last executing test programs: 10.404681529s ago: executing program 2 (id=75): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x2, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0, 0xffffffffffffffff}, &(0x7f0000000180), &(0x7f0000000340)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 10.182223293s ago: executing program 2 (id=89): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001600), 0x8200, 0x0) ioctl$TCSBRKP(r1, 0x5425, 0x0) ioctl$TCSETSW2(r1, 0x5425, 0x0) 9.630019811s ago: executing program 2 (id=82): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000000000000d0000000000000000"]) 9.526516312s ago: executing program 2 (id=83): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0xc000, &(0x7f0000000380), 0x1, 0x24d, &(0x7f0000000440)="$eJzs3T9oJFUcB/DvzO4ac7fIqY0g/gER0UA4O8HmbBQO5DhEBBVORGyUixAT7LJWNhZaq6SyCWJntJQ0wUYRrKKmiI2gwcJgocXK7iQSNytqNtk5Mp8PTGYm89783rDzfbvN7AZorAtJLiVpJZlL0klSHG5wb7Vc2N9dnd28lvT7T/1SDNtV+5WDfueT9JI8kmSjLPJKO1lef27nt60nHnh7qXP/h+vPzk71Ivft7mw/uffBlbc+ufzw8lff/HSlyKV0/3ZdJ68Y8792kdx2GsVuEEW77hHwX1x94+NvB7m/Pcl9w/x3UqZ68d5ZvGmjk4fe/6e+7/789Z3THCtw8vr9zuA9sNcHGqdM0k1Rzieptstyfr76DP9d61z56sLi63MvLyxdf6numQo4Kd1k+/HPZj49P5L/H1tV/oGza5D/p6+ufT/Y3muNHOzP1DMo4HTdVa0G+Z97YeXBjMs/cKbJPzSX/ENzyT80l/xDc8k/NJf8wxnWOdjojT0s/9Bc8g/NJf/QXIfzDwA0S3+m7ieQgbrUPf8AAAAAAAAAAAAAAAAAAABHrc5uXjtYplXzi/eS3ceStMfVbw1/jzi5efj33K/FoNlfiqrbRJ6/Z8ITTOijmp++vuWHeut/eXe99VeuJ703k1xst4/ef8X+/Xd8t/7L8c6LExb4n4qR/UefmW79UX+s1Vv/8lby+WD+uThu/ilzx3A9fv7pHv6K5WN67fcJTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDU/BkAAP//d4lu0g==") openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x141842, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000500)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x4, 0x8001, 0x0, 0x1, 0x19, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5c9d000ff8ee09e737ff0edf110ff4117639c2eb4b78c66ee677df701905b9aafab4afaaf755a3f6a004", "cba3d625780820d1cbf7db71038259ca171ce1a311ef97e4298d1e14ef01060000e9009600fdff00000000000000000000000000000000000400", "d300e6d6ae9ef30bea2a004000", [0x0, 0x2]}) 9.372772274s ago: executing program 2 (id=84): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1b000000480001002bbd7000fedbdf250a"], 0x38}, 0x1, 0x0, 0x0, 0x24000001}, 0x26004004) 8.99165431s ago: executing program 2 (id=85): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) fallocate(r0, 0x0, 0x10000007f, 0x8000c61) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x44141, 0x10c) pwrite64(r1, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) 8.922559761s ago: executing program 32 (id=85): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) fallocate(r0, 0x0, 0x10000007f, 0x8000c61) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x44141, 0x10c) pwrite64(r1, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) 7.401137353s ago: executing program 5 (id=134): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000cc0)=@newqdisc={0x4c, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x10, 0x3, 0x1, 0x3, 0x400, 0x8}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840) 7.341320184s ago: executing program 5 (id=136): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000d80)=@delchain={0x134, 0x65, 0x2, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0x6}}, [@filter_kind_options=@f_bpf={{0x8}, {0xf8, 0x2, [@TCA_BPF_FLAGS={0x8, 0x8, 0x1}, @TCA_BPF_FLAGS={0x8, 0x8, 0x1}, @TCA_BPF_FD={0x8}, @TCA_BPF_ACT={0xdc, 0x1, [@m_sample={0xd8, 0x10, 0x0, 0x0, {{0xb}, {0x4c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x5}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x7}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x5, 0x2, 0x0, 0x6, 0xa}}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x200}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x2}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x2}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x800}]}, {0x61, 0x6, "9200fd45cfbfaf345fb3a8a997749fefa053a1e631f289e2733a34bfda3a1983d7027974d46e922209e9f418398e634151458aec78c3e590819e1ab74e5f08ce9f128c78176c6afb718af7f892cc43aa236ae8553e2bcb9475712e849a"}, {0xc}, {0xc, 0x8, {0x3}}}}]}]}}, @filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x134}, 0x1, 0x0, 0x0, 0x81}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000580)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000540)={&(0x7f0000000300)={0x68, 0x0, 0x1, 0x3, 0x0, 0x0, {0x3, 0x0, 0x6}, [@CTA_TUPLE_ORIG={0x54, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x200400d0}, 0x40) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 7.301113835s ago: executing program 5 (id=138): sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000002b80)={0x14, 0x0, 0x1, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x4) sendmsg$AUDIT_TTY_GET(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff034}, {0x6, 0xfe}]}, 0x10) sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0) 7.203698766s ago: executing program 5 (id=141): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x208000, &(0x7f0000000240)={[{@usrjquota}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0xffff}}, {@jqfmt_vfsv1}, {@resuid}, {@discard}, {@lazytime}, {@noload}, {@barrier}, {@usrjquota}]}, 0xfe, 0x54d, &(0x7f0000000400)="$eJzs3d9rW1UcAPDvTdv96nQdjKE+SGEPTubStfXHBB/mo+hwoO8ztHdlNFlGk461Dtwe3IsvMgQRB+If4LuPw3/Av2KggyGj6IMvkZvedNmatFmXrZn5fOC259x703NPzv2enpOTkACG1mT2oxDxakR8m0Qcajs2GvnByfXz1h5cm8u2JBqNz/5KIsn3tc5P8t/jeeaViPjt64gThc3l1lZWF0vlcrqU56fqlctTtZXVkxcrpYV0Ib00Mzt7+p3Zmfffe7dvdX3z3D8/fHrno9PfHFv7/pd7h28lcSYO5sfa6/EUrrdnJmMyf07G4sxjJ073obBBkuz2BbAjI3mcj0XWBxyKkTzqgf+/ryKiAQypRPzDkGqNA1pz+z7Ng18Y9z9cnwBtrv/o+msjsa85NzqwljwyM8rmuxN9KD8r49c/b9/Ktujf6xAA27p+IyJOjY5u7v+SvP/buVM9nPN4Gfo/eH7uZOOftzqNfwob45/oMP4Z7xC7O7F9/Bfu9aGYrrLx3wcdx78bi1YTI3nupeaYbyy5cLGcZn3byxFxPMb2Zvmt1nNOr91tdDvWPv7Ltqz81lgwv457o3sffcx8qV56mjq3u38j4rWO499ko/2TDu2fPR/neizjaHr79W7Htq//s9X4OeKNju3/cEUr2Xp9cqp5P0y17orN/r559Pdu5e92/bP2P7B1/SeS9vXa2pOX8dO+f9Nux3Z6/+9JPm+m9+T7rpbq9aXpiD3JJ5v3zzx8bCvfOj+r//FjW/d/ne7//RHxRY/1v3nkZtdTB6H955+o/Z88cffjL3/sVn5v7f92M3U839NL/9frBT7NcwcAAAAAAACDphARByMpFDfShUKxuP7+jiNxoFCu1uonLlSXL81H87OyEzFWaK10j7e9H2I6fz9sKz/zWH42Ig5HxHcj+5v54ly1PL/blQcAAAAAAAAAAAAAAAAAAIABMd7l8/+ZP0Z2++qAZ85XfsPw2jb++/FNT8BA8v8fhpf4h+El/mF4iX8YXuIfhpf4h+El/mF4iX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoq3Nnz2ZbY+3BtbksP39lZXmxeuXkfFpbLFaW54pz1aXLxYVqdaGcFueqle3+XrlavTw9E8tXp+pprT5VW1k9X6kuX6qfv1gpLaTn07HnUisAAAAAAAAAAAAAAAAAAAB4sdRWVhdL5XK6JCGxo8ToYFyGRJ8Tu90zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBD/wUAAP//y284sw==") mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000180), 0x2000002, 0x0) chdir(&(0x7f0000000000)='./file0\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r0, 0xfffffffffffffffd, 0x58) 7.148921037s ago: executing program 5 (id=142): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = io_uring_setup(0x58c1, &(0x7f0000001240)={0x0, 0xfffffffd, 0x1, 0x2, 0xd1}) pause() close_range(r1, 0xffffffffffffffff, 0x0) 6.93157504s ago: executing program 5 (id=144): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r0}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="0d00000009000000040000000100000000000000", @ANYRES32=r1], 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001b00)={r2, &(0x7f0000001a40), 0x0}, 0x20) 6.837554681s ago: executing program 33 (id=144): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r0}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="0d00000009000000040000000100000000000000", @ANYRES32=r1], 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001b00)={r2, &(0x7f0000001a40), 0x0}, 0x20) 2.875661558s ago: executing program 3 (id=248): syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000080)={[{@test_dummy_encryption_v1}, {@test_dummy_encryption_v1}]}, 0x1, 0x241, &(0x7f0000000540)="$eJzs3U9oFFccB/DfzO42TbKUtL0UCm2hlNIGQnor9JJeWgiUEEoptIUUES9KIsQEb4knLx70rJKTlyDejB4ll+BFETxFzSFeBA0eDB70sDI7iUSz/oGJO+J8PjC7M7vvze8Ns983exkmgMoaiIiRiKhFxGBENCIi2dngm3wZ2Npc6F2ZiGi1/nyYtNvl27ntfv0RMR8RP0fEcprEwXrE7NK/649Xf//+xEzju3NL//R29SC3bKyv/bF5duz4xdGfZq/fvD+WxEg0XziuvZd0+KyeRHz2Loq9J5J62SPgbYwfvXAry/3nEfFtO/+NSCM/eSenP1puxI9nXtX31IMbX3ZzrMDea7Ua2TVwvgVUThoRzUjSoYjI19N0aCj/D3+71pcempo+MnhgamZyf9kzFbBXmhFrv13uudT/Uv7v1fL8Ax+uLP9/jS/eydY3a2WPBuimLP+D/8/9EPIPlSP/UF3yD9Ul/1Bdr8t/WtKYgO5w/Yfqkn+oLvmH6pJ/qC75h+ramX8AoFpaPWXfgQyUpez5BwAAAAAAAAAAAAAAAAAA2G2hd2Vie+lWzaunIzZ+jYh6p/q1recQfNx+7XuUZM2eS/Juhfz3dcEdFHS+5LuvP7lbbv1rX5Vbf24yYv5YRAzX67t/f0nh52B8+obvG/sKFijol7/Lrf90sdz6o6sRV7L5Z7jT/JPGF+33zvNPMzt/BesfflJwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTNswAAAP//ceptKw==") mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='freezer.self_freezing\x00', 0x275a, 0x0) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f00000000c0)={0xc, r1, 0x8, 0x0, 0xffffffffffffffff}) 2.824418299s ago: executing program 3 (id=249): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = gettid() r3 = epoll_create(0x200) kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f0000000000)={r3, r0, 0x400}) 2.805243309s ago: executing program 3 (id=250): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r1}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 2.77121388s ago: executing program 3 (id=252): io_setup(0x9, &(0x7f0000000080)=0x0) r1 = epoll_create1(0x0) r2 = eventfd2(0xffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000b80)={0xa0001011}) io_submit(r0, 0x1, &(0x7f0000000940)=[&(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, r2, 0x0, 0x0, 0xde, 0x0, 0x1, r2}]) 2.687688901s ago: executing program 3 (id=256): r0 = creat(&(0x7f0000000680)='./file0\x00', 0x9c) close(r0) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 2.223626578s ago: executing program 6 (id=262): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x10001, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) 2.223305398s ago: executing program 6 (id=263): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@noload}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@discard}, {@resgid}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@grpid}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x141842, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000340)='./bus\x00', 0x0, 0x10) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x4, 0x8001, 0x0, 0x0, 0x1001a, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5c9d000ff8ee09e737ff0edf110ff4117639c2eb4b78c66ee677df701905b9aafab4afaaf755a3f6a004", "cba3d625780820d1cbf7db71038259ca170be1a311ef97e4298d1e14ef01060000e9009600fdff00000000000000000000000000000000000400", "d300e6d6ae9ef30bea2a004000", [0x0, 0x2]}) 2.152572868s ago: executing program 6 (id=264): pipe2(&(0x7f0000001cc0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) 2.122512989s ago: executing program 6 (id=265): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000030022d6850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000002c0)='percpu_alloc_percpu_fail\x00', r1}, 0x10) prctl$PR_SET_IO_FLUSHER(0x39, 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 2.079797s ago: executing program 6 (id=266): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x5543, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x3, 0x1, {0x22, 0x1}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}}}}]}}]}}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f0000000080)={0x0, 0x6, 0x2, {0x2, 0x9}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 1.847647383s ago: executing program 3 (id=267): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x54c, 0x5c4, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x0, "2c3e2010"}]}}, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000e80)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000d80), 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) 434.037463ms ago: executing program 6 (id=300): r0 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r1, 0x0) syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0) 433.484803ms ago: executing program 4 (id=301): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 404.305963ms ago: executing program 1 (id=303): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x3, 0x261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000000), &(0x7f0000000080)=@udp6}, 0x20) bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000040)={r2, &(0x7f0000000380)}, 0x20) 384.804964ms ago: executing program 1 (id=305): r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000004c0)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xd, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, @void, @value}, 0x94) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000140)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}, 0x1}) 383.863084ms ago: executing program 4 (id=306): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10) r1 = socket$inet6(0xa, 0x802, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001600010a00000000000000000c0000000c0000800800", @ANYRES16=r1], 0x20}}, 0x40816) 327.193315ms ago: executing program 1 (id=307): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x3000046, &(0x7f0000000080)={[{@delalloc}, {@jqfmt_vfsold}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nodioread_nolock}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@version_9p2000}]}}) 327.045235ms ago: executing program 0 (id=308): r0 = syz_open_procfs(0x0, &(0x7f00000009c0)='net/tcp6\x00') read$FUSE(r0, &(0x7f00000082c0)={0x2020}, 0x2020) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) read$FUSE(r0, &(0x7f0000012400)={0x2020}, 0x2020) 326.948085ms ago: executing program 4 (id=309): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{0x30, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10) syz_emit_ethernet(0x36, &(0x7f0000000040)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @multicast1}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x0, 0x0, 0x4}}}}}}, 0x0) 326.767985ms ago: executing program 4 (id=310): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000e8000000000040d900008500000023000000850000000f00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000500)='page_pool_state_release\x00', r1}, 0x18) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x11, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 310.635215ms ago: executing program 0 (id=311): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 298.152895ms ago: executing program 0 (id=312): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)=ANY=[@ANYBLOB="020100000e000000000000000000000005000600000000000a0000000000000000000000000000000000000000000000000000000000000005000500000000000a00000000000000000000000000000000000000000000000000000000000000020013"], 0x70}}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000480)={{{@in6=@ipv4={'\x00', '\xff\xff', @multicast1}, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0xfffffffffffffffe}, {0xfffffffffffffffc, 0x0, 0x0, 0x1000000000}, 0x0, 0x0, 0x1}, {{@in=@private, 0x0, 0x3c}, 0xa, @in6=@local, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8, 0x1001}}, 0xe8) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c) 233.262776ms ago: executing program 0 (id=313): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x1, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000044d564b0000000005"]) 233.053516ms ago: executing program 4 (id=314): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001780)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000003c0)={[{@resgid={'resgid', 0x3d, 0xee00}}, {}, {@grpquota}, {@nobarrier}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x3, 0x572, &(0x7f00000006c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwIF6kCCIWxD/Au8fiH6B/RUELRUrQg5fIbGbbbZLNJunWbJ3PB6Z9b2ayb96++b79zs4uG0BhjWT/lCJejoivk4iDbdsGI984srLf0sNrk9mSxPLyJ38mkeTrWvsn+f/788pLEfHLFxHHS2vbrS8szlSq1XQur482Zi+P1hcWT1ycrUyn0+ml8YmJU29NjL/7zts96+vr5/7+7uO7H5z66ujStz/dP3Q7iTNxIN/W3o+ncKO9MhIj+XMyFGdW7TjWg8b6SbLTB8C2DORxPhTZHHAwBvKoB/7/rkfEMlBQifiHgmrlAa1r+x5dBz83Hry/cgG0tv+DK++NxJ7mtdG+peSJK6Psene4B+1nbfz8x53b2RJd3oe43oP2AFpu3IyIk4ODa+e/JJ//tu9k883jja1uo2ivP7CT7mb5zxvr5T+lR/lPrJP/7F8ndreje/yX7vegmY6y/O+9dfPfR1PX8EBee6GZ8w0lFy5W05MR8WJEHIuh3Vl9o/s5p5buLXfa1p7/ZUvWfisXzI/j/uDuJ/9mqtKoPE2f2z24GfHK4/w3iTXz/55mrrt6/LPn41xW+PXLrm0cSe+82mlb9/63630GvPxjxGvrjv/jO1rJxvcnR5vnw2jrrFjrr1tHfuvU/tb633vZ+O/buP/DSfv92vrW2/hhzz9pp23bPf93JZ82y7vydVcrjcbcWMSu5KO168cf/22r3to/6/+xoxvPf+ud/3sj4rNN9v/W4Vsdd+2H8Z/a0vhvvXDvw8+/79T+5sb/zWbpWL5mM/PfZg/waZ47AAAAAAAA6DeliDgQSan8qFwqlcsrn+84HPtK1Vq9cfxCbf7SVDS/KzscQ6XWne6DbZ+HGMs/D9uqj6+qT0TEoYj4ZmBvs16erFWndrrzAAAAAAAAAAAAAAAAAAAA0Cf2d/j+f+b3gZ0+OuCZ85PfUFxd478Xv/QE9CWv/1Bc4h+KS/xDcYl/KC7xD8Ul/qG4xD8Ul/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2LC89vDaZ1aeuLMzP1K6cmErrM+XZ+cnyZG3ucnm6VpuupuXJ2my3x6vWapfHxmP+6mgjrTdG6wuL52dr85ca5y/OVqbT8+nQf9IrAAAAAAAAAAAAAAAAAAAAeL7UFxZnKtVqOqfQsXA6+uIwtl1Iuo3y6fxk2NIjR14Y3PkOKjyDwg5PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ5t8AAAD//8nLNLM=") mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0) 232.444887ms ago: executing program 1 (id=315): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x4, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 148.022428ms ago: executing program 0 (id=316): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) chdir(&(0x7f0000000400)='./file0\x00') open$dir(&(0x7f00000004c0)='./file0/../file0\x00', 0x103000, 0x4) 147.557408ms ago: executing program 1 (id=317): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xf, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014f9ff00b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 143.911917ms ago: executing program 4 (id=318): connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 70.268919ms ago: executing program 0 (id=319): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=ANY=[], 0x48) socket$inet_icmp_raw(0x2, 0x3, 0x1) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0) 0s ago: executing program 1 (id=320): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000010300)='blkio.bfq.avg_queue_size\x00', 0x26e1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000012c0)=ANY=[@ANYBLOB="10000000040000000400000002"], 0x48) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000004c0)={'syztnl1\x00', &(0x7f0000000440)={'ip6gre0\x00', 0x0, 0x29, 0x4, 0x8, 0x2, 0x40, @private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x7800, 0x80, 0x1bb, 0x4}}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a80)={{r1}, &(0x7f0000000a00), &(0x7f0000000a40)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) kernel console output (not intermixed with test programs): syzkaller syzkaller login: [ 13.010912][ T28] kauditd_printk_skb: 48 callbacks suppressed [ 13.010927][ T28] audit: type=1400 audit(1746751438.461:59): avc: denied { transition } for pid=225 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.014987][ T28] audit: type=1400 audit(1746751438.461:60): avc: denied { noatsecure } for pid=225 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.017826][ T28] audit: type=1400 audit(1746751438.461:61): avc: denied { write } for pid=225 comm="sh" path="pipe:[14188]" dev="pipefs" ino=14188 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 13.021309][ T28] audit: type=1400 audit(1746751438.461:62): avc: denied { rlimitinh } for pid=225 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.023895][ T28] audit: type=1400 audit(1746751438.461:63): avc: denied { siginh } for pid=225 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.185' (ED25519) to the list of known hosts. [ 20.218805][ T28] audit: type=1400 audit(1746751445.661:64): avc: denied { mounton } for pid=275 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 20.220075][ T275] cgroup: Unknown subsys name 'net' [ 20.222124][ T28] audit: type=1400 audit(1746751445.661:65): avc: denied { mount } for pid=275 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.225859][ T28] audit: type=1400 audit(1746751445.671:66): avc: denied { unmount } for pid=275 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.226049][ T275] cgroup: Unknown subsys name 'devices' [ 20.352288][ T275] cgroup: Unknown subsys name 'hugetlb' [ 20.357883][ T275] cgroup: Unknown subsys name 'rlimit' [ 20.463078][ T28] audit: type=1400 audit(1746751445.911:67): avc: denied { setattr } for pid=275 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.486544][ T28] audit: type=1400 audit(1746751445.911:68): avc: denied { mounton } for pid=275 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 20.496460][ T277] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 20.511254][ T28] audit: type=1400 audit(1746751445.911:69): avc: denied { mount } for pid=275 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 20.542906][ T28] audit: type=1400 audit(1746751445.961:70): avc: denied { relabelto } for pid=277 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.568356][ T28] audit: type=1400 audit(1746751445.961:71): avc: denied { write } for pid=277 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.597476][ T28] audit: type=1400 audit(1746751446.041:72): avc: denied { read } for pid=275 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.623027][ T28] audit: type=1400 audit(1746751446.041:73): avc: denied { open } for pid=275 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.623137][ T275] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 21.340504][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.347556][ T283] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.355056][ T283] device bridge_slave_0 entered promiscuous mode [ 21.362849][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.369866][ T283] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.377281][ T283] device bridge_slave_1 entered promiscuous mode [ 21.391972][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.398996][ T284] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.406434][ T284] device bridge_slave_0 entered promiscuous mode [ 21.414123][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.421177][ T284] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.428585][ T284] device bridge_slave_1 entered promiscuous mode [ 21.541357][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.548396][ T287] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.555862][ T287] device bridge_slave_0 entered promiscuous mode [ 21.568739][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.575888][ T287] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.583367][ T287] device bridge_slave_1 entered promiscuous mode [ 21.629540][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.636631][ T286] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.644011][ T286] device bridge_slave_0 entered promiscuous mode [ 21.659369][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.666569][ T286] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.673933][ T286] device bridge_slave_1 entered promiscuous mode [ 21.687151][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.694209][ T285] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.701570][ T285] device bridge_slave_0 entered promiscuous mode [ 21.716906][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.724162][ T285] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.731538][ T285] device bridge_slave_1 entered promiscuous mode [ 21.805549][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.812599][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.819842][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.826868][ T283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.838889][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.845947][ T284] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.853239][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.860276][ T284] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.932271][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.939298][ T287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.946633][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.953652][ T287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.977606][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.984963][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.992872][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.000171][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.007737][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.015191][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.023952][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.031462][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.054587][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.062459][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.070755][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.077766][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.085154][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.093897][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.100931][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.134443][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.143092][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.150120][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.157793][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.166426][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.174619][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.181641][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.188961][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.197042][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.205027][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.231456][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.239043][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.251604][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.259924][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.266996][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.277949][ T284] device veth0_vlan entered promiscuous mode [ 22.291541][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.299737][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.307326][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.315255][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 22.323711][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.332020][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.339033][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.346588][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.354001][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.362262][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.369268][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.396699][ T284] device veth1_macvtap entered promiscuous mode [ 22.404611][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.412171][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.419581][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 22.428086][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.437175][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.444215][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.451716][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.459699][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.467687][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.475965][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.484241][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.491265][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.498583][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.506628][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.514528][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.522672][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.530721][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.538718][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.547303][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.555614][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.563935][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.571685][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.579960][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.588185][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.595221][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.602634][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 22.618839][ T283] device veth0_vlan entered promiscuous mode [ 22.628185][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.636533][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.644988][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.653448][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.661830][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.669736][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.677156][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.685856][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.694288][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.709610][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.718042][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.726396][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.735146][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.746773][ T285] device veth0_vlan entered promiscuous mode [ 22.757790][ T286] device veth0_vlan entered promiscuous mode [ 22.765799][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.774020][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.781708][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.789108][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.797151][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.805317][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.812858][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.823486][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.831632][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.845224][ T283] device veth1_macvtap entered promiscuous mode [ 22.853245][ T284] request_module fs-gadgetfs succeeded, but still no fs? [ 22.866496][ T286] device veth1_macvtap entered promiscuous mode [ 22.873821][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.882137][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.890805][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.898897][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.907202][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.914801][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.923087][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.941355][ T285] device veth1_macvtap entered promiscuous mode [ 22.950913][ T287] device veth0_vlan entered promiscuous mode [ 22.959839][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.968995][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.977455][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.986613][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.993518][ T307] loop4: detected capacity change from 0 to 1024 [ 22.996159][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.001517][ T307] ======================================================= [ 23.001517][ T307] WARNING: The mand mount option has been deprecated and [ 23.001517][ T307] and is ignored by this kernel. Remove the mand [ 23.001517][ T307] option from the mount to silence this warning. [ 23.001517][ T307] ======================================================= [ 23.044214][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.044236][ T307] EXT4-fs: Ignoring removed bh option [ 23.053383][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.058857][ T307] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 23.067219][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.082897][ T307] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 23.085596][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.101106][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.114717][ T287] device veth1_macvtap entered promiscuous mode [ 23.133376][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.143033][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.151747][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.159896][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.169151][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.177237][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.177324][ T284] EXT4-fs (loop4): unmounting filesystem. [ 23.185779][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.199628][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.212636][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.241842][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.249196][ T317] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 23.251221][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.274973][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.283864][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.292166][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.300518][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.373522][ T324] udevd[324]: failed to send result of seq 4255 to main daemon: Connection refused [ 23.384180][ T328] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 23.394626][ T328] SELinux: failed to load policy [ 23.498676][ T352] loop1: detected capacity change from 0 to 2048 [ 23.511133][ T355] syz.2.19 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 23.545268][ T352] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 23.570374][ T352] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.595049][ T352] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28 [ 23.607575][ T352] EXT4-fs (loop1): This should not happen!! Data will be lost [ 23.607575][ T352] [ 23.617465][ T352] EXT4-fs (loop1): Total free blocks count 0 [ 23.624132][ T352] EXT4-fs (loop1): Free/Dirty block details [ 23.630395][ T352] EXT4-fs (loop1): free_blocks=2415919104 [ 23.636169][ T352] EXT4-fs (loop1): dirty_blocks=288 [ 23.648405][ T352] EXT4-fs (loop1): Block reservation details [ 23.654777][ T352] EXT4-fs (loop1): i_reserved_data_blocks=26 [ 23.871821][ T375] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28 [ 24.031182][ T395] loop0: detected capacity change from 0 to 128 [ 24.060218][ T395] EXT4-fs (loop0): Test dummy encryption mode enabled [ 24.088342][ T395] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 24.107673][ T395] ext4 filesystem being mounted at /2/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 24.130417][ T395] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 24.184546][ T286] EXT4-fs (loop0): unmounting filesystem. [ 24.255205][ T370] loop4: detected capacity change from 0 to 131072 [ 24.283895][ T370] F2FS-fs (loop4): Test dummy encryption mode enabled [ 24.291709][ T370] F2FS-fs (loop4): invalid crc value [ 24.311565][ T370] F2FS-fs (loop4): Found nat_bits in checkpoint [ 24.376290][ T413] loop0: detected capacity change from 0 to 512 [ 24.389057][ T370] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 24.397404][ T413] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 24.429205][ T413] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 24.481661][ T413] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 24.510434][ T420] input: syz1 as /devices/virtual/input/input5 [ 24.521036][ T413] EXT4-fs (loop0): 1 truncate cleaned up [ 24.543838][ T413] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 24.570310][ T413] EXT4-fs (loop0): re-mounted. Quota mode: writeback. [ 24.605145][ T286] EXT4-fs (loop0): unmounting filesystem. [ 24.642737][ T425] netlink: 4 bytes leftover after parsing attributes in process `syz.0.45'. [ 24.681539][ T427] loop3: detected capacity change from 0 to 128 [ 24.692890][ T427] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 24.739070][ T427] FAT-fs (loop3): FAT read failed (blocknr 128) [ 24.792529][ T433] loop2: detected capacity change from 0 to 512 [ 24.826536][ T433] EXT4-fs (loop2): orphan cleanup on readonly fs [ 24.833890][ T433] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.49: bad orphan inode 13 [ 24.852196][ T433] ext4_test_bit(bit=12, block=18) = 1 [ 24.865367][ T433] is_bad_inode(inode)=0 [ 24.869585][ T433] NEXT_ORPHAN(inode)=2130706432 [ 24.869596][ T433] max_ino=32 [ 24.869604][ T433] i_nlink=1 [ 24.869697][ T433] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 24.878276][ T433] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 24.913623][ T433] EXT4-fs (loop2): re-mounted. Quota mode: writeback. [ 24.940428][ T287] EXT4-fs (loop2): unmounting filesystem. [ 24.982905][ T465] syz.0.62[465] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 24.983030][ T465] syz.0.62[465] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 25.003891][ T468] loop3: detected capacity change from 0 to 512 [ 25.040790][ T468] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.63: inode #1: comm syz.3.63: iget: illegal inode # [ 25.054113][ T468] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.63: error while reading EA inode 1 err=-117 [ 25.067911][ T468] EXT4-fs (loop3): 1 orphan inode deleted [ 25.074051][ T468] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 25.116973][ T479] Illegal XDP return value 4294967294 on prog (id 36) dev N/A, expect packet loss! [ 25.186858][ T285] EXT4-fs (loop3): unmounting filesystem. [ 25.225174][ T28] kauditd_printk_skb: 135 callbacks suppressed [ 25.225189][ T28] audit: type=1326 audit(1746751450.621:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=480 comm="syz.1.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6d1b72ab39 code=0x7ffc0000 [ 25.306575][ T495] loop0: detected capacity change from 0 to 512 [ 25.309959][ T28] audit: type=1326 audit(1746751450.671:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=480 comm="syz.1.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6d1b72ab39 code=0x7ffc0000 [ 25.336689][ T498] audit: audit_backlog=65 > audit_backlog_limit=64 [ 25.343456][ T495] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 25.363854][ T485] audit: audit_backlog=65 > audit_backlog_limit=64 [ 25.370144][ T498] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 25.370456][ T28] audit: type=1326 audit(1746751450.671:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=480 comm="syz.1.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6d1b72ab39 code=0x7ffc0000 [ 25.388162][ T498] audit: backlog limit exceeded [ 25.401417][ T485] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64 [ 25.413964][ T485] audit: backlog limit exceeded [ 25.419846][ T495] EXT4-fs error (device loop0): ext4_get_branch:178: inode #11: block 4294967295: comm syz.0.77: invalid block [ 25.438756][ T28] audit: type=1326 audit(1746751450.671:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=480 comm="syz.1.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6d1b72ab39 code=0x7ffc0000 [ 25.441923][ T495] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.77: invalid indirect mapped block 4294967295 (level 1) [ 25.534483][ T495] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.77: invalid indirect mapped block 4294967295 (level 1) [ 25.578323][ T495] EXT4-fs (loop0): 2 truncates cleaned up [ 25.596680][ T495] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 25.635021][ T286] EXT4-fs (loop0): unmounting filesystem. [ 25.720381][ T58] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 25.900102][ T39] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 25.908564][ T58] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.922604][ T58] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 25.940005][ T58] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 25.959316][ T58] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 25.968543][ T58] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.980793][ T58] usb 4-1: config 0 descriptor?? [ 26.101418][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.115687][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 26.132202][ T39] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 26.146378][ T515] loop2: detected capacity change from 0 to 128 [ 26.162841][ T39] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 26.176459][ T515] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 26.178475][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.190159][ T515] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 26.208000][ T39] usb 5-1: config 0 descriptor?? [ 26.270011][ T515] support for the xor transformation has been removed. [ 26.289847][ T287] EXT4-fs error (device loop2): ext4_readdir:223: inode #11: comm syz-executor: path /21/file0/lost+found: directory fails checksum at offset 1024 [ 26.313624][ T287] EXT4-fs error (device loop2): ext4_readdir:223: inode #11: comm syz-executor: path /21/file0/lost+found: directory fails checksum at offset 8192 [ 26.338066][ T287] EXT4-fs error (device loop2): ext4_empty_dir:3166: inode #11: block 1: comm syz-executor: Directory block failed checksum [ 26.358993][ T287] EXT4-fs error (device loop2): ext4_readdir:223: inode #11: comm syz-executor: path /21/file0/lost+found: directory fails checksum at offset 1024 [ 26.389562][ T287] EXT4-fs error (device loop2): ext4_readdir:223: inode #11: comm syz-executor: path /21/file0/lost+found: directory fails checksum at offset 8192 [ 26.409833][ T58] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 26.418069][ T287] EXT4-fs error (device loop2): ext4_empty_dir:3166: inode #11: block 1: comm syz-executor: Directory block failed checksum [ 26.432918][ T287] EXT4-fs error (device loop2): ext4_readdir:223: inode #11: comm syz-executor: path /21/file0/lost+found: directory fails checksum at offset 1024 [ 26.433121][ T58] plantronics 0003:047F:FFFF.0001: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 26.448200][ T287] EXT4-fs error (device loop2): ext4_readdir:223: inode #11: comm syz-executor: path /21/file0/lost+found: directory fails checksum at offset 8192 [ 26.476280][ T287] EXT4-fs error (device loop2): ext4_empty_dir:3166: inode #11: block 1: comm syz-executor: Directory block failed checksum [ 26.489929][ T287] EXT4-fs error (device loop2): ext4_readdir:223: inode #11: comm syz-executor: path /21/file0/lost+found: directory fails checksum at offset 1024 [ 26.603882][ T287] EXT4-fs (loop2): unmounting filesystem. [ 26.634385][ T39] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 26.642228][ T287] syz-executor (287) used greatest stack depth: 22016 bytes left [ 26.673106][ T39] plantronics 0003:047F:FFFF.0002: hiddev97,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 26.703046][ T39] usb 4-1: USB disconnect, device number 2 [ 26.860298][ T19] usb 5-1: USB disconnect, device number 2 [ 26.917423][ T518] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.929692][ T518] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.941033][ T518] device bridge_slave_0 entered promiscuous mode [ 26.950937][ T518] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.958034][ T518] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.965991][ T518] device bridge_slave_1 entered promiscuous mode [ 27.056087][ T304] device bridge_slave_1 left promiscuous mode [ 27.062489][ T304] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.072486][ T304] device bridge_slave_0 left promiscuous mode [ 27.078635][ T304] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.100078][ T304] device veth1_macvtap left promiscuous mode [ 27.116270][ T304] device veth0_vlan left promiscuous mode [ 27.290715][ T518] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.297834][ T518] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.305239][ T518] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.312068][ T526] loop3: detected capacity change from 0 to 1024 [ 27.312290][ T518] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.322470][ T526] EXT4-fs: Ignoring removed orlov option [ 27.337644][ T526] EXT4-fs: Ignoring removed nomblk_io_submit option [ 27.363800][ T526] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 27.395316][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.405005][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.427523][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.453966][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.467832][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.474921][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.483241][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.491967][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.499043][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.506769][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.522226][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.557039][ T285] EXT4-fs (loop3): unmounting filesystem. [ 27.557103][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.585415][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.600555][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.614145][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.634003][ T518] device veth0_vlan entered promiscuous mode [ 27.653843][ T518] device veth1_macvtap entered promiscuous mode [ 27.665493][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 27.676704][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.697569][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 27.720270][ T344] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 27.721025][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 27.773375][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 27.784712][ T554] loop3: detected capacity change from 0 to 1024 [ 27.801486][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 27.818272][ T554] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 27.841654][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 27.854707][ T554] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 27.863690][ T560] fuse: Invalid group_id [ 27.865278][ T554] JBD2: no valid journal superblock found [ 27.874286][ T554] EXT4-fs (loop3): error loading journal [ 27.913851][ T571] device batadv_slave_0 entered promiscuous mode [ 27.922006][ T570] device batadv_slave_0 left promiscuous mode [ 28.057462][ T585] loop1: detected capacity change from 0 to 16 [ 28.068420][ T585] erofs: (device loop1): mounted with root inode @ nid 36. [ 28.113094][ T19] kernel write not supported for file [eventfd] (pid: 19 comm: kworker/0:1) [ 28.119929][ T593] input: syz1 as /devices/virtual/input/input8 [ 28.212417][ T606] loop0: detected capacity change from 0 to 128 [ 28.262671][ T627] loop3: detected capacity change from 0 to 512 [ 28.269706][ T627] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 28.282086][ T627] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 28.291646][ T627] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 28.304833][ T635] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pid=635 comm=syz.5.136 [ 28.319571][ T627] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.132: bg 0: block 304: padding at end of block bitmap is not set [ 28.336573][ T638] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 28.346211][ T627] EXT4-fs (loop3): Remounting filesystem read-only [ 28.362082][ T639] loop1: detected capacity change from 0 to 256 [ 28.402622][ T285] EXT4-fs (loop3): unmounting filesystem. [ 28.427087][ T639] FAT-fs (loop1): Directory bread(block 64) failed [ 28.435074][ T645] loop5: detected capacity change from 0 to 1024 [ 28.457524][ T639] FAT-fs (loop1): Directory bread(block 65) failed [ 28.473870][ T645] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 28.490290][ T639] FAT-fs (loop1): Directory bread(block 66) failed [ 28.490993][ T645] incfs: iterate_incfs_dir / -22 [ 28.511453][ T518] EXT4-fs error (device loop5): ext4_lookup:1862: inode #2: comm syz-executor: deleted inode referenced: 11 [ 28.525521][ T639] FAT-fs (loop1): Directory bread(block 67) failed [ 28.548733][ T518] EXT4-fs error (device loop5): ext4_lookup:1862: inode #2: comm syz-executor: deleted inode referenced: 11 [ 28.560349][ T639] FAT-fs (loop1): Directory bread(block 68) failed [ 28.560371][ T639] FAT-fs (loop1): Directory bread(block 69) failed [ 28.560401][ T639] FAT-fs (loop1): Directory bread(block 70) failed [ 28.580631][ T639] FAT-fs (loop1): Directory bread(block 71) failed [ 28.587175][ T639] FAT-fs (loop1): Directory bread(block 72) failed [ 28.593749][ T639] FAT-fs (loop1): Directory bread(block 73) failed [ 28.664783][ T654] loop0: detected capacity change from 0 to 512 [ 28.673256][ T518] EXT4-fs (loop5): unmounting filesystem. [ 28.695696][ T654] EXT4-fs (loop0): orphan cleanup on readonly fs [ 28.710870][ T654] EXT4-fs error (device loop0): ext4_orphan_get:1426: comm syz.0.143: bad orphan inode 13 [ 28.732898][ T654] ext4_test_bit(bit=12, block=18) = 1 [ 28.740204][ T654] is_bad_inode(inode)=0 [ 28.744713][ T654] NEXT_ORPHAN(inode)=2130706432 [ 28.758316][ T654] max_ino=32 [ 28.770030][ T654] i_nlink=1 [ 28.776540][ T654] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 28.852233][ T654] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 28.918011][ T658] netlink: 4 bytes leftover after parsing attributes in process `syz.3.146'. [ 28.938342][ T654] EXT4-fs (loop0): re-mounted. Quota mode: writeback. [ 28.973325][ T286] EXT4-fs (loop0): unmounting filesystem. [ 29.110454][ T675] loop3: detected capacity change from 0 to 128 [ 29.125869][ T666] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.141672][ T666] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.159694][ T666] device bridge_slave_0 entered promiscuous mode [ 29.189544][ T304] device bridge_slave_1 left promiscuous mode [ 29.196136][ T304] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.204380][ T304] device bridge_slave_0 left promiscuous mode [ 29.210585][ T304] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.220161][ T304] device veth1_macvtap left promiscuous mode [ 29.226191][ T304] device veth0_vlan left promiscuous mode [ 29.293263][ T684] loop3: detected capacity change from 0 to 2048 [ 29.332129][ T666] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.340712][ T666] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.349783][ T666] device bridge_slave_1 entered promiscuous mode [ 29.360087][ T684] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 29.368559][ T684] ext4 filesystem being mounted at /37/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 29.432411][ T684] fs-verity: sha512 using implementation "sha512-avx2" [ 29.482863][ T285] EXT4-fs (loop3): unmounting filesystem. [ 29.493090][ T699] netlink: 104 bytes leftover after parsing attributes in process `syz.4.161'. [ 29.505859][ T684] syz.3.155 (684) used greatest stack depth: 21312 bytes left [ 29.575088][ T666] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.582162][ T666] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.589435][ T666] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.596491][ T666] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.629578][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.639296][ T304] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.650510][ T304] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.671518][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 29.678561][ T712] loop0: detected capacity change from 0 to 4096 [ 29.682885][ T304] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.692840][ T304] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.707691][ T712] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 29.725165][ T712] EXT4-fs error (device loop0): ext4_do_update_inode:5226: inode #15: comm syz.0.167: corrupted inode contents [ 29.739401][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 29.757400][ T304] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.764458][ T304] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.772236][ T712] EXT4-fs error (device loop0): ext4_dirty_inode:6091: inode #15: comm syz.0.167: mark_inode_dirty error [ 29.793809][ T712] EXT4-fs error (device loop0): ext4_do_update_inode:5226: inode #15: comm syz.0.167: corrupted inode contents [ 29.806011][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.820274][ T712] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #15: comm syz.0.167: mark_inode_dirty error [ 29.830718][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 29.840262][ T712] EXT4-fs error (device loop0): ext4_do_update_inode:5226: inode #15: comm syz.0.167: corrupted inode contents [ 29.855222][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.865400][ T712] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #15: comm syz.0.167: mark_inode_dirty error [ 29.876723][ T39] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 29.884578][ T712] EXT4-fs error (device loop0): ext4_do_update_inode:5226: inode #15: comm syz.0.167: corrupted inode contents [ 29.892189][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 29.910065][ T712] EXT4-fs error (device loop0): ext4_truncate:4313: inode #15: comm syz.0.167: mark_inode_dirty error [ 29.911669][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.938369][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 29.946422][ T712] EXT4-fs error (device loop0) in ext4_setattr:5630: Corrupt filesystem [ 29.963118][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.971198][ T720] EXT4-fs error (device loop0): ext4_do_update_inode:5226: inode #15: comm syz.0.167: corrupted inode contents [ 29.976184][ T666] device veth0_vlan entered promiscuous mode [ 29.990478][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 30.010411][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 30.025365][ T666] device veth1_macvtap entered promiscuous mode [ 30.033649][ T286] EXT4-fs (loop0): unmounting filesystem. [ 30.040830][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 30.049278][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.061150][ T39] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 30.070416][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 30.089593][ T39] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 30.101605][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 30.113881][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 30.113879][ T717] loop3: detected capacity change from 0 to 40427 [ 30.122247][ T717] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 30.136005][ T39] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 30.136271][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 30.150033][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 30.168655][ T717] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 30.170671][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 30.180042][ T39] usb 5-1: SerialNumber: syz [ 30.192076][ T717] F2FS-fs (loop3): invalid crc value [ 30.231324][ T717] F2FS-fs (loop3): Found nat_bits in checkpoint [ 30.298358][ T717] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 30.307960][ T717] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 30.395227][ T285] syz-executor: attempt to access beyond end of device [ 30.395227][ T285] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 30.411088][ T39] usb 5-1: 0:2 : does not exist [ 30.426155][ T39] usb 5-1: 5:0: failed to get current value for ch 1 (-22) [ 30.448758][ T39] usb 5-1: 5:0: failed to get current value for ch 2 (-22) [ 30.470795][ T39] usb 5-1: USB disconnect, device number 3 [ 30.549188][ T28] kauditd_printk_skb: 10191 callbacks suppressed [ 30.549204][ T28] audit: type=1400 audit(1746751968.982:10404): avc: denied { read } for pid=769 comm="syz.1.191" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 30.579603][ T28] audit: type=1400 audit(1746751968.982:10405): avc: denied { open } for pid=769 comm="syz.1.191" path="/dev/binderfs/binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 30.604664][ T28] audit: type=1400 audit(1746751969.022:10406): avc: denied { ioctl } for pid=769 comm="syz.1.191" path="/dev/binderfs/binder0" dev="binder" ino=7 ioctlcmd=0x6205 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 30.630376][ T19] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 30.637914][ T28] audit: type=1400 audit(1746751969.052:10407): avc: denied { bind } for pid=771 comm="syz.3.184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 30.671583][ T779] loop3: detected capacity change from 0 to 512 [ 30.677338][ T777] loop0: detected capacity change from 0 to 4096 [ 30.686850][ T777] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 30.697416][ T779] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 30.706510][ T779] ext4 filesystem being mounted at /43/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 30.723797][ T285] EXT4-fs (loop3): unmounting filesystem. [ 30.826655][ T286] EXT4-fs (loop0): unmounting filesystem. [ 30.838632][ T28] audit: type=1400 audit(1746751969.272:10408): avc: denied { read } for pid=795 comm="syz.1.201" path="socket:[18634]" dev="sockfs" ino=18634 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 30.862699][ T19] usb 7-1: Using ep0 maxpacket: 32 [ 30.872104][ T19] usb 7-1: config 0 has an invalid interface number: 67 but max is 0 [ 30.885464][ T19] usb 7-1: config 0 has no interface number 0 [ 30.901181][ T19] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 30.920039][ T19] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 30.938149][ T19] usb 7-1: Product: syz [ 30.943627][ T19] usb 7-1: Manufacturer: syz [ 30.948227][ T19] usb 7-1: SerialNumber: syz [ 30.967616][ T790] loop3: detected capacity change from 0 to 40427 [ 30.969767][ T19] usb 7-1: config 0 descriptor?? [ 30.977458][ T790] F2FS-fs (loop3): Fix alignment : done, start(4096) end(16896) block(12288) [ 30.983359][ T19] smsc95xx v2.0.0 [ 30.990696][ T790] F2FS-fs (loop3): invalid crc value [ 31.021102][ T28] audit: type=1400 audit(1746751969.462:10409): avc: denied { write } for pid=815 comm="syz.0.209" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 31.055523][ T790] F2FS-fs (loop3): Found nat_bits in checkpoint [ 31.061843][ T28] audit: type=1400 audit(1746751969.492:10410): avc: denied { read write } for pid=818 comm="syz.0.210" name="vhost-vsock" dev="devtmpfs" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 31.106168][ T28] audit: type=1400 audit(1746751969.492:10411): avc: denied { open } for pid=818 comm="syz.0.210" path="/dev/vhost-vsock" dev="devtmpfs" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 31.140302][ T821] loop0: detected capacity change from 0 to 512 [ 31.148085][ T790] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 31.177949][ T821] Quota error (device loop0): v2_read_file_info: Can't read info structure [ 31.186846][ T821] EXT4-fs warning (device loop0): ext4_enable_quotas:7024: Failed to enable quota tracking (type=0, err=-5, ino=3). Please run e2fsck to fix. [ 31.202151][ T285] syz-executor: attempt to access beyond end of device [ 31.202151][ T285] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 31.216622][ T821] EXT4-fs (loop0): mount failed [ 31.280030][ T314] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 31.471119][ T314] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 31.491104][ T314] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 31.511893][ T314] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 31.529624][ T314] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 31.547524][ T314] usb 5-1: Product: syz [ 31.556082][ T314] usb 5-1: Manufacturer: syz [ 31.566188][ T314] usb 5-1: SerialNumber: syz [ 31.622033][ T829] loop0: detected capacity change from 0 to 40427 [ 31.654247][ T829] F2FS-fs (loop0): Found nat_bits in checkpoint [ 31.717999][ T829] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 31.752895][ T829] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 31.780007][ T314] usb 5-1: 0:2 : does not exist [ 31.788303][ T314] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 31.796298][ T286] syz-executor: attempt to access beyond end of device [ 31.796298][ T286] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 31.825032][ T314] usb 5-1: USB disconnect, device number 4 [ 31.986046][ T19] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 32.005808][ T833] loop3: detected capacity change from 0 to 131072 [ 32.012427][ T19] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 32.027833][ T19] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 32.039282][ T19] smsc95xx: probe of 7-1:0.67 failed with error -71 [ 32.048002][ T19] usb 7-1: USB disconnect, device number 2 [ 32.048899][ T841] tipc: Enabling of bearer rejected, failed to enable media [ 32.073893][ T833] F2FS-fs (loop3): Found nat_bits in checkpoint [ 32.123865][ T851] loop1: detected capacity change from 0 to 1024 [ 32.133857][ T851] EXT4-fs: Ignoring removed oldalloc option [ 32.140431][ T833] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 32.180845][ T851] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 32.184147][ T839] loop0: detected capacity change from 0 to 40427 [ 32.199172][ T839] F2FS-fs (loop0): fault_injection options not supported [ 32.206537][ T839] F2FS-fs (loop0): Image doesn't support compression [ 32.214393][ T283] EXT4-fs (loop1): unmounting filesystem. [ 32.215532][ T839] F2FS-fs (loop0): Image doesn't support compression [ 32.266480][ T839] F2FS-fs (loop0): invalid crc value [ 32.292668][ T839] F2FS-fs (loop0): Found nat_bits in checkpoint [ 32.343304][ T839] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 32.424433][ T286] syz-executor: attempt to access beyond end of device [ 32.424433][ T286] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 32.621386][ T907] loop3: detected capacity change from 0 to 512 [ 32.627861][ T907] EXT4-fs: Ignoring removed mblk_io_submit option [ 32.634938][ T907] EXT4-fs: Ignoring removed i_version option [ 32.641183][ T907] ext4: Unknown parameter 'smackfsroot' [ 32.670747][ T909] input: syz1 as /devices/virtual/input/input10 [ 32.710202][ T913] loop3: detected capacity change from 0 to 4096 [ 32.718750][ T913] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 32.730182][ T28] audit: type=1400 audit(1746752484.177:10412): avc: denied { setattr } for pid=912 comm="syz.3.246" name="file0" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 32.741604][ T913] EXT4-fs (loop3): shut down requested (1) [ 32.752480][ T39] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 32.760031][ T19] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 32.774682][ T285] EXT4-fs (loop3): unmounting filesystem. [ 32.791193][ T920] loop3: detected capacity change from 0 to 128 [ 32.797866][ T920] EXT4-fs (loop3): Test dummy encryption mode enabled [ 32.805794][ T920] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 32.814324][ T920] ext4 filesystem being mounted at /59/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 32.834463][ T285] EXT4-fs (loop3): unmounting filesystem. [ 32.921941][ T936] tipc: Started in network mode [ 32.927035][ T936] tipc: Node identity ac1414bb, cluster identity 4711 [ 32.934066][ T936] tipc: Enabling of bearer rejected, failed to enable media [ 32.951147][ T19] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 32.960934][ T19] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 32.971669][ T19] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 32.986847][ T39] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 32.987448][ T19] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 32.997086][ T39] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 32.997128][ T39] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 33.011900][ T19] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.019193][ T39] usb 2-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 33.028952][ T19] usb 5-1: Product: syz [ 33.038556][ T39] usb 2-1: New USB device found, idVendor=0125, idProduct=a4a1, bcdDevice= 0.40 [ 33.049562][ T19] usb 5-1: Manufacturer: syz [ 33.054985][ T39] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.062900][ T19] usb 5-1: SerialNumber: syz [ 33.075457][ T39] usb 2-1: Product: syz [ 33.084408][ T39] usb 2-1: Manufacturer: syz [ 33.089050][ T39] usb 2-1: SerialNumber: syz [ 33.095753][ T19] hub 5-1:1.0: bad descriptor, ignoring hub [ 33.101867][ T19] hub: probe of 5-1:1.0 failed with error -5 [ 33.111082][ T39] cdc_ncm 2-1:1.0: skipping garbage [ 33.297681][ T19] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 33.414321][ T951] loop6: detected capacity change from 0 to 1024 [ 33.421097][ T951] EXT4-fs: Ignoring removed nobh option [ 33.426735][ T951] EXT4-fs: Ignoring removed bh option [ 33.441347][ T951] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 33.511243][ T666] EXT4-fs (loop6): unmounting filesystem. [ 33.650092][ T320] usb 5-1: USB disconnect, device number 5 [ 33.656703][ T320] usblp0: removed [ 33.830025][ T315] usb 7-1: new full-speed USB device number 3 using dummy_hcd [ 34.010097][ T320] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 34.031680][ T315] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 34.040174][ T844] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 34.042647][ T315] usb 7-1: New USB device found, idVendor=5543, idProduct=0003, bcdDevice= 0.00 [ 34.059089][ T315] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 34.067615][ T315] usb 7-1: config 0 descriptor?? [ 34.072858][ T959] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 34.118561][ T39] cdc_ncm 2-1:1.0: bind() failure [ 34.124466][ T39] cdc_ncm: probe of 2-1:1.1 failed with error -71 [ 34.131251][ T39] cdc_mbim: probe of 2-1:1.1 failed with error -71 [ 34.139682][ T39] usb 2-1: USB disconnect, device number 2 [ 34.191145][ T320] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 34.200840][ T320] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 34.210507][ T320] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 34.230045][ T844] usb 4-1: Using ep0 maxpacket: 16 [ 34.236476][ T844] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 34.240132][ T320] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 34.247669][ T844] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 34.266324][ T844] usb 4-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 34.270005][ T320] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 34.275552][ T844] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 34.292168][ T844] usb 4-1: config 0 descriptor?? [ 34.298278][ T320] usb 5-1: Product: syz [ 34.302505][ T320] usb 5-1: Manufacturer: syz [ 34.307113][ T320] usb 5-1: SerialNumber: syz [ 34.313109][ T320] hub 5-1:1.0: bad descriptor, ignoring hub [ 34.319048][ T320] hub: probe of 5-1:1.0 failed with error -5 [ 34.499746][ T315] uclogic 0003:5543:0003.0003: item fetching failed at offset 0/1 [ 34.507798][ T315] uclogic 0003:5543:0003.0003: parse failed [ 34.514039][ T315] uclogic: probe of 0003:5543:0003.0003 failed with error -22 [ 34.523773][ T320] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 6 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 34.560784][ T320] usb 5-1: USB disconnect, device number 6 [ 34.567286][ T320] usblp0: removed [ 34.700760][ T39] usb 7-1: USB disconnect, device number 3 [ 34.705065][ T844] sony 0003:054C:05C4.0004: unknown main item tag 0x0 [ 34.715491][ T844] sony 0003:054C:05C4.0004: hidraw0: USB HID v80.00 Device [HID 054c:05c4] on usb-dummy_hcd.3-1/input0 [ 34.721464][ T966] netlink: 4 bytes leftover after parsing attributes in process `syz.1.269'. [ 34.731445][ T844] sony 0003:054C:05C4.0004: failed to claim input [ 34.885701][ T989] loop0: detected capacity change from 0 to 1024 [ 34.892380][ T989] EXT4-fs: Ignoring removed bh option [ 34.898061][ T989] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 34.934557][ T989] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 34.958394][ T286] EXT4-fs (loop0): unmounting filesystem. [ 34.997926][ T987] loop1: detected capacity change from 0 to 40427 [ 35.005734][ T987] F2FS-fs (loop1): fault_injection options not supported [ 35.014387][ T987] F2FS-fs (loop1): invalid crc value [ 35.021194][ T987] F2FS-fs (loop1): Found nat_bits in checkpoint [ 35.060846][ T987] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 35.075885][ T987] syz.1.276: attempt to access beyond end of device [ 35.075885][ T987] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 35.102579][ T1014] capability: warning: `syz.0.290' uses deprecated v2 capabilities in a way that may be insecure [ 35.113383][ T283] syz-executor: attempt to access beyond end of device [ 35.113383][ T283] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 35.308873][ T1053] loop1: detected capacity change from 0 to 1024 [ 35.325473][ T1053] EXT4-fs: Ignoring removed bh option [ 35.335575][ T1053] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 35.397011][ T1053] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 35.425937][ T283] EXT4-fs (loop1): unmounting filesystem. [ 35.437665][ T1071] loop4: detected capacity change from 0 to 1024 [ 35.444739][ T1071] EXT4-fs: Ignoring removed orlov option [ 35.462343][ T1071] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 35.493461][ T1071] EXT4-fs (loop4): re-mounted. Quota mode: writeback. [ 35.514590][ T284] EXT4-fs (loop4): unmounting filesystem. [ 35.520905][ T286] ------------[ cut here ]------------ [ 35.526372][ T286] WARNING: CPU: 0 PID: 286 at fs/inode.c:332 drop_nlink+0xc5/0x110 [ 35.534329][ T286] Modules linked in: [ 35.534533][ T1081] overlayfs: missing 'workdir' [ 35.538224][ T286] CPU: 0 PID: 286 Comm: syz-executor Not tainted 6.1.134-syzkaller-00012-g646380b087a5 #0 [ 35.538246][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 35.563213][ T286] RIP: 0010:drop_nlink+0xc5/0x110 [ 35.568264][ T286] Code: 1b 48 8d bb b8 04 00 00 be 08 00 00 00 e8 73 ee f0 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 7b 99 ac ff <0f> 0b eb 86 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5e ff ff ff 4c [ 35.588154][ T286] RSP: 0018:ffffc9000db57c38 EFLAGS: 00010293 [ 35.594447][ T286] RAX: ffffffff81c34d55 RBX: ffff8881257d2288 RCX: ffff88811eff2880 [ 35.602467][ T286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 35.610469][ T286] RBP: ffffc9000db57c60 R08: 0000000000000004 R09: 0000000000000003 [ 35.618440][ T286] R10: fffff52001b6af78 R11: 1ffff92001b6af78 R12: dffffc0000000000 [ 35.626437][ T286] R13: 1ffff11024afa45a R14: ffff8881257d22d0 R15: 0000000000000000 [ 35.634454][ T286] FS: 000055558ea64500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 35.643526][ T286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.650170][ T286] CR2: 00007ffcfaf9bd38 CR3: 00000001303b9000 CR4: 00000000003526b0 [ 35.658284][ T286] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 35.666466][ T286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 35.674474][ T286] Call Trace: [ 35.677744][ T286] [ 35.680692][ T286] shmem_rmdir+0x5b/0x90 [ 35.684947][ T286] vfs_rmdir+0x393/0x500 [ 35.689183][ T286] incfs_kill_sb+0x105/0x220 [ 35.693788][ T286] deactivate_locked_super+0xb5/0x120 [ 35.699173][ T286] deactivate_super+0xaf/0xe0 [ 35.703888][ T286] cleanup_mnt+0x45f/0x4e0 [ 35.708306][ T286] __cleanup_mnt+0x19/0x20 [ 35.712796][ T286] task_work_run+0x1db/0x240 [ 35.717424][ T286] ? __cfi_task_work_run+0x10/0x10 [ 35.722723][ T286] ? __x64_sys_umount+0x125/0x160 [ 35.727739][ T286] ? __cfi___x64_sys_umount+0x10/0x10 [ 35.733325][ T286] exit_to_user_mode_loop+0x9b/0xb0 [ 35.738518][ T286] exit_to_user_mode_prepare+0x5a/0xa0 [ 35.743988][ T286] syscall_exit_to_user_mode+0x1a/0x30 [ 35.749457][ T286] do_syscall_64+0x58/0xa0 [ 35.753902][ T286] ? clear_bhb_loop+0x15/0x70 [ 35.758578][ T286] ? clear_bhb_loop+0x15/0x70 [ 35.763255][ T286] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 35.769150][ T286] RIP: 0033:0x7f0c4038fc97 [ 35.773566][ T286] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 35.793216][ T286] RSP: 002b:00007fff8f84ccf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 35.802335][ T286] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0c4038fc97 [ 35.810777][ T286] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff8f84cdb0 [ 35.818757][ T286] RBP: 00007fff8f84cdb0 R08: 0000000000000000 R09: 0000000000000000 [ 35.826744][ T286] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff8f84de40 [ 35.834739][ T286] R13: 00007f0c4041089d R14: 0000000000008aa5 R15: 00007fff8f84de80 [ 35.842727][ T286] [ 35.845752][ T286] ---[ end trace 0000000000000000 ]--- [ 35.851393][ T286] ================================================================== [ 35.859450][ T286] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60 [ 35.865684][ T286] Write of size 4 at addr 0000000000000170 by task syz-executor/286 [ 35.873642][ T286] [ 35.875983][ T286] CPU: 1 PID: 286 Comm: syz-executor Tainted: G W 6.1.134-syzkaller-00012-g646380b087a5 #0 [ 35.887339][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 35.897377][ T286] Call Trace: [ 35.900645][ T286] [ 35.903564][ T286] __dump_stack+0x21/0x24 [ 35.907890][ T286] dump_stack_lvl+0xee/0x150 [ 35.912472][ T286] ? __cfi_dump_stack_lvl+0x8/0x8 [ 35.917489][ T286] ? ihold+0x20/0x60 [ 35.921379][ T286] ? ihold+0x20/0x60 [ 35.925269][ T286] print_report+0x3d/0x60 [ 35.929591][ T286] kasan_report+0x122/0x150 [ 35.934080][ T286] ? ihold+0x20/0x60 [ 35.937973][ T286] kasan_check_range+0x280/0x290 [ 35.942898][ T286] __kasan_check_write+0x14/0x20 [ 35.947829][ T286] ihold+0x20/0x60 [ 35.951547][ T286] vfs_rmdir+0x25f/0x500 [ 35.955783][ T286] incfs_kill_sb+0x105/0x220 [ 35.960366][ T286] deactivate_locked_super+0xb5/0x120 [ 35.965729][ T286] deactivate_super+0xaf/0xe0 [ 35.970420][ T286] cleanup_mnt+0x45f/0x4e0 [ 35.974887][ T286] __cleanup_mnt+0x19/0x20 [ 35.979317][ T286] task_work_run+0x1db/0x240 [ 35.983901][ T286] ? __cfi_task_work_run+0x10/0x10 [ 35.989012][ T286] ? __x64_sys_umount+0x125/0x160 [ 35.994026][ T286] ? __cfi___x64_sys_umount+0x10/0x10 [ 35.999387][ T286] exit_to_user_mode_loop+0x9b/0xb0 [ 36.004573][ T286] exit_to_user_mode_prepare+0x5a/0xa0 [ 36.010043][ T286] syscall_exit_to_user_mode+0x1a/0x30 [ 36.015499][ T286] do_syscall_64+0x58/0xa0 [ 36.019916][ T286] ? clear_bhb_loop+0x15/0x70 [ 36.024673][ T286] ? clear_bhb_loop+0x15/0x70 [ 36.029338][ T286] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 36.035234][ T286] RIP: 0033:0x7f0c4038fc97 [ 36.039640][ T286] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 36.059233][ T286] RSP: 002b:00007fff8f84ccf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 36.067635][ T286] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0c4038fc97 [ 36.075602][ T286] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff8f84cdb0 [ 36.083567][ T286] RBP: 00007fff8f84cdb0 R08: 0000000000000000 R09: 0000000000000000 [ 36.091521][ T286] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff8f84de40 [ 36.099476][ T286] R13: 00007f0c4041089d R14: 0000000000008aa5 R15: 00007fff8f84de80 [ 36.107437][ T286] [ 36.110442][ T286] ================================================================== [ 36.121706][ T286] Disabling lock debugging due to kernel taint [ 36.127915][ T286] BUG: kernel NULL pointer dereference, address: 0000000000000170 [ 36.135714][ T286] #PF: supervisor write access in kernel mode [ 36.141774][ T286] #PF: error_code(0x0002) - not-present page [ 36.147734][ T286] PGD 13362c067 P4D 13362c067 PUD 0 [ 36.153014][ T286] Oops: 0002 [#1] PREEMPT SMP KASAN [ 36.158196][ T286] CPU: 0 PID: 286 Comm: syz-executor Tainted: G B W 6.1.134-syzkaller-00012-g646380b087a5 #0 [ 36.169546][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 36.179589][ T286] RIP: 0010:ihold+0x26/0x60 [ 36.184099][ T286] Code: 33 36 7c df 55 48 89 e5 41 56 53 48 89 fb e8 e1 90 ac ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 b0 e5 f0 ff 41 be 01 00 00 00 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 d1 [ 36.203691][ T286] RSP: 0018:ffffc9000db57c78 EFLAGS: 00010246 [ 36.209746][ T286] RAX: ffff88811eff2800 RBX: 0000000000000000 RCX: ffff88811eff2880 [ 36.217706][ T286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 36.225665][ T286] RBP: ffffc9000db57c88 R08: dffffc0000000000 R09: fffffbfff0f2ccfd [ 36.233630][ T286] R10: fffffbfff0f2ccfd R11: 1ffffffff0f2ccfc R12: ffff8881257d2294 [ 36.241593][ T286] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000 [ 36.249551][ T286] FS: 000055558ea64500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 36.258468][ T286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 36.265044][ T286] CR2: 0000000000000170 CR3: 00000001303b9000 CR4: 00000000003526b0 [ 36.273015][ T286] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 36.280974][ T286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 36.288952][ T286] Call Trace: [ 36.292224][ T286] [ 36.295167][ T286] vfs_rmdir+0x25f/0x500 [ 36.299500][ T286] incfs_kill_sb+0x105/0x220 [ 36.304103][ T286] deactivate_locked_super+0xb5/0x120 [ 36.309479][ T286] deactivate_super+0xaf/0xe0 [ 36.314153][ T286] cleanup_mnt+0x45f/0x4e0 [ 36.318576][ T286] __cleanup_mnt+0x19/0x20 [ 36.322983][ T286] task_work_run+0x1db/0x240 [ 36.327562][ T286] ? __cfi_task_work_run+0x10/0x10 [ 36.332672][ T286] ? __x64_sys_umount+0x125/0x160 [ 36.337689][ T286] ? __cfi___x64_sys_umount+0x10/0x10 [ 36.343060][ T286] exit_to_user_mode_loop+0x9b/0xb0 [ 36.348280][ T286] exit_to_user_mode_prepare+0x5a/0xa0 [ 36.353749][ T286] syscall_exit_to_user_mode+0x1a/0x30 [ 36.359207][ T286] do_syscall_64+0x58/0xa0 [ 36.363613][ T286] ? clear_bhb_loop+0x15/0x70 [ 36.368282][ T286] ? clear_bhb_loop+0x15/0x70 [ 36.372948][ T286] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 36.378840][ T286] RIP: 0033:0x7f0c4038fc97 [ 36.383251][ T286] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 36.402850][ T286] RSP: 002b:00007fff8f84ccf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 36.411260][ T286] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0c4038fc97 [ 36.419223][ T286] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff8f84cdb0 [ 36.427189][ T286] RBP: 00007fff8f84cdb0 R08: 0000000000000000 R09: 0000000000000000 [ 36.435154][ T286] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff8f84de40 [ 36.443120][ T286] R13: 00007f0c4041089d R14: 0000000000008aa5 R15: 00007fff8f84de80 [ 36.451098][ T286] [ 36.454114][ T286] Modules linked in: [ 36.458024][ T286] CR2: 0000000000000170 [ 36.462162][ T286] ---[ end trace 0000000000000000 ]--- [ 36.467602][ T286] RIP: 0010:ihold+0x26/0x60 [ 36.472106][ T286] Code: 33 36 7c df 55 48 89 e5 41 56 53 48 89 fb e8 e1 90 ac ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 b0 e5 f0 ff 41 be 01 00 00 00 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 d1 [ 36.491702][ T286] RSP: 0018:ffffc9000db57c78 EFLAGS: 00010246 [ 36.497763][ T286] RAX: ffff88811eff2800 RBX: 0000000000000000 RCX: ffff88811eff2880 [ 36.505726][ T286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 36.513686][ T286] RBP: ffffc9000db57c88 R08: dffffc0000000000 R09: fffffbfff0f2ccfd [ 36.521647][ T286] R10: fffffbfff0f2ccfd R11: 1ffffffff0f2ccfc R12: ffff8881257d2294 [ 36.529604][ T286] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000 [ 36.537558][ T286] FS: 000055558ea64500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 36.546476][ T286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 36.553053][ T286] CR2: 0000000000000170 CR3: 00000001303b9000 CR4: 00000000003526b0 [ 36.561023][ T286] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 36.568983][ T286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 36.576944][ T286] Kernel panic - not syncing: Fatal exception [ 36.583309][ T286] Kernel Offset: disabled [ 36.587618][ T286] Rebooting in 86400 seconds..