: USB disconnect, device number 3 [ 39.042252][ T495] udevd[495]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 39.540341][ T1145] netlink: 'syz-executor.4': attribute type 7 has an invalid length. [ 39.586604][ T393] (unnamed net_device) (uninitialized): Assigned a random MAC address: f2:37:b2:a4:7c:9b [ 39.598443][ T393] rtl8150 4-1:0.0: eth1: rtl8150 is detected [ 39.676520][ T457] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 39.788737][ T456] usb 4-1: USB disconnect, device number 3 [ 39.796573][ T201] net eth1: rx_urb submit failed: -19 [ 39.916531][ T457] usb 2-1: Using ep0 maxpacket: 8 [ 40.037061][ T457] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 40.046190][ T457] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 40.049206][ T1185] EXT4-fs error (device loop2): ext4_validate_block_bitmap:418: comm syz-executor.2: bg 0: block 131: padding at end of block bitmap is not set [ 40.055424][ T457] usb 2-1: config 0 descriptor?? [ 40.072329][ T1185] EXT4-fs error (device loop2) in ext4_free_blocks:5019: Corrupt filesystem [ 40.082335][ T1185] EXT4-fs (loop2): 1 truncate cleaned up [ 40.088035][ T1185] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,auto_da_alloc,barrier=0x00000000000054d2,block_validity,,errors=continue [ 40.117370][ T375] EXT4-fs error (device loop2): ext4_empty_dir:2990: inode #11: comm syz-executor.2: invalid size [ 40.128936][ T375] EXT4-fs error (device loop2): __ext4_iget:5217: inode #13: block 7962: comm syz-executor.2: invalid block [ 40.140638][ T375] EXT4-fs error (device loop2): __ext4_iget:5217: inode #13: block 7962: comm syz-executor.2: invalid block [ 40.326673][ T457] asix 2-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 40.451672][ T1206] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 40.521209][ T1199] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.528309][ T1199] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.535672][ T1199] device bridge_slave_0 entered promiscuous mode [ 40.544190][ T1199] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.551110][ T1199] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.558352][ T1199] device bridge_slave_1 entered promiscuous mode [ 40.570556][ T1221] netlink: 'syz-executor.0': attribute type 7 has an invalid length. [ 40.609890][ T1199] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.616738][ T1199] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.623830][ T1199] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.630635][ T1199] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.652188][ T456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.659653][ T456] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.667847][ T456] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.687702][ T456] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.695643][ T456] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.702481][ T456] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.709859][ T456] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.717893][ T456] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.724709][ T456] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.731923][ T456] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.739722][ T456] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.756524][ T394] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 40.763517][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.786792][ T456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.794510][ T456] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.805335][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.817930][ T456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.826452][ T9] device bridge_slave_1 left promiscuous mode [ 40.832439][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.839810][ T9] device bridge_slave_0 left promiscuous mode [ 40.845712][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.996792][ T394] usb 5-1: Using ep0 maxpacket: 32 [ 41.057165][ T1234] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 41.276627][ T394] usb 5-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 41.285549][ T394] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 41.293349][ T394] usb 5-1: Product: syz [ 41.297334][ T394] usb 5-1: Manufacturer: syz [ 41.301801][ T394] usb 5-1: SerialNumber: syz [ 41.307284][ T394] usb 5-1: config 0 descriptor?? [ 41.777864][ T1247] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv1,bsddf,barrier=0x0000000000000000,norecovery,debug_want_extra_isize=0x0000000000000080,lazytime,nouid32,nodiscard,auto_da_alloc=0x000000000000003f,,errors=continue [ 41.862895][ T1259] capability: warning: `syz-executor.2' uses deprecated v2 capabilities in a way that may be insecure [ 41.938762][ T1260] : renamed from pim6reg1 [ 42.036629][ T394] (unnamed net_device) (uninitialized): Assigned a random MAC address: 06:5c:2b:ef:d9:98 [ 42.048288][ T394] rtl8150 5-1:0.0: eth1: rtl8150 is detected [ 42.076737][ T457] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 42.086741][ T457] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 42.098950][ T457] asix: probe of 2-1:0.0 failed with error -71 [ 42.107005][ T457] usb 2-1: USB disconnect, device number 4 [ 42.156584][ T18] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 42.251725][ T399] usb 5-1: USB disconnect, device number 3 [ 42.266691][ T201] net eth1: rx_urb submit failed: -19 [ 42.351749][ T1280] EXT4-fs (loop0): 1 orphan inode deleted [ 42.359874][ T1280] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota, [ 42.381384][ T1280] ext4 filesystem being mounted at /root/syzkaller-testdir4232869007/syzkaller.DaY0yE/59/file1 supports timestamps until 2038 (0x7fffffff) [ 42.751935][ T1302] EXT4-fs (loop3): Ignoring removed orlov option [ 42.756606][ T18] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 42.761663][ T1302] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 42.773141][ T18] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 42.786132][ T18] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 42.795077][ T18] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 42.795728][ T1302] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue [ 42.815422][ T18] usb 3-1: config 0 descriptor?? [ 42.850410][ T1302] EXT4-fs error (device loop3): get_max_inline_xattr_value_size:68: inode #12: comm syz-executor.3: corrupt xattr in inline inode [ 42.864690][ T1302] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2221: inode #12: comm syz-executor.3: corrupted in-inode xattr [ 42.892354][ T372] ================================================================== [ 42.900245][ T372] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xc1f/0xc30 [ 42.908048][ T372] Read of size 4 at addr ffff8881eb456000 by task syz-executor.3/372 [ 42.915941][ T372] [ 42.918120][ T372] CPU: 1 PID: 372 Comm: syz-executor.3 Not tainted 5.4.274-syzkaller-00002-g6f97bd951d82 #0 [ 42.928004][ T372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 42.937914][ T372] Call Trace: [ 42.941036][ T372] dump_stack+0x1d8/0x241 [ 42.945203][ T372] ? nf_ct_l4proto_log_invalid+0x258/0x258 2024/06/18 05:22:59 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 42.950842][ T372] ? printk+0xd1/0x111 [ 42.954742][ T372] ? ext4_xattr_delete_inode+0xc1f/0xc30 [ 42.957218][ T23] kauditd_printk_skb: 20 callbacks suppressed [ 42.957226][ T23] audit: type=1400 audit(1718688179.739:226): avc: denied { write } for pid=345 comm="syz-fuzzer" path="pipe:[10627]" dev="pipefs" ino=10627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 42.960212][ T372] print_address_description+0x8c/0x600 [ 42.960226][ T372] ? ext4_xattr_delete_inode+0xc1f/0xc30 [ 42.999799][ T372] __kasan_report+0xf3/0x120 [ 43.004222][ T372] ? ext4_xattr_delete_inode+0xc1f/0xc30 [ 43.009686][ T372] kasan_report+0x30/0x60 [ 43.013852][ T372] ext4_xattr_delete_inode+0xc1f/0xc30 [ 43.019235][ T372] ? check_preemption_disabled+0x9f/0x320 [ 43.024874][ T372] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 43.030775][ T372] ? __ext4_journal_start_sb+0x295/0x460 [ 43.036245][ T372] ext4_evict_inode+0x1378/0x1ac0 [ 43.041108][ T372] ? ext4_truncate_restart_trans+0xe0/0xe0 [ 43.046747][ T372] ? wb_io_lists_depopulated+0x85/0x170 [ 43.052125][ T372] ? ext4_truncate_restart_trans+0xe0/0xe0 [ 43.057773][ T372] evict+0x29b/0x6a0 [ 43.061501][ T372] vfs_rmdir+0x24b/0x3c0 [ 43.065578][ T372] do_rmdir+0x2c1/0x580 [ 43.069657][ T372] ? d_delete_notify+0xc0/0xc0 [ 43.074258][ T372] ? _raw_spin_unlock_irq+0x4a/0x60 [ 43.079295][ T372] do_syscall_64+0xca/0x1c0 [ 43.083632][ T372] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 43.089454][ T372] RIP: 0033:0x7ff4edaa3707 [ 43.093867][ T372] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 43.113395][ T372] RSP: 002b:00007ffdca246508 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 43.121727][ T372] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007ff4edaa3707 [ 43.129537][ T372] RDX: 0000000000000200 RSI: 00007ffdca2476b0 RDI: 00000000ffffff9c [ 43.137348][ T372] RBP: 00007ff4edb006c6 R08: 0000000000000000 R09: 0000000000000000 [ 43.145160][ T372] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffdca2476b0 [ 43.152973][ T372] R13: 00007ff4edb006c6 R14: 000000000000a5f5 R15: 0000000000000007 [ 43.160790][ T372] [ 43.162951][ T372] The buggy address belongs to the page: [ 43.168596][ T372] page:ffffea0007ad1580 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 43.177520][ T372] flags: 0x8000000000000000() [ 43.182039][ T372] raw: 8000000000000000 ffffea0007ad0a08 ffffea0007b38108 0000000000000000 [ 43.190456][ T372] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 43.198870][ T372] page dumped because: kasan: bad access detected [ 43.205129][ T372] page_owner tracks the page as freed [ 43.210328][ T372] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT) [ 43.221888][ T372] prep_new_page+0x18f/0x370 [ 43.226301][ T372] get_page_from_freelist+0x2d13/0x2d90 [ 43.231680][ T372] __alloc_pages_nodemask+0x393/0x840 [ 43.236888][ T372] pte_alloc_one+0x1b/0xb0 [ 43.241139][ T372] __pte_alloc+0x1d/0x1c0 [ 43.245317][ T372] copy_page_range+0x1c24/0x26f0 [ 43.250234][ T372] copy_mm+0xb23/0x10d0 [ 43.254203][ T372] copy_process+0x1291/0x3230 [ 43.258720][ T372] _do_fork+0x197/0x900 [ 43.262713][ T372] __x64_sys_clone+0x26b/0x2c0 [ 43.267395][ T372] do_syscall_64+0xca/0x1c0 [ 43.271732][ T372] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 43.277457][ T372] page last free stack trace: [ 43.281985][ T372] free_unref_page_prepare+0x297/0x380 [ 43.287276][ T372] free_unref_page_list+0x10a/0x590 [ 43.292412][ T372] release_pages+0xad8/0xb20 [ 43.296828][ T372] tlb_finish_mmu+0x177/0x320 [ 43.301340][ T372] exit_mmap+0x2dc/0x520 [ 43.305418][ T372] __mmput+0x8e/0x2c0 [ 43.309236][ T372] do_exit+0xc08/0x2bc0 [ 43.313230][ T372] do_group_exit+0x138/0x300 [ 43.317654][ T372] get_signal+0xdb1/0x1440 [ 43.321908][ T372] do_signal+0xb0/0x11f0 [ 43.325989][ T372] exit_to_usermode_loop+0xc0/0x1a0 [ 43.331025][ T372] prepare_exit_to_usermode+0x199/0x200 [ 43.336405][ T372] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 43.342126][ T372] [ 43.344295][ T372] Memory state around the buggy address: [ 43.349770][ T372] ffff8881eb455f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.357667][ T372] ffff8881eb455f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.365563][ T372] >ffff8881eb456000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 43.373460][ T372] ^ [ 43.377369][ T372] ffff8881eb456080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 43.385265][ T372] ffff8881eb456100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 43.393168][ T372] ================================================================== [ 43.401059][ T372] Disabling lock debugging due to kernel taint