last executing test programs: 8.069385377s ago: executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=@framed={{}, [@printk={@x}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r0}, 0x10) r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000000c0)='./file0\x00') 8.052916469s ago: executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e7d, 0x2d5a, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0xc}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000580)={0x2c, &(0x7f0000000300)={0x0, 0x0, 0x5, {0x5, 0x0, "ff4e4a"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 6.417099939s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001280)=@base={0x2, 0x4, 0x2, 0xc}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0) 6.395982802s ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000640)='./file0\x00', 0x30148d0, &(0x7f0000000000)={[{@discard}, {@barrier_val={'barrier', 0x3d, 0x1000}}, {@grpjquota}, {@norecovery}, {@noauto_da_alloc}]}, 0x3, 0x4d0, &(0x7f0000000680)="$eJzs3d9rW9cdAPDvle3ESZzZ2faQBZaFLcMJWyQ7XhKzh8yDsT0FlmXvnmfLxli2jCUnsQnDYX9AofQX7VOf+lLoH1Ao+RNKIdC+l1JaQpukD31oqyL5qjGubMuNLSXW5wPH99wf8vd7JHSkc89FN4COdSYixiKiKyLOR0R/uj2TllhbL9XjHj28M1ktSVQqN75IIkm31f9Xki6PpQ/rjYh//SPiv8mP45ZWVucmCoX8UrqeK88v5korqxdm5ydm8jP5hbGR4cujV0YvjQ7tWVuv/u3TV1546+9X3/vjrY/HPz/3v2pafem+je1oxlqTx603vaf2XNR1R8TSboI9w7rS9vS0OxEAAJpS/Y7/84j4bUQ8fr3d2QAAAAD7ofKXvvgmiagAAAAAB1amdg1sksmm1wL0RSaTza5fw/vLOJopFEvlP0wXlxem1q+VHYiezPRsIT+UXis8ED1JdX24Vn+yfnHT+khEnIiIl/qP1Nazk8XCVLtPfgAAAECHOLZp/P9V//r4HwAAADhgBtqdAAAAALDvjP8BAADg4Nty/J90tzYRAAAAYD/889q1aqnU7389dXNlea5488JUvjSXnV+ezE4WlxazM8XiTO03++Z3+n+FYnHxT7GwfDtXzpfKudLK6vh8cXmhPF67r/d43n2iAQAAoPVO/ObeR0lErP35SK1UHUr3NTFWH9vf7ID9lNnd4cl+5QG0Xle7EwDaxgW+0LnMxwM7DOxf3rS+y9MGAADAs2DwV081/28+EJ5jBvLQucz/Q+cy/w+dy/w/dLjDOx/Su9WO9/c4FwAAYN/01UqSyaZzgX2RyWSzEcdrtwXoSaZnC/mhiPhZRHzY33O4uj7c7qQBAAAAAAAAAAAAAAAAAAAAAAAA4DlTqSRRAQAAAA60iMxnSXoj/8H+s32bzw8cSr7ury27Im69cePV2xPl8tJwdfuX69sjovxauv1iO85gAAAAAJvVx+n1cTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7KVHD+9M1ksr4z74a0QMNIrfHb21ZW/0RMTRx0l0b3hcEhFdexB/7W5EnGwUP6mmFQNpFpvjZyLiSJvjH9uD+NDJ7lX7n7FG779MnKktG7//utPytB6c2ar/y/zQ/3Vt0f8dbzLGqfvv5LaMfzfiVHfj/qceP3nK/vc//15d3Wpf5c2IwYafP0mla0OsXHl+MVdaWb0wOz8xk5/JL4yMDF8evTJ6aXQoNz1byKd/G8Z48dfvfrdd+482jl/rf7dr/9km2//t/dsPf7FN/HO/a/z6n9wmfvW5+X36OVDdP1ivr63XNzr99gent2v/1Bbt3+n1P9dk+89f//8nTR4KALRAaWV1bqJQyC+1onI4IloVS2XvKtUvgs9AGio/oXI9faPv+uFt7pgAAIA99+RLf7szAQAAAAAAAAAAAAAAAAAAgM7Vih8h2xivt31NBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY1vcBAAD//4/p0B8=") bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) rename(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file1\x00') ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'team0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000240)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRESDEC=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32=r3, @ANYRESHEX=r1, @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000180)='sys_enter\x00', r4}, 0x10) r5 = socket(0x1e, 0x1, 0x0) connect$tipc(r5, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) sendmmsg$unix(r5, &(0x7f0000004400), 0x400000000000203, 0x0) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCOUTQ(r6, 0x4b4b, &(0x7f0000000100)) removexattr(0x0, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xc, 0x4, &(0x7f0000000480)=ANY=[@ANYRESDEC=r0], 0x0, 0x10000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, r7, 0x0, 0x0, 0x0, 0x0}, 0x90) io_uring_register$IORING_REGISTER_ENABLE_RINGS(0xffffffffffffffff, 0xc, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 6.199393102s ago: executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) mount(0x0, 0x0, &(0x7f0000000000)='configfs\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001480)=@base={0x12, 0x22, 0x4, 0x6}, 0x48) r2 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000), &(0x7f0000000100)=@udp=r2}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f00000011c0)={r1, &(0x7f00000002c0), &(0x7f0000000000)=@udp}, 0x20) syz_usb_control_io$hid(r0, 0x0, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10) r6 = syz_io_uring_setup(0xd8, &(0x7f0000000000)={0x0, 0x0, 0x40}, &(0x7f0000000080), &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_RESTRICTIONS(r6, 0xb, &(0x7f0000000100), 0x0) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newsa={0x154, 0x10, 0x633, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@empty, 0x4d5, 0x32}, @in=@multicast1, {}, {0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0xa, 0x1, 0x0, 0x4}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x4, {0x2, 0x0, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}]}, 0x154}}, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x7, 0x10000, 0x9}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r7}, &(0x7f0000000940), &(0x7f0000000980)}, 0x20) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x10) syz_usb_control_io(r0, 0x0, 0x0) r9 = syz_io_uring_setup(0xb1b, &(0x7f00000012c0)={0x0, 0x0, 0x40}, &(0x7f0000001340), &(0x7f0000001380)) io_uring_register$IORING_REGISTER_RESTRICTIONS(r9, 0xb, &(0x7f00000013c0)=[@ioring_restriction_sqe_op, @ioring_restriction_sqe_flags_required, @ioring_restriction_sqe_flags_allowed, @ioring_restriction_register_op, @ioring_restriction_sqe_op], 0x5) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="18", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$nl_route(0x10, 0x3, 0x0) socket(0x25, 0x803, 0x0) 5.046073519s ago: executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) mount(0x0, 0x0, &(0x7f0000000000)='configfs\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001480)=@base={0x12, 0x22, 0x4, 0x6}, 0x48) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) syz_usb_control_io(r0, 0x0, 0x0) 4.558223183s ago: executing program 3: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000040000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000fbb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) timer_create(0x0, 0x0, &(0x7f0000000600)) timer_delete(0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESDEC, @ANYBLOB="0000000000000000b7080000000006007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001", @ANYRESDEC=r1], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x6, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000001000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat2$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', &(0x7f00000003c0)={0x48000, 0x18, 0x6}, 0x18) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) close(r3) 4.493276313s ago: executing program 3: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000a40)={0x2c, &(0x7f0000000980)={0x0, 0x0, 0x5, {0x5, 0x0, "ec2dcd"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4, 0x5}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r1, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0003"], 0x0, 0x0}, 0x0) 4.45013099s ago: executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000a40)={0x2c, &(0x7f0000000980)={0x0, 0x0, 0x2, {0x2}}, &(0x7f0000000500)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x423}}, &(0x7f0000000b40)={0x0, 0xf, 0x123, {0x5, 0xf, 0x123, 0x3, [@generic={0xd4, 0x10, 0xf, "25adc1bc2b1851669417571eea53c5ef4ceb866db17e25c36fe1600ffd40ce75f8be72b43443fd88a40d36d08e7c6e20216bcbfe215a9c0ace9382f795752b9f662f9f0a5714f611e977d8c9ec1293a87b50c892d2a6d016ecda60cdd3ac3a98c6ff6cf5b49d6f90ab9825db4900d890b4ef2a73c1c4c116636c28bc5593da74a3945a5f3bc901b1068691f84c9d55f5b1d27e3b417344ee97aca3fac15014de397517e40a5fb1d03841585335df7cd7c2b13e121f628866871ee8c9a93c0a81f9bfded49809d12fcf2a65b53b34332e2c"}, @generic={0x3, 0x10, 0xb}, @generic={0x47, 0x10, 0x0, "3e35fb6407a1ccd9bbba61aa325d93e61715085722be47900c2c1485a42c425bad83d5726a4f1c20dae88cf0bdbcc947eb7d3bd62cf7c4cb31368a2e29896baf533ce58b"}]}}, &(0x7f00000007c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x1f, 0x3, 0x5, 0xe0, "1bbbab49", "6d36f152"}}, &(0x7f0000000800)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x1, 0x0, 0x6, 0x1, 0x2, 0x8, 0x8cb5}}}, &(0x7f00000010c0)={0x84, &(0x7f0000000a80)={0x0, 0x15, 0x11, "2040d3738b8db09fc7c2afdb4f6bd2c395"}, &(0x7f0000000ac0)={0x0, 0xa, 0x1, 0x3f}, &(0x7f0000000cc0)={0x0, 0x8, 0x1, 0x3f}, &(0x7f0000000d00)={0x20, 0x0, 0x4, {0x3, 0x1}}, &(0x7f0000000d40)={0x20, 0x0, 0x4, {0xa0, 0x250a49877da5188f}}, &(0x7f0000000d80)={0x40, 0x7, 0x2, 0xd4ba}, &(0x7f0000000dc0)={0x40, 0x9, 0x1, 0x7}, &(0x7f0000000e00)={0x40, 0xb, 0x2, "7fa3"}, &(0x7f0000000e40)={0x40, 0xf, 0x2, 0x4}, &(0x7f0000000e80)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f0000000ec0)={0x40, 0x17, 0x6, @link_local}, &(0x7f0000000f80)={0x40, 0x19, 0x2, "d2d0"}, &(0x7f0000000fc0)={0x40, 0x1a, 0x2, 0x8}, &(0x7f0000001000)={0x40, 0x1c, 0x1, 0x40}, &(0x7f0000001040)={0x40, 0x1e, 0x1, 0x40}, &(0x7f0000001080)={0x40, 0x21, 0x1, 0x7}}) syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000200)={0x0, 0x0, 0x5, {0x5, 0x0, "a8c6df"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0003"], 0x0, 0x0}, 0x0) 3.199426591s ago: executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000a40)={0x2c, &(0x7f0000000980)={0x0, 0x0, 0x5, {0x5, 0x0, "ec2dcd"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4, 0x5}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r1}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000440)=@framed, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0003"], 0x0, 0x0}, 0x0) 2.227940959s ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x0, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000200), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400}) futex(&(0x7f0000004000), 0x5, 0x0, 0x0, &(0x7f0000004000), 0x82020000) 2.208988302s ago: executing program 4: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000040000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000fbb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10) timer_create(0x0, 0x0, &(0x7f0000000600)) timer_delete(0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESDEC, @ANYBLOB="0000000000000000b7080000000006007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001", @ANYRESHEX, @ANYRESDEC=r2], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x6, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000001000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r5 = inotify_init1(0x0) fcntl$setown(r5, 0x8, 0xffffffffffffffff) fcntl$getownex(r5, 0x10, &(0x7f0000000000)={0x0, 0x0}) fcntl$setown(r4, 0x8, r6) socket$igmp(0x2, 0x3, 0x2) r7 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$TIOCSBRK(r7, 0x5427) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) close(r8) 2.204749823s ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x19, 0x4, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x51}]}, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) 2.139229013s ago: executing program 3: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000040000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000fbb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10) timer_create(0x0, 0x0, &(0x7f0000000600)) timer_delete(0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESDEC, @ANYBLOB="0000000000000000b7080000000006007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001", @ANYRESHEX, @ANYRESDEC=r2], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x6, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000001000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r5 = inotify_init1(0x0) fcntl$setown(r5, 0x8, 0xffffffffffffffff) fcntl$getownex(r5, 0x10, &(0x7f0000000000)={0x0, 0x0}) fcntl$setown(r4, 0x8, r6) socket$igmp(0x2, 0x3, 0x2) r7 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$TIOCSBRK(r7, 0x5427) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) close(r8) 2.132869224s ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) close(r2) 2.117065636s ago: executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000000040)='./file1\x00', 0x1000, 0x1) r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') linkat(r0, &(0x7f0000000100)='./file1\x00', r1, &(0x7f0000000240)='./file0\x00', 0x0) r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) mkdirat(r2, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0) r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r4 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) renameat2(r3, 0x0, r4, &(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x2) 2.102783978s ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) close(r2) 2.082375212s ago: executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020100008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000200), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400}) futex(&(0x7f0000004000), 0x5, 0x0, 0x0, &(0x7f0000004000), 0x82020000) 2.061021735s ago: executing program 3: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc086, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) syz_usb_control_io(r0, &(0x7f0000000600)={0x2c, &(0x7f00000003c0)={0x0, 0x0, 0x6, {0x6, 0x0, "849517d9"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 2.048399997s ago: executing program 2: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) mount(0x0, 0x0, &(0x7f0000000000)='configfs\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001480)=@base={0x12, 0x22, 0x4, 0x6}, 0x48) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) syz_usb_control_io(r0, 0x0, 0x0) 2.02928581s ago: executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc086, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) ioctl$GIO_CMAP(0xffffffffffffffff, 0x4bfa, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000009c0)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10) syz_usb_control_io(r0, &(0x7f0000000600)={0x2c, &(0x7f00000003c0)={0x0, 0x0, 0x6, {0x6, 0x0, "849517d9"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 2.015947982s ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400}) close(r2) 1.989596706s ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x0, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000200), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400}) futex(&(0x7f0000004000), 0x5, 0x0, 0x0, &(0x7f0000004000), 0x82020000) 1.969883449s ago: executing program 4: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000a40)={0x2c, &(0x7f0000000980)={0x0, 0x0, 0x5, {0x5, 0x0, "ec2dcd"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4, 0x5}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r1, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0003"], 0x0, 0x0}, 0x0) 900.123953ms ago: executing program 0: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000040000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000fbb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) timer_create(0x0, 0x0, &(0x7f0000000600)) timer_delete(0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRESDEC, @ANYBLOB="0000000000000000b7080000000006007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001", @ANYRESDEC=r1], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x6, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000001000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat2$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', &(0x7f00000003c0)={0x48000, 0x18, 0x6}, 0x18) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) close(r3) 848.93358ms ago: executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc086, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) ioctl$GIO_CMAP(0xffffffffffffffff, 0x4bfa, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000009c0)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10) syz_usb_control_io(r0, &(0x7f0000000600)={0x2c, &(0x7f00000003c0)={0x0, 0x0, 0x6, {0x6, 0x0, "849517d9"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 244.028603ms ago: executing program 2: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000040000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000fbb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10) timer_create(0x0, 0x0, &(0x7f0000000600)) timer_delete(0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESDEC, @ANYBLOB="0000000000000000b7080000000006007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001", @ANYRESHEX, @ANYRESDEC=r2], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x6, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000001000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r5 = inotify_init1(0x0) fcntl$setown(r5, 0x8, 0xffffffffffffffff) fcntl$getownex(r5, 0x10, &(0x7f0000000000)={0x0, 0x0}) fcntl$setown(r4, 0x8, r6) socket$igmp(0x2, 0x3, 0x2) r7 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$TIOCSBRK(r7, 0x5427) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) close(r8) 177.461143ms ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1807000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0xa, 0x4, 0x8, 0x48}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000940)={{r0}, &(0x7f00000008c0), &(0x7f0000000900)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) fcntl$lock(r3, 0x26, &(0x7f0000000000)) creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r4 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r4, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001c40)=ANY=[@ANYBLOB="4800000010000104000000000000004ede33f57a099ae50000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010065727370616e00000c00028008000700000000000a000100aaaaaaaaaaaa0000"], 0x48}}, 0x0) r6 = open(&(0x7f00000001c0)='.\x00', 0x0, 0x0) mkdirat(r6, &(0x7f00000003c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000080)='./bus\x00', 0x200800, &(0x7f0000000500)=ANY=[@ANYBLOB='dmask=00000000000000000000004,iocharset=cp737,allow_utime=00000000000000000000006,dmask=00000000000000000000011,uid=', @ANYRESHEX=0x0, @ANYBLOB=',errors=remount-ro,allow_utime=00000000000000000000001,discard,discard,dmask=00000000000000000000002,smackfsfloor=iocharset,fowner>', @ANYRESDEC=0xee00, @ANYBLOB="01105b4e3678684895c48ddc295ff5b35ee2aea6f6d5aec39a4f7a46712f29977aca5268721559904b5123461e0d81b1d48d3ea4ca8b410a4b00e4b1b83018d0672589e8ff8145c2647a7097259c8fc053ce83f29a9941921a0e87ea41a9d39ce160792e9b2c1a"], 0x2, 0x1518, &(0x7f0000002280)="$eJzs3AuYjVX7MPD7Xms9Y0jaTXIY1lr3wyaHZZIkhyQ5JEmSJDklJE3ySl4khpCkIQnJYUgOQ0gOE5PG+Xw+JknSJElITsn6rgmft7f63n/f2//1v/5z/67rufa693rWetba97Nnr+fZM/Nt16G1mtSu3oiI4N+CFx+SACAWAAYCwHUAEABA+bjycVn1OSUm/XsHYX+th1Ov9gjY1cT5z944/9kb5z974/xnb5z/7I3zn71x/rM3zj9j2dnm6QWv5y37bnz/Pzvjz///RTLLjP1ybZkbu/2JJpz/7I3z/79W8F/ZifOfvXH+szfOf/bG+c8OcvxhDec/u7p4TnD+GcvOrvb9Z96u7na1zz/GGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY9nDGX+FAoDL5as9LsYYY4wxxhhjjP11fI6rPQLGGGOMMcYYY4z990MQIEFBADGQA2IhJ+QCAQDXQh64DiJwPcTBDZAXboR8kB8KQEGIh0JQGDQYsEAQQhEoClEoBsXhJigBJaEUlAYHZSABboaycAuUg1uhPNwGFeB2qAiVoDJUgTugKtwJ1eAuqA53Qw2oCbWgNtwDdeBeqAv3QT24H+rDA9AAHoSG8BA0goehMTwCTeBRaAqPQTNoDi2gJbT6/2r/AvSEF6EX9IYk6AN94SXoB/3/7ysyCF6FwfAaJMMQGAqvwzB4A4bDmzACRsIoeAtGw9swBsbCOBgPKTABJsI7MAnehckwBabCNEiF6TAD3oOZMAtmw/swBz6AuTAP5sMCSIMPYSEsgnT4CBbDx5ABS2ApLIPlsAJWwipYDWtgLayD9bABNsIm2AxbYCtsg+2wA3bCLtgNn8Ae+BT2wmewDz7/k+1P/1P7bggIKFCgQoUxGIOxGIu5MBfmxtyYB/NgBCMYh3GYF/NiPsyHBbAAxmM8FsbCaNAgIWERLIJRjGJxLI4lsASWwlLo0GECJmBZvAXLYTksj+WxAlbAilgJK2EVrIJVsSpWw2pYHatjDayBtbAW3oP3YB+si3WxHtbD+lj/8u0pbISNsDE2xibYBJtiU2yGzbAFtsBW2ApbY2tsg22wHbbD9tgeO2AHTMRE7IgdsRN2ws7YGbtgF+yKXbEbdsfu+EIOwBfxReyNNUQf7It9sR8m5xiAL+PL+AoOwlfxVXwNk3EIDsXX8XV8A4fjKRyBI3EUjsKqvjcAjkUS4zEFU3AiTsRJOAkn4xScgtMwFafjDJyBM3EWzsL3cQ5+gB/gPJyHCzAN03AhLsJ0TMfFeBozcAkuxWW4HFfgclyFq3EVrsV1uBY34AbchJtwC27BbbgNd+AO3IUKAD/BT/FTTMZ9uA/34348gAfwIB7ETMzEQ3gID+NhPIJH8CgexWN4HE/gcTyJJ/EUnsYzeAbP4Tk8j8/Hf914V8k1ySCyKKFEjIgRsSJW5BK5RG6RW+QReURERESciBN5RV6RT+QTBUQBES/iRWFRWBhhBIkwBgBEVERFcVFclBAlRClRSjjhRIJIEGVFWVFOlBPlxW2igrhdVBSVRFtXRVQRVUU7V03cJaqL6qKGqClqidqitqgj6oi6oq6oJ+qJ+qK+aCAeFA1FHxyAD4uszDQRQ7CpGIrNRHMhL71fW4vh2Ea0Fe3Ek2IkjsAOorVLFM+IjmIMdhJ/E2PxOdFFjMeu4u+im+gueogXRE/RxvUSvcVk7CP6imnYT/QXA8TLYibWFO/jnJy1xGsiWQwRQ8XrYgG+IYaLN8UIMVKMEm+J0eJtMUaMFePEeJEiJoiJ4h0xSbwrJospYqqYJlLFdDFDvCdmillitnhfzBEfiLlinpgvFog08aFYKBaJdPGRWCw+FhliiVgqlonlYoVYKVaJ1WKNWCvWifVig9goNonNYovYKraJ7WKH2Cl2id3iE7FHfCr2is/EPvG52C++EAfEl+Kg+Epkiq/FIfGNOCy+FUfEd+Ko+F4cE8fFCfGDOCl+FKfEaXFGnBXnxE/ivPhZXBBegEQppJRKBjJG5pCxMqfMJa+RuWVw6dW9XsbJG2ReeaPMJ/PLArKgjJeFZGGppZFWkgxlEVlURmUxWVzeJEvIkrKULC2dLCMT5M2yrLxFlpO3yvLyNllB3i4rykqysqwi75BV5Z0SIhePUUPWlLVkbXmPrCPvlXXlfbKevF/Wlw/IBvJB2VA+JBvJh2Vj+YhsIh+VTeVjsplsLlvIlrKVfFy2lk/INrKtbCeflO3lU7KDfFomymdkR+kvnSLPyS7yedlV/l12k91lD/mzvCC97CV7S4A+sq98SfaT/eUA+bIcKF+Rg+SrcrB8TSbLIXKofF0Ok2/I4fJNOUKOlKPkW3K0fFuOkWPlODlepsgJcqJ8R06S78rJcoqcKqfJVDldDrjU02wp/2X7d36n/eBfjr5JbpZb5Fa5TW6XO+ROuUvulrvlHrlH7pV75T65T+6X++UBeUAelAdlpsyUh+QheVgelkfkEXlUHpXH5HF5Vv4gT8of5Sl5Wp6WZ+U5eU6ev/QagEIllFRKBSpG5VCxKqfKpa5RudW1Ko+6TkXU9SpO3aDyqhtVPpVfFVAFVbwqpAorrYyyilSoiqiiKqqK4aUTRpVSpZVTZVSCuvnPtFfF1U2qhCr5q/aXx6f/YHytVCvVWrVWbVQb1U61U+1Ve9VBdVCJKlF1VB1VJ9VJdVadVRfVRXVVXVU31U31UD1UT9VT9VK9VJJKUn3VS6qf6q8GqJfVQPWKGqQGqcFqsEpWyWqoGqqGqWFquBquRqgRapQapUar0WqMGqPGqXEqRaWoiWqimqQmqclqspqqpqpUlapmqBlqppqpZqvZao6ao+aquWq+mq/SVJpaqBaqdJWuFqvFKkMtUUvUMrVMrVAr1Cq1Sq1Ra9Q6tU5tUBtUhtqsNqutaqvarrarnWqn2q12qz1qj9qr9qp9ap/ar/arA+qAOqgOqkyVqQ6pQ+qwOqyOqCPqqDqqjqlj6oQ6oU6qk+qUOqXOqDPqnDqnzqvz6oK6kLXsC0QgAhWoICaICWKD2CBXkCvIHeQO8gR5gkgQCeKCuCBvcGOQL8gfFAgKBvFBoaBwoAMT2EBcSno0KBYUD24KSgQlg1JB6cAFZYKE4OagbHBLUC64NSgf3BZUCG4PKgaVgspBleCOoGpwZ1AtuCuoHtwd1AhqBrWC2sE9QZ3g3qBucF9QL7g/qB88EDQIHgwaBg8FjYKHg8bBI0GT4NGgafBY0CxoHrQIWgat/tL+vT+V/wnXS/fWSbqP7qtf0v10fz1Av6wH6lf0IP2qHqxf08l6iB6qX9fD9Bt6uH5Tj9Aj9Sj9lh6t39Zj9Fg9To/XKXqCnqjf0ZP0u3qynqKn6mk6VU/XM/R7eqaepWfr9/Uc/YGeq+fp+XqBTtMf6oV6kU7XH+nF+mOdoZfopXqZXq5X6JV6lV6t1+i1ep1erzfojXqT3qy36K16m96ud+idepferT/Re/Sneq/+TO/Tn+v9+gt9QH+pD+qvdKb+Wh/S3+jD+lt9RH+nj+rv9TF9XJ/QP+iT+kd9Sp/WZ/RZfU7/pM/rn/UF7bMW91kf70YZZWJMjIk1sSaXyWVym9wmj8ljIiZi4kycyWvymnwmnylgCph4E28Km8ImCxkyRUwREzVRU9wUNyVMCVPKlDLOOJNgEkxZU9aUM+VMeVPeVDAVTEVT0VQ2lc0d5g5zp7nT3GXuMnebu01NU9PUNrVNHVPH1DV1TT1Tz9Q39U0D08A0NA1NI9PINDaNTRPTxDQ1TU0z08y0MC1MK9PKtDatTRvTxrQz7Ux70950MB1Mokk0HU1H08l0Mp1NZ9PFdDFdTVfTzXQzPUwP09P0NL1ML5Nkkkxf09f0M/3MADPADDQDzSAzyAw2g02ySTZDzVAzzAwzw81wM8KMNKOyFqrmbTPGjDXjzHiTYlLMRDPRTDKTzGQz2Uw13qSaVDPDzDAzzUwz28w2c8wcM9fMNfPNfJNm0sxCs9Ckm3Sz2Cw2GSbDLDVLzXKz3Kw0K81qs9qsNWvNelhvNpqNZrPZbLaarWa72W52mp1mt9lt9pg9Zq/Za/aZfWa/2W8OmAPmoDloMk2mOWQOmcPmsDlijpij5qg5Zo6ZE+aEOWlOmlPmlDljzphzJv+lz0tvYm1Om8teY3Pba20ee53957iALWjjbSFb2Gqbz+b/VWystSVsSVvKlrbOlrEJ9ubfxBVtJVvZVrF32Kr2TlvtN3Ede6+ta++z9ez9tra951dxffuAbWAftQ0RAWxz29i2tE3so7apfcw2s81tC9vStrdP2Q72aZton7Ed7bO/iRfaRXa1XWPX2nV2j/3UnrFn7WH7rT1nf7K9bG870L5iB9lX7WD7mk22Q34Tj7Jv2dH2bTvGjrXj7PjfxFPtNJtqp9sZ9j070876TZxmP7RzbLqda+fZ+XbBL3HWmNLtR3ax/dhm2CV2qV1ml9sVdqVddXmsl7+tt7vtJ3ar3Wa32x12p931S5w1j732M7vPfm4P2W/sAfulPWiP2Ez79S9x1vyO2O/sUfu9PWaP2xP2B3vS/mhP2dO/zD9r7j/Yn+0F6y0QEpAkRQHFUA6KpZyUi66h3HQt5aHrKELXUxzdQHnpRspH+akAFaR4KkSFSZMhS0QhFaGiFKVidHmdXopKk6MylEA3U1m6hcrRrVSebqMKdDtVpEpUmarQHVSV7qRqdBdVp7upBtWkWlSb7qE6dC/VpfuoHt1P9ekBakAPUkN6iBrRw9SYHqEm9Cg1pceoGTWnFtSSWtHj1JqeoDbUltrRk9SenqIO9DQl0jPUkZ6lTvQ36kzPURd6nrrS36kbdace9AL1pBepF/WmJOpDfekl6kf9aQC9TAPpFRpEr9Jgeo2SaQgNpddpGL1Bw+lNGkEjaRS9RaPpbRpDY2kcjacUmkAT6R2aRO/SZJpCU2kapdJ0mkHv0UyaRbPpfZpDH9BcmkfzaQGl0Ye0kBZROn1Ei+ljyqAltJSW0XJaQStpFa2mNbSW1tF62kAbaRNtpi20lbbRdtpBO2kX7aZPaA99SnvpM9pHn9N++oIO0Jd0kL6iTPqaDtE3dJi+pSP0ne9N39MxOk4n6Ac6ST/SKTpNZ+gsnaOf6Dz9TBfIE4QYilCGKgzCmDBHGBvmDHOF14S5w2vDPOF1YSS8PowLbwjzhjeG+cL8YYGwYBgfFgoLhzo0oQ0pDMMiYdEwGhYLi4c3hSXCkmGpsHTowjJhQnhzWDa8JSwX3hqWD28LK4S3hxXDSuGj91cJ7wirhneG1cK7wurh3WGNsGZYK6wd3hPWCe8N64b3hfXC+8Ny4QNhg/DBsGH4UNgofDhsHD4SNgkfDZuGj4XNwuZhi7Bl2Cp8PGwdPhG2CduG7cInw/bhU2GH8OkwMXwm7Bg++0v9A4v+uD4p7BP2DV8KXwq9v0/Ojy6IpkU/jC6MLoqmRz+KLo5+HM2ILokujS6LLo+uiK6Mroqujq6Jro2ui66PbohujG6Kel87Bzh0wkmnXOBiXA4X63K6XO4al9td6/K461zEXe/i3A0ur7vR5XP5XQFX0MW7Qq6w084468iFrogr6qKumCvubnIlXElXypV2zpVxCa6la+VaudbuCdfGtXXt3JPuSfeUe8o97Z52z7iO7lnXyf3NdXbPuS7ueRUD4Lq57q6He8H1dBPyXHxPJrm+rq/r5/q5AW6AG+gGukFukBvsBrtkl+yGuqFumBvmhrvhboTLCQCj3Gg32o1xY9w4N86luBQ30U10k9wkN9lNdlPdVJfqUt0MN8PNdDNd1VkXjzLXzXXz3XyX5tLcQpe1Zkx3i91il+Ey3FK31C13y91Kt9KtdqvdWrfWrXfr3Ua30W12m91Wt9Vtd9vdTrfT7Xa73R5/3cVO3T633+13B9wBd9B95TLd1+6Q+8Yddt+6I+47d9R974654+6E+8GddD+6U+60O+POunPuJ3fe/ewuOO9SIhMiEyPvRCZF3o1MjkyJTI1Mi6RGpkdmRN6LzIzMisyOvB+ZE/kgMjcyLzI/siCSFvkwsjCyKJIe+SiyOPJxJCOyJLI0siyyPLIi4n2hraEv4ov6qC/mi/ubfAlf0pfypb3zZXyCv9mX9bf4cv5WX97f5iv4231FX8lX9o/5Zr65b+Fb+lb+cd/aP+Hb+La+nX/St/dP+Q7+aZ/on/Ed/bO+k/+b7+yf8138876r/7vv5rv7Hv4F39O/6Hv53j7J9/F9/Uu+n+/vB/iX/UD/ih/kX/WD/Ws+2Q/xQ/3rfph/ww/3b/oRfqQfFfOWH335EhnG+xQ/wU/07/hJ/l0/2U/xU/00n+qn+xn+PT/Tz/Kz/ft+jv8Akvw8P98v8Gn+Q7/QL/Lp/iO/2H/sM/ySy7dQ/Uq/yq/2a/xav86v9xv8Rr/Jb/Zb/Fa/zW/3O/xOv8vv9p/4Pf5Tv9d/5vf5z/1+/4U/4L/0B/1XPtN/7Q/5b/xh/60/4r/zR/33/pg/7k/4H/xJ/6M/5U/7M/6sP+d/8uf9z/4C/80aY4wxxth/yYQrRfF79X1+5znxDzv3BYBrtxXM/Mf6rBXl+nwXy/1FfPsIADzTu+vDl7caNZKSki7tmyEhKDoP4PI3QVli4Eq8BNrBU5AIbaHs746/v+h+jv5F/9HbAHL9Q5tYuBJf6f+LP+j/8SdHLawQnon7f/Q/D6BE0Sttsq6TLsdLoJ3KemwL5f6g//yt/8X4c36ZAtDmH9rkhivxlfEnwBPwLCT+ak/GGGOMMcYYY+yi/qJy58vXn5d/4/P3rs/j1ZU2OeBK/K+uzxljjDHGGGOMMXb1Pde9x9OPX1OsbedfComJf6JQ7c/szIXfK3j4HzGMiwXvAS4/owDg3+wQ4JfCuP/gLLb8R46VfOmt889Vy8/6AP5npPKvKFzlH0yMMcYYY4yxv9yVRf+vn1dXa0CMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxlg29J/4d2JXe46MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcbY1fZ/AgAA//81OQSC") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) 51.036562ms ago: executing program 3: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc086, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) ioctl$GIO_CMAP(0xffffffffffffffff, 0x4bfa, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000009c0)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10) syz_usb_control_io(r0, &(0x7f0000000600)={0x2c, &(0x7f00000003c0)={0x0, 0x0, 0x6, {0x6, 0x0, "849517d9"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 0s ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000640)='./file0\x00', 0x30148d0, &(0x7f0000000000)={[{@discard}, {@barrier_val={'barrier', 0x3d, 0x1000}}, {@grpjquota}, {@norecovery}, {@noauto_da_alloc}]}, 0x3, 0x4d0, &(0x7f0000000680)="$eJzs3d9rW9cdAPDvle3ESZzZ2faQBZaFLcMJWyQ7XhKzh8yDsT0FlmXvnmfLxli2jCUnsQnDYX9AofQX7VOf+lLoH1Ao+RNKIdC+l1JaQpukD31oqyL5qjGubMuNLSXW5wPH99wf8vd7JHSkc89FN4COdSYixiKiKyLOR0R/uj2TllhbL9XjHj28M1ktSVQqN75IIkm31f9Xki6PpQ/rjYh//SPiv8mP45ZWVucmCoX8UrqeK88v5korqxdm5ydm8jP5hbGR4cujV0YvjQ7tWVuv/u3TV1546+9X3/vjrY/HPz/3v2pafem+je1oxlqTx603vaf2XNR1R8TSboI9w7rS9vS0OxEAAJpS/Y7/84j4bUQ8fr3d2QAAAAD7ofKXvvgmiagAAAAAB1amdg1sksmm1wL0RSaTza5fw/vLOJopFEvlP0wXlxem1q+VHYiezPRsIT+UXis8ED1JdX24Vn+yfnHT+khEnIiIl/qP1Nazk8XCVLtPfgAAAECHOLZp/P9V//r4HwAAADhgBtqdAAAAALDvjP8BAADg4Nty/J90tzYRAAAAYD/889q1aqnU7389dXNlea5488JUvjSXnV+ezE4WlxazM8XiTO03++Z3+n+FYnHxT7GwfDtXzpfKudLK6vh8cXmhPF67r/d43n2iAQAAoPVO/ObeR0lErP35SK1UHUr3NTFWH9vf7ID9lNnd4cl+5QG0Xle7EwDaxgW+0LnMxwM7DOxf3rS+y9MGAADAs2DwV081/28+EJ5jBvLQucz/Q+cy/w+dy/w/dLjDOx/Su9WO9/c4FwAAYN/01UqSyaZzgX2RyWSzEcdrtwXoSaZnC/mhiPhZRHzY33O4uj7c7qQBAAAAAAAAAAAAAAAAAAAAAAAA4DlTqSRRAQAAAA60iMxnSXoj/8H+s32bzw8cSr7ury27Im69cePV2xPl8tJwdfuX69sjovxauv1iO85gAAAAAJvVx+n1cTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7KVHD+9M1ksr4z74a0QMNIrfHb21ZW/0RMTRx0l0b3hcEhFdexB/7W5EnGwUP6mmFQNpFpvjZyLiSJvjH9uD+NDJ7lX7n7FG779MnKktG7//utPytB6c2ar/y/zQ/3Vt0f8dbzLGqfvv5LaMfzfiVHfj/qceP3nK/vc//15d3Wpf5c2IwYafP0mla0OsXHl+MVdaWb0wOz8xk5/JL4yMDF8evTJ6aXQoNz1byKd/G8Z48dfvfrdd+482jl/rf7dr/9km2//t/dsPf7FN/HO/a/z6n9wmfvW5+X36OVDdP1ivr63XNzr99gent2v/1Bbt3+n1P9dk+89f//8nTR4KALRAaWV1bqJQyC+1onI4IloVS2XvKtUvgs9AGio/oXI9faPv+uFt7pgAAIA99+RLf7szAQAAAAAAAAAAAAAAAAAAgM7Vih8h2xivt31NBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY1vcBAAD//4/p0B8=") bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) rename(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file1\x00') ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'team0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000240)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRESDEC=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32=r3, @ANYRESHEX=r1, @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000180)='sys_enter\x00', r4}, 0x10) r5 = socket(0x1e, 0x1, 0x0) connect$tipc(r5, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) sendmmsg$unix(r5, &(0x7f0000004400), 0x400000000000203, 0x0) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCOUTQ(r6, 0x4b4b, &(0x7f0000000100)) removexattr(0x0, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xc, 0x4, &(0x7f0000000480)=ANY=[@ANYRESDEC=r0], 0x0, 0x10000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, r7, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = io_uring_setup(0x6d2e, &(0x7f0000000000)={0x0, 0x0, 0x8c0}) io_uring_register$IORING_REGISTER_RESTRICTIONS(r8, 0xb, &(0x7f0000000080)=[@ioring_restriction_register_op={0x0, 0x6}], 0x1) io_uring_register$IORING_REGISTER_ENABLE_RINGS(r8, 0xc, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.195' (ED25519) to the list of known hosts. 2024/06/01 04:44:44 fuzzer started 2024/06/01 04:44:44 dialing manager at 10.128.0.163:30012 [ 19.927026][ T28] audit: type=1400 audit(1717217084.478:66): avc: denied { node_bind } for pid=282 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 19.947571][ T28] audit: type=1400 audit(1717217084.478:67): avc: denied { name_bind } for pid=282 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 19.996523][ T28] audit: type=1400 audit(1717217084.538:68): avc: denied { setattr } for pid=292 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=166 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.001562][ T293] cgroup: Unknown subsys name 'net' [ 20.022273][ T28] audit: type=1400 audit(1717217084.538:69): avc: denied { mounton } for pid=293 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 20.047139][ T293] cgroup: Unknown subsys name 'devices' [ 20.053076][ T28] audit: type=1400 audit(1717217084.538:70): avc: denied { mount } for pid=293 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.075929][ T28] audit: type=1400 audit(1717217084.568:71): avc: denied { unmount } for pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.095678][ T28] audit: type=1400 audit(1717217084.568:72): avc: denied { mounton } for pid=294 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 20.120281][ T28] audit: type=1400 audit(1717217084.568:73): avc: denied { mount } for pid=294 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 20.129578][ T299] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 20.152178][ T28] audit: type=1400 audit(1717217084.698:74): avc: denied { relabelto } for pid=299 comm="mkswap" name="swap-file" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.177432][ T28] audit: type=1400 audit(1717217084.698:75): avc: denied { write } for pid=299 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.206513][ T297] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 20.268975][ T293] cgroup: Unknown subsys name 'hugetlb' [ 20.274443][ T293] cgroup: Unknown subsys name 'rlimit' 2024/06/01 04:44:44 starting 5 executor processes [ 21.357796][ T307] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.364660][ T307] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.372071][ T307] device bridge_slave_0 entered promiscuous mode [ 21.379120][ T307] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.385968][ T307] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.393573][ T307] device bridge_slave_1 entered promiscuous mode [ 21.431268][ T308] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.438156][ T308] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.445403][ T308] device bridge_slave_0 entered promiscuous mode [ 21.452317][ T308] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.459236][ T308] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.466447][ T308] device bridge_slave_1 entered promiscuous mode [ 21.485631][ T310] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.492535][ T310] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.499874][ T310] device bridge_slave_0 entered promiscuous mode [ 21.517393][ T310] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.524266][ T310] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.531629][ T310] device bridge_slave_1 entered promiscuous mode [ 21.575790][ T309] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.582758][ T309] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.589954][ T309] device bridge_slave_0 entered promiscuous mode [ 21.609229][ T309] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.616084][ T309] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.623415][ T309] device bridge_slave_1 entered promiscuous mode [ 21.672550][ T311] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.679435][ T311] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.686784][ T311] device bridge_slave_0 entered promiscuous mode [ 21.701411][ T311] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.708343][ T311] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.715560][ T311] device bridge_slave_1 entered promiscuous mode [ 21.852184][ T307] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.859058][ T307] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.866146][ T307] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.872955][ T307] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.897319][ T308] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.904172][ T308] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.911290][ T308] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.918074][ T308] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.943381][ T310] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.950252][ T310] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.957384][ T310] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.964223][ T310] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.995708][ T311] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.002580][ T311] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.009697][ T311] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.016449][ T311] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.025008][ T309] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.031871][ T309] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.038989][ T309] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.045742][ T309] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.080182][ T312] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.087473][ T312] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.094512][ T312] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.102266][ T312] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.109478][ T312] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.116490][ T312] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.123930][ T312] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.130989][ T312] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.138379][ T312] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.145394][ T312] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.153911][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.161176][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.181942][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.190010][ T312] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.196863][ T312] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.204178][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.212244][ T312] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.219088][ T312] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.237207][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.245180][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.253355][ T312] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.260220][ T312] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.288693][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.296856][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.304626][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.312599][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.320869][ T19] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.327747][ T19] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.334855][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.342798][ T19] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.349650][ T19] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.366848][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.374226][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.381674][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 22.389887][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.398335][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.405164][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.412403][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.420510][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.428549][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.435656][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.451174][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.459433][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.467519][ T313] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.474364][ T313] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.481599][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.488892][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.496123][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.504449][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.512587][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.520550][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.533727][ T307] device veth0_vlan entered promiscuous mode [ 22.551016][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 22.559109][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.567242][ T313] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.574075][ T313] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.581320][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.589124][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.597087][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.605202][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.613300][ T313] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.620137][ T313] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.627363][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.635249][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.643183][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.651076][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.658913][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.667006][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.688767][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.696079][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.703394][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.711228][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.719083][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.726976][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.751396][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.759671][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.767637][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.774804][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.782178][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.790704][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.799116][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.807063][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.818197][ T311] device veth0_vlan entered promiscuous mode [ 22.831896][ T310] device veth0_vlan entered promiscuous mode [ 22.841449][ T307] device veth1_macvtap entered promiscuous mode [ 22.853684][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.862406][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.870740][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.878473][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.886228][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.894222][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.902153][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.909676][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.917818][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.925909][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.934160][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.942623][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.949978][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.963145][ T309] device veth0_vlan entered promiscuous mode [ 22.971691][ T308] device veth0_vlan entered promiscuous mode [ 22.979417][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.987412][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.994729][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.002434][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.010515][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.018860][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.026477][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.034664][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.041986][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.053637][ T311] device veth1_macvtap entered promiscuous mode [ 23.063705][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.079541][ T310] device veth1_macvtap entered promiscuous mode [ 23.087987][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.096247][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.104406][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.114964][ T309] device veth1_macvtap entered promiscuous mode [ 23.135617][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.143828][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.152329][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.160491][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.168596][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.176932][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.186366][ T308] device veth1_macvtap entered promiscuous mode [ 23.202241][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.210494][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.248776][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.258931][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.278953][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.283808][ T346] loop4: detected capacity change from 0 to 512 [ 23.287274][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.301293][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.301877][ T346] ======================================================= [ 23.301877][ T346] WARNING: The mand mount option has been deprecated and [ 23.301877][ T346] and is ignored by this kernel. Remove the mand [ 23.301877][ T346] option from the mount to silence this warning. [ 23.301877][ T346] ======================================================= [ 23.309593][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.352650][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.352706][ T346] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 23.360876][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.377690][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.379258][ T346] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 23.385828][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.394893][ T346] ext4 filesystem being mounted at /root/syzkaller-testdir3879226290/syzkaller.KsUQBd/1/file0 supports timestamps until 2038 (0x7fffffff) [ 23.421678][ T346] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #15: comm syz-executor.4: corrupted xattr block 19 [ 23.436866][ T346] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 23.446610][ T346] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #15: comm syz-executor.4: corrupted xattr block 19 [ 23.465092][ T346] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 23.505075][ T354] overlayfs: missing 'lowerdir' [ 23.507020][ T346] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 23.511369][ T356] futex_wake_op: syz-executor.0 tries to shift op by 32; fix this program [ 23.529396][ T346] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2926: inode #15: comm syz-executor.4: corrupted xattr block 19 [ 23.551377][ T346] EXT4-fs warning (device loop4): ext4_evict_inode:299: xattr delete (err -117) [ 23.575835][ T307] EXT4-fs (loop4): unmounting filesystem. [ 23.676790][ T6] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 23.736779][ T312] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 23.837278][ T313] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 23.876897][ T333] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 23.916767][ T6] usb 4-1: Using ep0 maxpacket: 32 [ 23.916806][ T39] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 23.976802][ T312] usb 2-1: Using ep0 maxpacket: 32 [ 24.036884][ T6] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 24.047636][ T6] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 24.057247][ T6] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 24.066092][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.096782][ T312] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 24.108239][ T6] hub 4-1:4.0: USB hub found [ 24.112737][ T312] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 24.122251][ T312] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 24.131091][ T312] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.166824][ T333] usb 1-1: device descriptor read/64, error -71 [ 24.177018][ T39] usb 5-1: Using ep0 maxpacket: 32 [ 24.177655][ T312] hub 2-1:4.0: USB hub found [ 24.226842][ T313] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 24.237860][ T313] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 24.247414][ T313] usb 3-1: config 0 interface 0 has no altsetting 0 [ 24.253813][ T313] usb 3-1: New USB device found, idVendor=ffff, idProduct=ffff, bcdDevice= 0.00 [ 24.262738][ T313] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.271371][ T313] usb 3-1: config 0 descriptor?? [ 24.326809][ T6] hub 4-1:4.0: 2 ports detected [ 24.336845][ T39] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 24.347668][ T39] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 24.357295][ T39] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 24.366075][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.396974][ T312] hub 2-1:4.0: 2 ports detected [ 24.407851][ T39] hub 5-1:4.0: USB hub found [ 24.586829][ T6] hub 4-1:4.0: hub_hub_status failed (err = -71) [ 24.586877][ T333] usb 1-1: device descriptor read/64, error -71 [ 24.593063][ T6] hub 4-1:4.0: config failed, can't get hub status (err -71) [ 24.606847][ T313] usbhid 3-1:0.0: can't add hid device: -71 [ 24.614554][ T313] usbhid: probe of 3-1:0.0 failed with error -71 [ 24.621576][ T313] usb 3-1: USB disconnect, device number 2 [ 24.627494][ T39] hub 5-1:4.0: 2 ports detected [ 24.638931][ T6] usb 4-1: USB disconnect, device number 2 [ 24.656767][ T312] hub 2-1:4.0: hub_hub_status failed (err = -71) [ 24.662944][ T312] hub 2-1:4.0: config failed, can't get hub status (err -71) [ 24.697128][ T312] usb 2-1: USB disconnect, device number 2 [ 24.836802][ T39] hub 5-1:4.0: hub_hub_status failed (err = -71) [ 24.843250][ T39] hub 5-1:4.0: config failed, can't get hub status (err -71) [ 24.866929][ T333] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 24.887079][ T39] usb 5-1: USB disconnect, device number 2 [ 25.153724][ T28] kauditd_printk_skb: 45 callbacks suppressed [ 25.153739][ T28] audit: type=1400 audit(1717217089.698:121): avc: denied { read } for pid=380 comm="syz-executor.1" name="msr" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 25.182413][ T333] usb 1-1: device descriptor read/64, error -71 [ 25.190446][ T28] audit: type=1400 audit(1717217089.698:122): avc: denied { open } for pid=380 comm="syz-executor.1" path="/dev/cpu/0/msr" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 25.222971][ T383] futex_wake_op: syz-executor.1 tries to shift op by 32; fix this program [ 25.242633][ T385] overlayfs: missing 'lowerdir' [ 25.260143][ T387] overlayfs: missing 'lowerdir' [ 25.272181][ T389] loop1: detected capacity change from 0 to 512 [ 25.279884][ T389] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 25.296760][ T335] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 25.300564][ T389] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 25.319387][ T389] ext4 filesystem being mounted at /root/syzkaller-testdir2024480787/syzkaller.BtvQBd/4/file0 supports timestamps until 2038 (0x7fffffff) [ 25.348129][ T389] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #15: comm syz-executor.1: corrupted xattr block 19 [ 25.360471][ T389] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop1 ino=15 [ 25.369403][ T389] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #15: comm syz-executor.1: corrupted xattr block 19 [ 25.382288][ T389] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop1 ino=15 [ 25.399746][ T389] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 25.414450][ T389] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2926: inode #15: comm syz-executor.1: corrupted xattr block 19 [ 25.427752][ T389] EXT4-fs warning (device loop1): ext4_evict_inode:299: xattr delete (err -117) [ 25.452291][ T310] EXT4-fs (loop1): unmounting filesystem. [ 25.596764][ T333] usb 1-1: device descriptor read/64, error -71 [ 25.646792][ T312] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 25.666848][ T335] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.677597][ T6] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 25.684853][ T335] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 25.694716][ T335] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 25.703706][ T335] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.712754][ T335] usb 3-1: config 0 descriptor?? [ 25.726832][ T333] usb usb1-port1: attempt power cycle [ 25.746777][ T313] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 25.916761][ T6] usb 4-1: Using ep0 maxpacket: 32 [ 26.006772][ T313] usb 2-1: Using ep0 maxpacket: 32 [ 26.006775][ T312] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.006800][ T312] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 26.031971][ T312] usb 5-1: config 0 interface 0 has no altsetting 0 [ 26.038451][ T6] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.049059][ T312] usb 5-1: New USB device found, idVendor=ffff, idProduct=ffff, bcdDevice= 0.00 [ 26.057949][ T6] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 26.067468][ T312] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.075521][ T6] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 26.084960][ T312] usb 5-1: config 0 descriptor?? [ 26.089788][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.126884][ T313] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.137702][ T313] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 26.139762][ T6] hub 4-1:4.0: USB hub found [ 26.147586][ T333] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 26.159027][ T313] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 26.167903][ T313] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.207336][ T313] hub 2-1:4.0: USB hub found [ 26.346883][ T6] hub 4-1:4.0: 2 ports detected [ 26.366808][ T333] usb 1-1: device descriptor read/8, error -71 [ 26.426996][ T312] usbhid 5-1:0.0: can't add hid device: -71 [ 26.427109][ T313] hub 2-1:4.0: 2 ports detected [ 26.432881][ T312] usbhid: probe of 5-1:0.0 failed with error -71 [ 26.444516][ T312] usb 5-1: USB disconnect, device number 3 [ 26.566783][ T6] hub 4-1:4.0: hub_hub_status failed (err = -71) [ 26.573008][ T6] hub 4-1:4.0: config failed, can't get hub status (err -71) [ 26.607282][ T6] usb 4-1: USB disconnect, device number 3 [ 26.636880][ T333] usb 1-1: device descriptor read/8, error -71 [ 26.676823][ T313] hub 2-1:4.0: hub_hub_status failed (err = -71) [ 26.683208][ T313] hub 2-1:4.0: config failed, can't get hub status (err -71) [ 26.717128][ T313] usb 2-1: USB disconnect, device number 3 [ 26.756907][ T335] usb 3-1: string descriptor 0 read error: -71 [ 26.776799][ T335] uclogic 0003:256C:006D.0001: failed retrieving string descriptor #200: -71 [ 26.785484][ T335] uclogic 0003:256C:006D.0001: failed retrieving pen parameters: -71 [ 26.794474][ T335] uclogic 0003:256C:006D.0001: failed probing pen v2 parameters: -71 [ 26.802571][ T335] uclogic 0003:256C:006D.0001: failed probing parameters: -71 [ 26.810071][ T335] uclogic: probe of 0003:256C:006D.0001 failed with error -71 [ 26.818334][ T335] usb 3-1: USB disconnect, device number 3 [ 27.080944][ T413] futex_wake_op: syz-executor.3 tries to shift op by 32; fix this program [ 27.088642][ T415] overlayfs: missing 'lowerdir' [ 27.136777][ T333] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 27.237042][ T333] usb 1-1: Using ep0 maxpacket: 32 [ 27.258138][ T307] syz-executor.4 (307) used greatest stack depth: 21200 bytes left [ 27.268923][ T424] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.275831][ T424] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.283310][ T424] device bridge_slave_0 entered promiscuous mode [ 27.292358][ T424] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.299307][ T424] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.306614][ T424] device bridge_slave_1 entered promiscuous mode [ 27.352975][ T28] audit: type=1400 audit(1717217091.898:123): avc: denied { unlink } for pid=432 comm="syz-executor.2" name="#1" dev="sda1" ino=1965 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=chr_file permissive=1 [ 27.377002][ T333] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.390010][ T333] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 27.400004][ T333] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 27.409188][ T333] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.450133][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 27.457582][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.467072][ T313] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 27.469290][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 27.475180][ T333] hub 1-1:4.0: USB hub found [ 27.482358][ T6] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 27.494714][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.503062][ T335] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.509947][ T335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.538057][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.546171][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.554136][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.562091][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.570069][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 27.577504][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 27.585540][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.593566][ T312] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.600410][ T312] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.607722][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.615491][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.626192][ T424] device veth0_vlan entered promiscuous mode [ 27.637934][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.647355][ T424] device veth1_macvtap entered promiscuous mode [ 27.660810][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 27.669102][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 27.676832][ T333] hub 1-1:4.0: 2 ports detected [ 27.689682][ T28] audit: type=1400 audit(1717217092.238:124): avc: denied { mounton } for pid=424 comm="syz-executor.4" path="/dev/binderfs" dev="devtmpfs" ino=370 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 27.700921][ T439] overlayfs: missing 'lowerdir' [ 27.796783][ T371] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 27.846796][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.857604][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 27.867755][ T6] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 27.876640][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.877557][ T10] device bridge_slave_1 left promiscuous mode [ 27.890612][ T313] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.892099][ T6] usb 2-1: config 0 descriptor?? [ 27.902314][ T313] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 27.909873][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.915997][ T313] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 27.932539][ T313] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.932545][ T10] device bridge_slave_0 left promiscuous mode [ 27.932729][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.953586][ T333] hub 1-1:4.0: hub_hub_status failed (err = -71) [ 27.960013][ T333] hub 1-1:4.0: config failed, can't get hub status (err -71) [ 27.960109][ T10] device veth1_macvtap left promiscuous mode [ 27.973271][ T10] device veth0_vlan left promiscuous mode [ 27.979094][ T313] usb 4-1: config 0 descriptor?? [ 27.997545][ T333] usb 1-1: USB disconnect, device number 5 [ 28.056893][ T331] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 28.187136][ T371] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 28.198055][ T371] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 28.207690][ T371] usb 3-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 28.216579][ T371] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.226013][ T371] usb 3-1: config 0 descriptor?? [ 28.296930][ T331] usb 5-1: Using ep0 maxpacket: 32 [ 28.416812][ T331] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 28.427829][ T331] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 28.437747][ T331] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 28.452282][ T331] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.497406][ T331] hub 5-1:4.0: USB hub found [ 28.607014][ T6] hid (null): bogus close delimiter [ 28.677587][ T437] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 28.685863][ T437] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 28.708866][ T371] logitech-hidpp-device 0003:046D:C086.0004: hidraw0: USB HID v0.00 Device [HID 046d:c086] on usb-dummy_hcd.2-1/input0 [ 28.716904][ T331] hub 5-1:4.0: 2 ports detected [ 28.736795][ T24] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 28.908969][ T39] usb 3-1: USB disconnect, device number 4 [ 28.936844][ T331] hub 5-1:4.0: hub_hub_status failed (err = -71) [ 28.943113][ T331] hub 5-1:4.0: config failed, can't get hub status (err -71) [ 28.977179][ T331] usb 5-1: USB disconnect, device number 4 [ 29.026827][ T313] usb 4-1: string descriptor 0 read error: -71 [ 29.046844][ T313] uclogic 0003:256C:006D.0002: failed retrieving string descriptor #200: -71 [ 29.055523][ T313] uclogic 0003:256C:006D.0002: failed retrieving pen parameters: -71 [ 29.063403][ T313] uclogic 0003:256C:006D.0002: failed probing pen v2 parameters: -71 [ 29.071358][ T313] uclogic 0003:256C:006D.0002: failed probing parameters: -71 [ 29.078744][ T313] uclogic: probe of 0003:256C:006D.0002 failed with error -71 [ 29.087864][ T313] usb 4-1: USB disconnect, device number 4 [ 29.106954][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 29.117697][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 29.126830][ T6] usb 2-1: string descriptor 0 read error: -71 [ 29.127480][ T24] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 29.142312][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 29.151679][ T24] usb 1-1: config 0 descriptor?? [ 29.152810][ T6] uclogic 0003:256C:006D.0003: failed retrieving string descriptor #200: -71 [ 29.165421][ T6] uclogic 0003:256C:006D.0003: failed retrieving pen parameters: -71 [ 29.173363][ T6] uclogic 0003:256C:006D.0003: failed probing pen v2 parameters: -71 [ 29.181433][ T6] uclogic 0003:256C:006D.0003: failed probing parameters: -71 [ 29.188779][ T6] uclogic: probe of 0003:256C:006D.0003 failed with error -71 [ 29.197454][ T6] usb 2-1: USB disconnect, device number 4 [ 29.429445][ T447] futex_wake_op: syz-executor.2 tries to shift op by 32; fix this program [ 29.458275][ T28] audit: type=1400 audit(1717217094.008:125): avc: denied { create } for pid=448 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 29.576944][ T460] futex_wake_op: syz-executor.3 tries to shift op by 32; fix this program [ 29.669803][ T471] futex_wake_op: syz-executor.4 tries to shift op by 32; fix this program [ 29.876770][ T313] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 29.876770][ T6] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 29.896803][ T331] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 29.966801][ T371] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 30.126750][ T6] usb 3-1: Using ep0 maxpacket: 32 [ 30.206793][ T24] usb 1-1: string descriptor 0 read error: -71 [ 30.226935][ T24] uclogic 0003:256C:006D.0005: failed retrieving string descriptor #200: -71 [ 30.235577][ T24] uclogic 0003:256C:006D.0005: failed retrieving pen parameters: -71 [ 30.243598][ T24] uclogic 0003:256C:006D.0005: failed probing pen v2 parameters: -71 [ 30.246867][ T6] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.251707][ T24] uclogic 0003:256C:006D.0005: failed probing parameters: -71 [ 30.262577][ T331] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.269751][ T24] uclogic: probe of 0003:256C:006D.0005 failed with error -71 [ 30.280291][ T6] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 30.287623][ T313] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.297065][ T331] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 30.314195][ T24] usb 1-1: USB disconnect, device number 6 [ 30.326006][ T313] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 30.329440][ T6] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 30.339053][ T313] usb 4-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 30.344719][ T331] usb 2-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 30.353496][ T313] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.362408][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.374949][ T313] usb 4-1: config 0 descriptor?? [ 30.377775][ T331] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.379188][ T331] usb 2-1: config 0 descriptor?? [ 30.426857][ T371] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.427473][ T6] hub 3-1:4.0: USB hub found [ 30.440678][ T371] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 30.451604][ T371] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 30.460436][ T371] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.468805][ T371] usb 5-1: config 0 descriptor?? [ 30.656944][ T6] hub 3-1:4.0: 2 ports detected [ 30.857545][ T467] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 30.867454][ T467] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 30.868880][ T313] logitech-hidpp-device 0003:046D:C086.0006: hidraw0: USB HID v0.00 Device [HID 046d:c086] on usb-dummy_hcd.3-1/input0 [ 30.881977][ T331] logitech-hidpp-device 0003:046D:C086.0007: hidraw1: USB HID v0.00 Device [HID 046d:c086] on usb-dummy_hcd.1-1/input0 [ 30.916791][ T6] hub 3-1:4.0: hub_hub_status failed (err = -71) [ 30.922998][ T6] hub 3-1:4.0: config failed, can't get hub status (err -71) [ 30.957319][ T6] usb 3-1: USB disconnect, device number 5 [ 31.072996][ T313] usb 4-1: USB disconnect, device number 5 [ 31.083286][ T331] usb 2-1: USB disconnect, device number 5 [ 31.096760][ T24] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 31.482700][ T483] loop2: detected capacity change from 0 to 1024 [ 31.486837][ T371] usb 5-1: string descriptor 0 read error: -71 [ 31.489490][ T483] EXT4-fs: Ignoring removed orlov option [ 31.494929][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 31.500565][ T483] EXT4-fs: Ignoring removed nomblk_io_submit option [ 31.516777][ T371] uclogic 0003:256C:006D.0008: failed retrieving string descriptor #200: -71 [ 31.526131][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 31.532166][ T483] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 31.535931][ T371] uclogic 0003:256C:006D.0008: failed retrieving pen parameters: -71 [ 31.552147][ T24] usb 1-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 31.561160][ T371] uclogic 0003:256C:006D.0008: failed probing pen v2 parameters: -71 [ 31.569925][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 31.577818][ T371] uclogic 0003:256C:006D.0008: failed probing parameters: -71 [ 31.588963][ T24] usb 1-1: config 0 descriptor?? [ 31.593852][ T371] uclogic: probe of 0003:256C:006D.0008 failed with error -71 [ 31.606646][ T28] audit: type=1400 audit(1717217096.148:126): avc: denied { create } for pid=482 comm="syz-executor.2" name="blkio.bfq.avg_queue_size" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 31.621214][ T483] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 31.632758][ T371] usb 5-1: USB disconnect, device number 5 [ 31.640382][ T28] audit: type=1400 audit(1717217096.158:127): avc: denied { read append open } for pid=482 comm="syz-executor.2" path="/root/syzkaller-testdir150128545/syzkaller.aANjQj/13/file1/file0/blkio.bfq.avg_queue_size" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 31.660827][ T483] ================================================================== [ 31.681200][ T483] BUG: KASAN: use-after-free in ext4_search_dir+0xf7/0x1b0 [ 31.688223][ T483] Read of size 1 at addr ffff888133b5dfa9 by task syz-executor.2/483 [ 31.696120][ T483] [ 31.698291][ T483] CPU: 1 PID: 483 Comm: syz-executor.2 Not tainted 6.1.78-syzkaller-00132-g92704e00b599 #0 [ 31.708098][ T483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 31.717998][ T483] Call Trace: [ 31.721117][ T483] [ 31.723894][ T483] dump_stack_lvl+0x151/0x1b7 [ 31.728408][ T483] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 31.733700][ T483] ? _printk+0xd1/0x111 [ 31.737693][ T483] ? __virt_addr_valid+0x242/0x2f0 [ 31.742642][ T483] print_report+0x158/0x4e0 [ 31.746978][ T483] ? __virt_addr_valid+0x242/0x2f0 [ 31.751932][ T483] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 31.758002][ T483] ? ext4_search_dir+0xf7/0x1b0 [ 31.762687][ T483] kasan_report+0x13c/0x170 [ 31.767030][ T483] ? ext4_search_dir+0xf7/0x1b0 [ 31.771717][ T483] __asan_report_load1_noabort+0x14/0x20 [ 31.777185][ T483] ext4_search_dir+0xf7/0x1b0 [ 31.781699][ T483] ext4_find_inline_entry+0x4b6/0x5e0 [ 31.786919][ T483] ? ext4_try_create_inline_dir+0x320/0x320 [ 31.792634][ T483] __ext4_find_entry+0x2b0/0x1af0 [ 31.797490][ T483] ? __d_alloc+0xb4/0x700 [ 31.801655][ T483] ? d_alloc+0x4b/0x1d0 [ 31.805651][ T483] ? lookup_one_qstr_excl+0xe7/0x290 [ 31.810769][ T483] ? do_mkdirat+0xbd/0x450 [ 31.815023][ T483] ? __x64_sys_mkdirat+0x89/0xa0 [ 31.819807][ T483] ? do_syscall_64+0x3d/0xb0 [ 31.824227][ T483] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 31.830132][ T483] ? ext4_fname_setup_ci_filename+0x70/0x480 [ 31.835941][ T483] ? ext4_ci_compare+0x660/0x660 [ 31.840712][ T483] ? memcpy+0x56/0x70 [ 31.844532][ T483] ? ext4_fname_prepare_lookup+0x3b5/0x4e0 [ 31.850181][ T483] ? generic_set_encrypted_ci_d_ops+0x91/0xf0 [ 31.856079][ T483] ext4_lookup+0x176/0x740 [ 31.860330][ T483] ? ext4_add_entry+0xed0/0xed0 [ 31.865014][ T483] ? _raw_spin_lock+0xa4/0x1b0 [ 31.869620][ T483] ? _raw_spin_unlock+0x4c/0x70 [ 31.874301][ T483] ? d_alloc+0x199/0x1d0 [ 31.878384][ T483] lookup_one_qstr_excl+0x143/0x290 [ 31.883418][ T483] filename_create+0x28e/0x530 [ 31.888019][ T483] ? kern_path_create+0x1a0/0x1a0 [ 31.892878][ T483] do_mkdirat+0xbd/0x450 [ 31.896956][ T483] ? vfs_mkdir+0x570/0x570 [ 31.901211][ T483] __x64_sys_mkdirat+0x89/0xa0 [ 31.905807][ T483] do_syscall_64+0x3d/0xb0 [ 31.910062][ T483] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 31.915787][ T483] RIP: 0033:0x7f1f19a7cee9 [ 31.920043][ T483] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 31.939483][ T483] RSP: 002b:00007f1f1a8600c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 31.947726][ T483] RAX: ffffffffffffffda RBX: 00007f1f19bb3fa0 RCX: 00007f1f19a7cee9 [ 31.955536][ T483] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 000000000000000d [ 31.963347][ T483] RBP: 00007f1f19ac947f R08: 0000000000000000 R09: 0000000000000000 [ 31.971164][ T483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 31.978974][ T483] R13: 000000000000000b R14: 00007f1f19bb3fa0 R15: 00007ffeff811bd8 [ 31.986787][ T483] [ 31.989648][ T483] [ 31.991818][ T483] Allocated by task 310: [ 31.995900][ T483] kasan_set_track+0x4b/0x70 [ 32.000323][ T483] kasan_save_alloc_info+0x1f/0x30 [ 32.005268][ T483] __kasan_kmalloc+0x9c/0xb0 [ 32.009697][ T483] kmalloc_node_trace+0x3d/0xb0 [ 32.014383][ T483] __get_vm_area_node+0x129/0x370 [ 32.019242][ T483] __vmalloc_node_range+0x36e/0x1540 [ 32.024364][ T483] vzalloc+0x78/0x90 [ 32.028095][ T483] xt_counters_alloc+0x44/0x50 [ 32.032698][ T483] __do_replace+0xbf/0xa60 [ 32.036949][ T483] do_ip6t_set_ctl+0x2dab/0x3f60 [ 32.041725][ T483] nf_setsockopt+0x274/0x2a0 [ 32.046157][ T483] ipv6_setsockopt+0x161/0x1a0 [ 32.050750][ T483] tcp_setsockopt+0xce/0xe0 [ 32.055090][ T483] sock_common_setsockopt+0xa2/0xc0 [ 32.060122][ T483] __sys_setsockopt+0x4dc/0x8b0 [ 32.064807][ T483] __x64_sys_setsockopt+0xbf/0xd0 [ 32.069667][ T483] do_syscall_64+0x3d/0xb0 [ 32.073920][ T483] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 32.079648][ T483] [ 32.081818][ T483] Freed by task 310: [ 32.085554][ T483] kasan_set_track+0x4b/0x70 [ 32.089978][ T483] kasan_save_free_info+0x2b/0x40 [ 32.094837][ T483] ____kasan_slab_free+0x131/0x180 [ 32.099907][ T483] __kasan_slab_free+0x11/0x20 [ 32.104501][ T483] __kmem_cache_free+0x218/0x3b0 [ 32.109275][ T483] kfree+0x7a/0xf0 [ 32.112843][ T483] __vunmap+0xaac/0xb60 [ 32.116828][ T483] vfree+0x5c/0x80 [ 32.120387][ T483] __do_replace+0x87c/0xa60 [ 32.124725][ T483] do_ip6t_set_ctl+0x2dab/0x3f60 [ 32.129501][ T483] nf_setsockopt+0x274/0x2a0 [ 32.133923][ T483] ipv6_setsockopt+0x161/0x1a0 [ 32.138525][ T483] tcp_setsockopt+0xce/0xe0 [ 32.142867][ T483] sock_common_setsockopt+0xa2/0xc0 [ 32.147899][ T483] __sys_setsockopt+0x4dc/0x8b0 [ 32.152584][ T483] __x64_sys_setsockopt+0xbf/0xd0 [ 32.157445][ T483] do_syscall_64+0x3d/0xb0 [ 32.161697][ T483] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 32.167426][ T483] [ 32.169594][ T483] The buggy address belongs to the object at ffff888133b5df80 [ 32.169594][ T483] which belongs to the cache kmalloc-64 of size 64 [ 32.183313][ T483] The buggy address is located 41 bytes inside of [ 32.183313][ T483] 64-byte region [ffff888133b5df80, ffff888133b5dfc0) [ 32.196246][ T483] [ 32.198413][ T483] The buggy address belongs to the physical page: [ 32.204674][ T483] page:ffffea0004ced740 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x133b5d [ 32.214727][ T483] flags: 0x4000000000000200(slab|zone=1) [ 32.220207][ T483] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100042780 [ 32.228622][ T483] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 [ 32.237032][ T483] page dumped because: kasan: bad access detected [ 32.243291][ T483] page_owner tracks the page as allocated [ 32.248840][ T483] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 310, tgid 310 (syz-executor.1), ts 25450911621, free_ts 25447512073 [ 32.266892][ T483] post_alloc_hook+0x213/0x220 [ 32.271488][ T483] prep_new_page+0x1b/0x110 [ 32.275841][ T483] get_page_from_freelist+0x27ea/0x2870 [ 32.281217][ T483] __alloc_pages+0x3a1/0x780 [ 32.285637][ T483] alloc_slab_page+0x6c/0xf0 [ 32.290207][ T483] new_slab+0x90/0x3e0 [ 32.294114][ T483] ___slab_alloc+0x6f9/0xb80 [ 32.298538][ T483] __slab_alloc+0x5d/0xa0 [ 32.302720][ T483] __kmem_cache_alloc_node+0x1af/0x250 [ 32.307999][ T483] __kmalloc+0xa3/0x1e0 [ 32.311990][ T483] ext4_htree_store_dirent+0x8d/0x670 [ 32.317194][ T483] htree_dirblock_to_tree+0x930/0x10d0 [ 32.322491][ T483] ext4_htree_fill_tree+0x73d/0x13e0 [ 32.327609][ T483] ext4_readdir+0x2f4b/0x3930 [ 32.332123][ T483] iterate_dir+0x265/0x610 [ 32.336374][ T483] __se_sys_getdents64+0x1c1/0x460 [ 32.341321][ T483] page last free stack trace: [ 32.345838][ T483] free_unref_page_prepare+0x83d/0x850 [ 32.351130][ T483] free_unref_page+0xb2/0x5c0 [ 32.355640][ T483] __free_pages+0x61/0xf0 [ 32.359809][ T483] ringbuf_map_free+0xbe/0x120 [ 32.364406][ T483] bpf_map_free_deferred+0xf7/0x1b0 [ 32.369441][ T483] process_one_work+0x73d/0xcb0 [ 32.374130][ T483] worker_thread+0xa60/0x1260 [ 32.378643][ T483] kthread+0x26d/0x300 [ 32.382548][ T483] ret_from_fork+0x1f/0x30 2024/06/01 04:44:57 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 32.386800][ T483] [ 32.388970][ T483] Memory state around the buggy address: [ 32.394441][ T483] ffff888133b5de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.402429][ T483] ffff888133b5df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.410324][ T483] >ffff888133b5df80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 32.418222][ T483] ^ [ 32.423428][ T483] ffff888133b5e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.431329][ T483] ffff888133b5e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.439222][ T483] ================================================================== [ 32.448568][ T483] Disabling lock debugging due to kernel taint [ 32.463774][ T483] EXT4-fs error (device loop2): ext4_check_all_de:655: inode #12: block 7: comm syz-executor.2: bad entry in directory: rec_len is smaller than minimal - offset=56, inode=0, rec_len=0, size=124 fake=0 [ 32.491634][ T28] audit: type=1400 audit(1717217096.158:128): avc: denied { lock } for pid=482 comm="syz-executor.2" path="/root/syzkaller-testdir150128545/syzkaller.aANjQj/13/file1/file0/blkio.bfq.avg_queue_size" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 32.566745][ T28] audit: type=1400 audit(1717217096.158:129): avc: denied { write } for pid=482 comm="syz-executor.2" path="/root/syzkaller-testdir150128545/syzkaller.aANjQj/13/file1/file0/bus" dev="loop2" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 32.616752][ T313] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 32.645212][ T28] audit: type=1400 audit(1717217096.158:130): avc: denied { mounton } for pid=482 comm="syz-executor.2" path="/root/syzkaller-testdir150128545/syzkaller.aANjQj/13/file1/file0/bus" dev="loop2" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 32.676186][ T28] audit: type=1400 audit(1717217096.158:131): avc: denied { map } for pid=482 comm="syz-executor.2" path="/root/syzkaller-testdir150128545/syzkaller.aANjQj/13/file1/file0/bus" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 32.706374][ T28] audit: type=1400 audit(1717217097.008:132): avc: denied { create } for pid=482 comm="syz-executor.2" na