last executing test programs: 24.413276272s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000006c0)={{r0}, &(0x7f00000003c0), &(0x7f0000000400)}, 0x20) ustat(0x8, &(0x7f0000000100)) 24.356531631s ago: executing program 3: r0 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) recvmmsg(r0, &(0x7f0000002f80)=[{{0x0, 0x0, 0x0}}], 0x1, 0xedaaa4e2537566fb, 0x0) 24.270922144s ago: executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x0, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x63) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x0, 0xf2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7}}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) socket$nl_route(0x10, 0x3, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x48, 0x0, 0x0) r4 = userfaultfd(0x1) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) mkdirat(r0, &(0x7f0000000140)='./file0\x00', 0x20) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000080)={&(0x7f0000c15000/0x1000)=nil, &(0x7f0000324000/0x2000)=nil, 0x1000}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001880)=ANY=[@ANYBLOB="010369a252b93ac50448aed5af060a48cab4065eb218dd875675ae0c4c6fdfc7bcb5e59fc84d8ee735992082d88f3ddccf46d330fb671f8214e4581de1caf4b3555588d1cd8886c3da81e6d23a2bd4a2c705c3be7d84b52c30973ed672bc494711e0575b61fcfd94010275c1d27211ac1b0068fde80c6d94244e70eda4dcf7a469cabaa23de758e1c03e07554620a61a26243a6b83613ac29ef05c1a608c3263964663ab6968ba39055b60faac6023db2eb44d66c2fe385374ac05d68f9b1fda3cb7db0baee86c70eb83842f112f5982462b5c9a0a25e60b784d002c4e463853a0704e895ed54550a638ae907dcff369dcf93e776d0e1dd4a0f4437afcf31e9261640db6de3bf81ded532e8f0faa1363c21202f85c335c45d110a37870d9ec8f97fa2dd868c2dc8ed5c17f5f5b027502d54738a20b874dd1c1734e86a33a9023972aa6345db340feb3fe7235431c658992478b9314ca0176b7cb6b39448e2bf7a8427e28a83365cde7c65fa224d7563fd505fea225f20cdb03fd7c3d1b9e12d40d256b02d09959a4eca38c0554cef38556c71dd3aa889073be6f45ee4d8894fc1c15af3ee2dfb391cae78e1e52955b19b7d8e1bc1f6cb24206e24c1191f79e8983ceeb64e1c5516cccf82a3f6270796211d6071db20553fd095bb812a0a5dfd7b83af3e1de216f5661519f3a22bbf5093a78c9deebea9f89d593770c40330726ac8417f9f1e6e2f326df41f7f781cee2a3632935dd226d2c7a9a8ed027a337055129d5608aa387bc1d2f19f49a5a525c61cfba251674692057f8f9557b68b9e0a884441b9505c9c20bddf68f8d3a8e03508c308672084479388ff6b0de6f4e678cfce9de4d4e9005bf66a11b404fd7f6acaea0304085babc4395d3ac12049e12f5bba5c7f0b3da4275237f55cd597be11ae155676af01b6d8844c06dcf498148dadf99eb5c314c6bf5a4428019212a5c01dfd42cc3970ce32809be01db9cdc6df90f3342b91c00b4447ca31e83a2a3b989ebcbd4714e5a75bb3de6cf1b5a14e22ccb7945050be7133b10b1fe3246c005fcf2a5774318e40e47be6bffc7551e8c4f9d243347a624a5e4358e246d640e35daf9ebdaf8293956a02cb5d092175c0a9a7e6fd71e499258b0ffca9fff81267d30aec4df8571af00091d5b683ad3adf3ccb05819fa5cc41059058976256fd295dae6fbb129b3d96ab74e58f383abccf0675d430ec16b2532cd661e055bf1d310798ef44611a994611662de12f52cdf6ef0d98709f31c14907dc2f52eaf8806735a2d5eb04f3d849bb5c3a9238f5e7d120cc115b21aaaefcf6bfb7a038935d2148f6573aeb55da7033761de870f4419d39e80087c602865f3aa88abe2d831dcb272f8b25935c6f804b1c1babfbd9677b1dff5ee9c6ecaf3471947433a9d0ee06baa4a9f23cd957fa58381fefe87c742dd1bab318857f7aaaef6d5dcbe95226ed664315a43a0fae82a8730471f1b0cee9103c65ecd9f4996064fcb6b18400b796de1a19b22dd72469bb469116a45df59deb82490a301f5c71051a9587e2430dce76b968e43039ae59aa3d012caa92c957e1af1e0ed980ca70049f8454f74518e7053919321312f989fcd5b3645a992f6243a4fee7fe99965b2902f56796c4789413daaff9e7d5c3d6c89761871966868aff89e48f4b518ff9079ac52375d1e61cd9f3c4888bb5f24275e62ac5873d79c5e117943c0fd46636669d87d1ed6e63ac6823fb049021be4a8897e34bee77643d16e17c0a30c0f086d273116871838789292355c588d89377c8cd9b412841f56ba4b4435fb551900744ac5011820b12444bdf0d8f42063dad3b8b4d6b75b729068e698731460a1ae2da72b4fcbc1bfc5787dcf9acf1cfabf5144369a877255eea6395ae6a02dc48682ac666744b006e555d15e9cd4bce6030fcfbca91fd443bc2b8590cad5ea273fcad031f5802eb8626f7806cbd817d263472dffc8d866d15b28eec269b26bc388499e97fb36c6cf1027d3fe2f74f099996fcfeb98914c193b56f195c3fafa426c967112ed3de069fe4395f45072a78f83b6ded19fd5e22a0ec92be34b0af4e191f18d7c68074947e816ed06bf556992a779c948eb724bb5552aa00949a46617ab616b7face346edea9effccc80fe091abbe31d155a6e5954b8553a8e877037c58a37706dd3e485634e620bef3eb59fc1d37d6284d105c3a85c3c4c56c391d8557855b6497afe93724036199f1a9da58a55fee61ea0c623870a56d6c6b08990f41d8988770379552c199f1d87eb436ac6a0a03ab65ee0cf3e3000102e6f4cb6695f9e4ab7b3f42421a215de0d36ad0d252c7fb1750108c1d496536d6d46b22add9b212991709e4e03e3cca8ae54625b25f3db2b002411620adc94c63a13169b8aaea19286abcc12801a6ed80d9c794e0dc106784dc976a75e7193476e1e97e4e90cdaf24201427709a615abf047c398d815f4cc4c1119a406c2365dc85a9efcf4437a920c257bad4f792d59fa7c701a38334d883f0434caf9ce33d47c07e28e022256b8308b2c44762eac19c31a4d627a3b605235e5116e4b5455f647ef031bc638710534623f697000702750e6f54012ee00390227e262d09931b213cfeb9e3c6cc9005e90345daca03dbcac4f992d18bcdb14d9af557ec0d0cde26d3d3cd3721b4cf04c386a03037a0f0d9f70757a5394dadbb63d6b1d3ab00bad0f4340b7e00f9f24ae312d05295c734d1a5f066e1fe1de8ac208a5fd3867797b02b120bab340ca31af5b247fb757f27e8375e176dc779a7c3483eff7e548736b756c4eed3abad425c050b4fcce55f1f004ff8bce195bdcc78fc87e582998924c4716f40c2d620f748fb88e0ab683f2294507642883e132341b10e71f52ae8", @ANYBLOB="d2ac5629fd011a18ad971852ca18533b8ebcd18256e3621cc8bfcb6439e5fb5074f21bb7a0e337ff97a1d2cbd6e9ff49edb6e3be8c7662f2d2cbc1caec465309b88814de1c51ddfeefe5e43278c81afc2dfae334c5ff5146ccb0b1bee7207a289359a5c4920f2a9a06f6397be6e9b148acf5636866a59caa097a3743d8c4b85e2515c016c140ac71c30f89c9430a5866e336c9bce8b14c672f34aea152fbe8416caa1b660c5cdba680f63a25c9fc822ac176020dd7de5e91d73dabdcf5295579058e3fc9bfff1822cf603dc38479c5fa959b1f862cbc28d6d9e817e3bc366b4fd003a32c4634503d66b86d5fecfd5ea7eba4bbc0695affc4ef33b8d5e876454d84f8227c44c85974816fde18ed79a005a288fddca303cd1fefcef55b077b0712a5cb29ff98d26ef5b87e20501239e4c6f78ca3a9f5aee37bcd1ac62f28abafe77a10e9fbf3aa74646349bb0ded2ee2ff7321968da81e421fe2d3fb8f680c4601500433f96be2a2cef1e51c7d65714c9bbe1a8451aebbf1b51209224eebdaec7770bece9f66e03ab4799414b2ae0d71b6de7a4e26cd0c964234d6b6dc15dd943f5bbec889b332d92454f334e13d635b8a6a9d715fbe80c11a30eb5b84f46305450eb603b90f4eafa4a001deb36626cb21781d77fac6760ad60af748722feff49117b6887901db075807ac9ef08aaa00bc57fb4ffdaab8072e3551261c1afa4c32bd2c71401f06f55f7acf34f2a6fdb09a5d0102524e0d2992ba1ed9039c834f5e93f59b2af465828a834ea55bb896b621ecad1ab96dbd39f60d0012b6cc5dcfa7fa65d3c3dc12ac0023a4c53fb863d4e0b9f2c5281ea3e55f42cdff0d764a77b5acca4b948ec337f0b6fa25c5a7bb48d5bd21878addceff6a8dbc4a566260c2c08dd9d22535e6ba8856e5d4f837ea24da2d547d5b15c8d30d7f3a5f00f801172a3ff2596a78aa0a862719082ea430d9c2393ef28d880479a5d406b21b01b78ceee41062036ee91bc8116966416ea5abb13b721f6a5eacf8b81fd744b6781e84f1373934393b72e8cee594c18b7c8756d8c8e172702a4d43378db54ef1eb73eb6d6672625b5a855f88256f76f0199c240da8c03a491f7e98cd9c25ac2a1cfb76b6289ccbc1516730f9f3f7e25d7c627de5fab37bc7e71c3c5b729b31619123e5872590da60edbefb9faf7a5ffeb42a04ba4cb5263d1ddbd79c33db79aeb5fdb159d8dc6f0af0781866ce21e6ec87164f193daaa7ee975be326bfac562d40afcdeda0e7211f5c4bc3b8e9ae0d5c904627b94d3083c7d3186188a31c15fda3e7d19eea175070068a2c36563b484c2fdb018a4bd67f0189bacaed5922a8703beb312ac66d375e6f2ad26a8bf183188d4e534b09686211bf609e2ed133b8521c5b1d1b700911854b9960724d348af3c4e9d5626c85600146d1b51ca49b70d76911c6b196906a25a20372982ac1968b5447fd560bd7d120dc1ba0907380f46b531ee233c4ac794997ce2338ce7ad91350e81defd3a09692385c3d3bf13c69114d71f4959b822d7da3ef754308118bbc0c92e03d82758d8419f4ec30f1d5977af8005cc2e7bdf64644133a516c68ce20ab66970e5adb2ebd181a0ad285a824826fd675e30ed8d59c541ae6667464080fc4f7d0ba9bbaa08fdd9542d0b8fb64d9b960ed221f21f45fda8019842c695ccd6178c88b91b03f6e14ebe96f045549be96a690ad55976a0ec5c0ab81e87ee84f2c83c0ef4c4ef7152c6e956027d548e6784f0ee025db8d97f77ae9f513a62cef3d40354a6fed64274e1ea6e0adac3483f4db131455c6f0d8ac5157dd36acca140742d300ef891df32a1ba9479edddd9843e136e2676edb400af7e4b1f9dac26211fecf1ea5e317d8f69087431013315131d5d9542808d9d105202a23cfb3c8e698a449bc760df357cbe62602f95702772ff7ff46afe5d1e70a797d129f67c5b0171d0e0582210615c4dce0d6771992ea1c211cc0ab269c80244814feca6805a0e5edbc70968aa0bcb890765801a6c69933aa7ef54a751b8d4dd935f14b18fa1904be1b39d7455e113bb11d4c5fa61811ca13d1a16700bb30e62c52b890ea42d0d4e6c0ce58fd85016aa8e76a2d3fac29fffa7161d66d6d5461ef267f0e3431d82da0095b11a8a261b059028d1228a4d0d70edf2062bf5e6ab17a55fd1bf5f8645ef6665febd4c87a92773eb0ffde1d06ff396d9a6d27e78d1dfc86343922f56ae6962c3f4bca7f9aa1a825b6e5b22cdfbe2e193f27b76862725703d4779a06f53a063746da880a20a2ba3dcebf3f8a31f75f55e04de133955b3e7e51c490e256be2d4e0b1e8106ad03aa09f09394d219cef951d3b1fc6b9ee3e815ae51512ce3d23911f06041b8d4dc6183053a33795311d98257f3c30743ac2ed47e698c63d22c13e7016ad7fa35823a0926c7e292f31a608002f7cd8ba224750389b52ec6c37862222c7c96bdd34bf1ffd760b56db2a74acacfa62d99da1c500e5cce354e7021cfb40c1b77fc4beaa3c0de7a730eeb381bc2287d05087de2c9dd2ff76ef505489f9a71d0a12e73569bea595364b38f0aefa4bcf655e38d3a3df8262fe82e4989c028b9e8653c13fbb35cae0981086ebaf577511ad96277148a9e395d12a16920f379892d8bdeb6811838b081ab1dfbd14e1b8c0ccb60b771fa97737b89539274cb5f45696bd45db105851d2ea1282638f410b679f9c110a4e75c03cb56f7e3179e18f7b6c9d5622f6b2b25c282a35db8ac8e39f83a13bef5078552b8021912f75b96f965e61bd32ad231cdd56c0493ca2c5997e73bbf04aeff4ca98e8d92a91129660324fde3507f044c7ba24718e2e59422cd521816e21b5fefc9406555529f63ba615947ea526a92a9100395cf811a9fc5fe8137044a241f940bf6758c12a953559a6edb17432eff163dd50f7fc018194102718cd2159fa8537b4496358876cbbdfcb97c574d3522a72666db112d44fa21ff2656b99d0322326ae23b5a360ec45189fabd3b12d11718b06101e279780013db498cf69031d71654a57a107cf238ad0661d545f32eafaa9752988f53cbe165cd6d51f8f25a3739bf3f240c0fbd64335b80f99462b9ca9e42b5f735b51231dd3fae1f2b47b93240a2bfc978de64f0f268c2035ab67832d54491433411714d3ce3da987b7711a824f55eb8c3c2c119377719ede9c2afb7f0e03d61a661a363fc18ff909cc63894b39dccce2aeb1cf685830f0bedf3449e652afcb9b9672b22baad24618a97813f11139d6667fc9402a130d67b6c87842e465bee8868a7732a564c68f97e3cb83289cb6b9cd3f7223b45bd982f5f1d079e80b330b148dcd2419a642a5256739e447e765cb44b32fcf8073d7623a2a341c301addef1279251d0ecce8f023b1ddcae460f1e57062a191271e47d78ff4c2b1c3169b9590a1b6c96f4a35c4562803126d6d97f80e21913f49a4e33aa64f4a5b6e543404892c70434b64e34e270a8ed5703fb54576155a88bba0bcb8dd5ad5ff2e2c14eddc5492c807dff3423bacbb010a650cde5d5a9dcd192a64eaef62d7c97c5539687dffbb7d1cfb071dbfd8eaa0bbbbb363445bd00bb5ab2e1d4f3cb3263ba76206f2ce397aa307ebd22c9e2fac9f11d2d16ccb0c3c11b1f934035b56ab20de77fa1fa3228ee99886c95801a87d1d7d5e8813279d0d92d7b4a4b49fd4105ad2c13847eb98c450898d6af127b7df767c0198604e8408da2f4ac15a5c1064754810b2b3666d2c2f789747b6dc6c3d5cff7236a03d1e6a66a5baaa645691df2ec1b1f9e171f445a14e3714f8d9ff57e9775ffeee180e62a92ad1fb39298a2d94d3cb590ad261434f4c1a5ec486816d821c87f9a7ea08b55bdb00c6ff542c0050765fc37d0d955bc660497c11e07847646883c5e5ab781d986ded47917e87b5ba7f8e95d38a08b429f00f746a05064b6560577a2969c60ea2c50a9053eb758484e70b36bea57eedefa09d20d1bacfd72067a3f984d91d38a13f38118d84115d00d826162283dfd00a5f6b80fb8465e8ea76b9f4264bb4b5f65b27655582fd277b115368ee2d5dccdf22d0be6118292f5a379fa3e6f9baf12c817a3c4a25619e221647ad2ee2f0afb3ac65536ac2600175af2e87328ca6874f2ce05e003f2f50a31bd808b1277fb3df3d25428e3fe9ca6be58b7f2953a5a8a18ad12d06d953e7532c72748cbb4c1808fbd00762731dc2150a9f101c3aa1f1b716be54790892c1786ffbaa72dcf7178244cb3478dd1f0061525bc0361e9ecc6a1e47c960e4923b6dfffe14679c64d767de32337f9480f51342779cc774c952590d2ab5c3a46074afa964d09699bd1163961321aae2b0e5c44a3c814c192e2a9e9c697a7ba7b9fe034545705e27911508a47163be38852bc21db68360b040f90a6f3a5af3c35dd24e13ef27f3d1b8d1a10d78d73e3023b8e33e84a7b4ce3903780d302feb143e54c6bc3e927210745e09086396ca79d1f0bff4f7b4683b1f1261ace078aeb16d80dfeda93e3a550b802fc5e6385fb8bc3cddf1a3eb205e35129b83d1d9e26240349d2d1dc36ab227f6322ee5c254bea8ca6364c4e2b300b4164743bd2a6372d7831a25cd52767966d16a5e6e7530d545ffb0fa96abd781376dbd3cef3f8b1aac4dd2134c3d422a64401aa12330a3603c8ba2bdfedc3c760f0e0249c96b6cf9c225c8eeab827f28c818ae735bff3c5511e28137a31cbaaf5f18fc746d0285c6e3116c140da99ee164f49ad8088b5af3ff2e56870b3b2bc6453982f5fc12e245ee4fab50a39a1d79647ae919e3a45ffa1eb332959e1891b9e06ba6bb9dccc2b3c4b89ffe65435d33ac18b4052e01eabafb6ecc7ab5c37b8f49259d3119e12aebd6d2d8e60b1a38480b1961dd3debfd14aa580789e1cf89ef1b01eb572b3bbb4ce0375e215a82188e2b04357c4232f20b919a6c3cd0f4cd15b34487ac6b3fe7b65ccae0ab01e3c5b3a067c2aca717fcc3744d3238bcffdf1d00a5fe4aac7ea45025e90b98f347c35745069ae28f6d6f64d508335d926590e7d305caebce3a19f7478fa825327b97789e07f9d2512bde7abbd72057feb7bd212a7f3f5cc7c4f7df168a528cd215e9b1b6d15dc7b8e5dfa4d74463c7e433c83daddf12d2a1796fed2f5d1e549b62d780adad07b5396ba7633b019212ed7b0ed6dbcd7803cfb758c07ebe6ca76634b24edb43f1b9ed48bf739988f2dc7fb15c8b6e4aa51d8fa9b994b90ea401fb03eb0ca441ca0ea4d829b01798f08f697bda89311588ac2821bf4ae6e87be6b1d5a132c0cc1f643e697bef05c365e2d91f504191a301659c3d5730606856aacf53154163cc5ceb4335a9c9b70ccfd86f6a1ed4d61214b32555d95a54543aeb76e754daad307be482fc27509cf3eabf8423a60869d08a7ccc71dfbfa972354120fd27c8ee0524b0a", @ANYRES16=r1], 0x38}}, 0x4000050) ioctl$KVM_RUN(r2, 0xae80, 0x0) 23.572147913s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) clock_settime(0x0, 0x0) 23.465133419s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) getresgid(0x0, 0x0, 0x0) 23.410314368s ago: executing program 3: ptrace(0x10, 0x1) r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000380)={0x0, 0x0}) ptrace$getregs(0x4207, r1, 0x0, 0x0) 19.587348991s ago: executing program 1: open(&(0x7f0000000000)='./file0\x00', 0x80ff, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) fcntl$lock(r1, 0x25, &(0x7f0000000080)) fcntl$setlease(r0, 0x400, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') preadv(r2, &(0x7f00000000c0)=[{&(0x7f0000000140)=""/140, 0x8c}], 0x1, 0x0, 0x0) 19.050446064s ago: executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000000000020bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe000000008500000044000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e024334db8b20ce3f9f16cb7fc20fb4791ec85823d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2ba9c29faa38c409d32b6b7d6cf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e933119c5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd617545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247fa62fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120bed64069dcf82d3e5e0361e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a1000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e824d86869ec4ab392b0a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a412a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0daca8d4c1090000000000000084d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d36c309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f0000000000000000004f9e02a3b51a97c4b1c1b411cc6bee2a56f29c55a6aac46a0cfc318fae02922a403431d4e5a4396cad2c8dd34037bc041a2ba1505ba2c4889122ca04e85881aad5f8bfc12e6741872aad21bf5301cd4c607ef50a991c410f7c60e45b5c193f813a36d841165b91b5e170f6ba24558df57145eb8142a6ed87c6d5cbae3e52d569996604669a6e9ca1a3689c795970b4bcd00881faff52a6766fafa07ed7d4a49f47d34fd76a394adcb33a270b6a14e74bca7c2ea92dd845d3f774fde1bbea911c1ea76d52f7912e2597e6a33380647ed44956730b5b84662b8e659124379c0d86b1d28fdfa3cd2013103e3048c4ad4f5a4dcd133b2fc8fae3b51e4433cee7c08e67c7d7ed4432045e10f8718e5c163b1704fa2c707b61a1a9f63edfceff1a0cd7baf4a15b2fd607a09d398d73243bdcc664fbd5f582e48af2a18b02f0184a7bdd95ac78241e6749e74b152702333c56588375f806f10578eaae329c4f8dfb83e5524e2c9aa59ce7828bd1f146b2a4150fb2a8ced08e2ffac81e921e8a6f0071361a0acdbd125fb5f5e9ffe98e38508582a496afd30ca460dbfca77915a18b7b9ef6c1d6e13bc12fe43063cfecfafb05bf2339ad61533fbf3e410b403182742fa2d40c402cb83c2fef46a36f17c1abf97b0e2d114bd1472ab4207aa060f9e5d91c4a4911b1a1df47b858be141ab3386f26f561df35678489dc1b9f10eee1b2ab3dfdaedd7e06ff8a127f1743fcb32d7f80d40aebc1ea72edc348f5f9ba4bace97db948c24c679c74cd4336a7233d836082bb0e8b013bd1ee3612cd43cd2a3cb83754bb3408"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0xfffffedf, 0x10, &(0x7f0000000040), 0xffffff95, 0x0, 0xffffffffffffffff, 0xd}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000006c0)={r0, 0xe0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x6) 19.0122039s ago: executing program 1: pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_submit(r2, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) fcntl$setpipe(r0, 0x407, 0x0) read$char_usb(r0, &(0x7f0000000100)=""/124, 0x7c) write$char_usb(r1, &(0x7f0000001540)="f7", 0x1) 18.865650023s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x10) getrlimit(0x0, 0x0) 18.790608334s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000008900000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fdffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000007500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='ext4_allocate_inode\x00', r2}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.stat\x00', 0x26e1, 0x0) 18.734756293s ago: executing program 1: ptrace(0x10, 0x1) r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000380)={0x0, 0x0}) ptrace$getregs(0x4203, r1, 0x0, 0x0) 3.985324972s ago: executing program 4: r0 = syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0xc0ed0040, &(0x7f0000000000)={[{@prjquota}, {@jqfmt_vfsv0}, {@dioread_lock}]}, 0xfe, 0x470, &(0x7f0000000940)="$eJzs3MtvVFUYAPDvTqel5WER8QGCVtFIfLS0PGThRqOJC40musC4qtNCkIEaWhMhRNEFxrgwJO6NSxP/Ale6MerKxC3uDYkxbEBXY87MvdAOM7WPaac4v19y4Zx773DOd889M+eeM0MAPWsk/ZFFbI2IKxExHBHl5hNGGn/duHah8ve1C5UsarU3/srSy+L6tQuV/J+ob8mWxo5aLc9valHupbcjJqvV6bN5fmzu9Htjs+fOP3Py9OSJ6RPTZyaOHj10cO/AkYnDHYkzxXV994cze3a9/NblVyvHLr/z87epvlvz40UcnTTSuLotPd7pwrps27x0Vu5iRViW1G79+XYlhqMvhm4eG46XPulq5YA1VavVaq0+n3MXa8D/WBbdrgHQHcUHfXr+LbZ1GnpsCH8+35jwSHHfyLfGkXKU8nP6m55vO2kwIo5d/OertMUazUMAAMz3fRr/PN1q/FeK++add1e+hrI9Iu6OiB0RcU9E7IyIeyPq594fEQ8ss/zmFZLbxz+lqysKbInS+O+5fG1r4fivGP3F9r48t60ef392/GR1+kB+TfZH/6aUH1/wkoV+ePG3L5r3fZ5Ps4/MG/+lLZVfjAXzelwtN03QTU3OTXYk+BT/xxG7y63iz26uA2YRsSsidq+wjJNPfrOn3bH/jn8RHVhnqn0d8USj/S9GU/yFrO365PizRyYOjw1GdfrAWHFX3O6XXy+93q78VcXfAan9N7e8/xvxp2fEbDBi9tz5U/X12tnll3Hp908rWZtjO1d4/w9kb9bTA/m+Dybn5s6ORwxkr6Ts0IL9E7deW+SL81P8+/e17v87Go9n9SvxYESkm3hvRDwUEQ/nbfdIRDwaEfsWif+nFx57t92x9u2/yKx8B6X4pxZp//SWl1K32n/5ib5TP37Xrvzaktr/UD21P9+zlPe/pVZwNdcOAAAA7hSl+nfgs9LozXSpNDra+A7/zthcqs7Mzj11fOb9M1ON78pvj/5SMdM1PG8+dDyfGy7yE035g/m88Zd9Q/X8aGWmOtXt4KHHbWnT/5M/+rpdO2DN+b0W9C79H3qX/g+9S/+H3qX/Q48aaL37o/WuB9AVy//8H1yTegDrz/gfepf+D71L/4ee1Pa38aVV/eT/Tk2UN0Y1WiaGNkY1ikSUNkQ1Opd47bNGl9go9SkS5SX/ZxYrTGxqeajb70wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACd8W8AAAD//z8/5no=") r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000240)={{{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @in=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@empty, 0x0, 0x2b}, 0x0, @in=@multicast2, 0x0, 0x0, 0x0, 0x72}}, 0xe8) r2 = socket$key(0xf, 0x3, 0x2) socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="0207000702"], 0x10}}, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) r3 = syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000000)='./file1\x00', 0x200040, &(0x7f0000000540)=ANY=[@ANYBLOB="6e66733d6e6f7374616c655f726f2c6e6f646f74732c6e6f636173652c636f6465706167653d3835302c6e6f646f74732c646f74732c6e6f646f74732c646f74732c73686f77657865632c6e6f646f74732c646f74732c756d61736b3d30000000003030303030303030303030303030303030322c646f74732c6e6f646f74732c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030322c6e6f636173652c646f74732c6e6f646f74732c6e6f646f74732c6e6f646f74732c7379735f696d6d787461626c652c6e6f646f74732c646f74732c636865636b3d726557617865642c7375626a5f726f6c653d646f733178466c6f7070792c7365636c6162656c2c6673757569643d3433e667356564382d333466302d373532342d306531302d62653662303061312c00"/324], 0x1, 0x1c2, &(0x7f0000000200)="$eJzs3bFqU1EYB/D/jbWJgthNEIcLLk5BfYKKVBADopJBJ4XWpREhWaKL9S18QB9AOnWRiL2xsSXVGsm9Nv5+Sz7yP8l3vuVkyrkvb7zZ3X47ev352qd0OkVam9nMQZGNtPLDXgCAVXIwmeTLpNL0XgCAepzh9/9rzVsCAJbs2fMXj+71eltPy7KT7O+N++N+9VrlDx72tm6XhzZmn9ofj/sXjvI7VV4ezy/m8jS/Ozdfz62bh/nH79n9x70TeTvbyx8fAAAAAAAAAAAAAAAAAAAAAAAa0S2PzL3fp9s9La+qn+4HOnF/z1qur9U2BgAAAAAAAAAAAAAAAAAAAJxro3fvd18NBjvDWdFOcvydxYrJ1VNbzCvKJH/f9E+LVurrdd6K4t/YxgJFWUuvJ1d+tyaLffN6kl+vuZRkyQPOzoh2Y6cTAAAAAAAAAAAAAAAAAAD8X6b/9S2Go6Z3AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNqZ7/P9gZLlJ8SHKGxdNWRcOjAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsMK+BQAA//8lqitL") syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a4243c, &(0x7f0000000880)=ANY=[@ANYBLOB="1c7c6723b96bb110ba7f0a8a63090c63caf7d87e0fba3f4f97e492", @ANYBLOB="c32ab801000000007a00000055bc60af00", @ANYRESOCT=0x0, @ANYRES16, @ANYRES8=r3, @ANYRES32, @ANYRESOCT, @ANYRESDEC=r3, @ANYBLOB="e0ae70e73e3a1376d0bf8027d10ff786ffb9de22995f6b306b7b57085f545bac91ff73276d7854139ab64ebf05e2149dd04edfc4b31d76601e006cd811c2a11d33eb6f48bb33a6d941d017af4872678e75f41a5661e17b85a71a0cf775892807d7d6a3237d8f50293b4f5a067dd515a17463081556a31bc394e4098d05a811e111283b3144f68d8db8a30590196aa090e929058e652f442508cbc058f9d61884fe1b9ab1b0d47b9fce2fa6332f409579445cee2d68e5c95f7947b46a0f91100922779d44eb4842a3afd9e8aac62c000000006d944b6fd1bf33c1cb94224c47443a9749ea4b94fbfa857a9cd40f7b77d32b123f23223603547341c01a0ad6ee4cc1e8114b52f33b310a6d0ec74012ffb92fc8c28dc2c4fdbd5a1df00d6afda8db139a764952b65d2aa3a152a0f17047319f30b9e5a141d33cda6d578f325097815cbea4c811099c83f2dc824d9e7a87bce077", @ANYRES64], 0x3, 0x0, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) pwritev2(r0, 0x0, 0x0, 0x1000, 0x21f6, 0x0) 3.530945902s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="a0000000210001000000000000000000e0000002000000000000000000000000fe8000000000000000000000000000aa00"/64, @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="0000000000000000500011"], 0xa0}}, 0x0) 3.450387924s ago: executing program 2: r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000200)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0], 0x0, 0x64, &(0x7f0000000380)=[{}], 0x8, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0xf7, 0x8, 0x8, &(0x7f0000000440)}}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000005000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, 0x0, r0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, r1, 0x0, 0x49, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='sys_enter\x00', r2}, 0x10) syz_open_dev$hiddev(&(0x7f00000005c0), 0x1, 0x1) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r3}, 0x10) socket$nl_route(0x10, 0x3, 0x0) dup(0xffffffffffffffff) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_RATE_ENABLE={0x8, 0x5, 0xffffffff}, @TCA_FQ_FLOW_REFILL_DELAY={0x8}]}}]}, 0x40}}, 0x0) 3.433834197s ago: executing program 4: syz_mount_image$vfat(&(0x7f0000000180), &(0x7f00000003c0)='./file1\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="616c6c6f775f7574696d653d30303030303030303030303030303030303030303030312c73686f72746e616d653d77696e39352c73686f72746e616d653d77696e6e742c696f636861727365743d64656661756c742c756e695f786c6174653d302c6e6f6e756d7461696c3d302c757466383d302c666c7573682c726f6469722c726f6469722c73686f72746e616d653d77696e6e742c73686f72746e616d653d6c6f7765722c636865636b3d7374726963742c756e695f786c6174653d302c757466383d302c73686f72746e616d653d6d697865642c756e695f786c6174653d312c73686f72746e616d653d77696e6e742c001762a07a915c8f6c3378b924fc250bdae45cd22bb33f29d72cf1c8410df88b83b9710b49374a748455718cc4af5f3ced0100000000000080c3a89f41b650b9ebd4886ae65bf02b7c8ea4e76ef2cc241ac9f89f2753df98db0ba9558c753363f296424ec60e703fac2db7e9f31283852e115cf6acb8d77b3e5d68"], 0x97, 0x2a9, &(0x7f0000000500)="$eJzs3T9ra2UYAPDnpGkSdEgEJxE8oINTabu6pEgLxUxKBnXQYluQJggtFPyDsZOri6OriyC4+SVc/AaCq+BmwcKRk5xjkt40N+m9ae+f32/p2/c8z3ue9/QtpcN58vGr/ZPDNI4vvvojGo0kKu1ox2USrahE6ZuY0v4uAICn2WWWxd/ZyDJ5SUQ0VlcWALBCS//9/2XlJQEAK/be+x+8s9Pp7L6bpo3Y63973s3/s8+/jq7vHMen0Yuj2IxmXEVk/xuN97IsG1TTXCve6A/Ou3lm/6PfivV3/ooY5m9FM1rDqen8/c7uVjoykT/I63ihuH87z9+OZrw84/77nd3tGfnRrcWbr0/UvxHN+P2T+Cx6cTgsYpQflYivt9L07ez7f778MC8vz08G5936MG4sW7vjHw0AAAAAAAAAAAAAAAAAAAAAAM+wjaJ3Tj2G/XvyqaL/ztpV/s16pKXWdH+eUX5SLnStP9Agix/K/jybaZpmReA4vxqvVKN6P7sGAAAAAAAAAAAAAAAAAACAJ8vZ51+cHPR6R6ePZVB2Ayhf67/tOu2JmddifnB9fK9KMZyzcqyVMUnE3DLyTSxc879F24PbPbqXbqr5p58XXufHh++9GKwvEPOIg/J0nRwks59hPcqZRnlIfp2MqcWC96rddClb6vjVZl5qLr332ovDwWBOTCTzCnvrz9GTK2aS67uoDZ/qzPT1YjCRPh3TWPw8578pD0h06wAAAAAAAAAAAAAAAAAAgJUav/Q74+LF3NRKVl9ZWQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwp8af/7/EYFAkLxBci9Oze94iAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz4H/AgAA///uD2MO") r0 = open(&(0x7f0000000100)='./bus\x00', 0x143142, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x1714, 0x0, 0x0, 0x0, 0x0, "ef359f413bb93852f7d6d1ce5d29c3ee5e5ca9000f7c41499dc2aac63a4b78c660e677df701908b9aaa3f6a00400", "036c47c6780820d1cbf7896de1fdcf335263bdbcef549ba197fce47ddfdd753abd9501ce721b6ae9b49600002a00", "43610000181c208220000000b9000201000000000000f001fffffff2ff00"}) write$P9_RCLUNK(r0, &(0x7f0000000180)={0x7}, 0x7) 3.416529569s ago: executing program 2: r0 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000004c0)=ANY=[@ANYBLOB="12010000000000202505a8a440000102030109021b00010100000009040000010701010009050102"], 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000b40)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b00)={0x20, 0x0, 0x1}}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r1, &(0x7f0000000140)="83", 0x1) 3.213223041s ago: executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000005000000850000006d00000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='scsi_dispatch_cmd_start\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_pid(r1, &(0x7f0000000980), 0x12) 3.15816012s ago: executing program 0: bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c710016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa73d897e3896d863081b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbd744e517e65ddab19e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f200004304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188541c300f5c1bf56705ba12d198e897186b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710f7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47cbb0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9ea410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be0a33c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06a6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c6062368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c5bed4b0d73dffb17a88aaad5921aee7dae6a2f3009d9cb434898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a64d903b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e7ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00000000000000000000000000006a728258ca3d846a000e80d5f43109a48ddc54cec5d7f78c80e010ed02ffc0846577cafcd9e0ad83149bfb08ba7b5b431311041deb5e5d65610ad6e8d6ed55e900071b4d37d9fadb17a0407e7251866b63faccfe936980f59ceaa9d6b6863024b482023799a4f30a225b560f320e89ed44130e78f8cf000ac3c743b08d4256f282fc36162ac4b59527a3b67560313914ff6ac4ac43cd0e79d6372da631de3fde6c29de3b43d3046df23019ecadd57f175a2443928b1bcb9be16f54936796c3b928dc07c70771622cef2fafeb239a3ca4"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x4, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0xe, 0xfffffc49, &(0x7f0000000400)="e4e647c9e0b8e9a2f2ab3026da58", 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.150624081s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='ext4_es_find_extent_range_exit\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000100), 0x1001) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) 3.070385443s ago: executing program 4: setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000080000085000000d0000000a50000009700000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r1 = dup2(r0, r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) removexattr(0x0, 0x0) 750.672033ms ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="a0000000210001000000000000000000e0000002000000000000000000000000fe8000000000000000000000000000aa00"/64, @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="0000000000000000500011"], 0xa0}}, 0x0) 714.485329ms ago: executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000075981400000000003b810000850000007d000000760000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10) r1 = epoll_create1(0x0) r2 = epoll_create1(0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f000086fff4)) r5 = getpid() r6 = getpid() kcmp$KCMP_EPOLL_TFD(r5, r6, 0x7, r1, &(0x7f00000000c0)={r4, r3}) 679.301544ms ago: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000040)={0x1, 0x0, [{0x80000008, 0x0, 0x0, 0x800}]}) 507.812331ms ago: executing program 0: unshare(0x400) r0 = open(&(0x7f0000000000)='./file0\x00', 0x66043, 0x0) finit_module(r0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f0000000240)=ANY=[], 0xfd, 0x11ff, &(0x7f0000003300)="$eJzs3E+LHEUYB+A348bdbNw/aowmBy3w4qnJ7sGTIItsQHZAiVkhEYSO26vDtjPD9LAwIkZPXv0cnr0JfoO9+Bm87cVjDmJLurMmEyeRHLIDyfMcpl+q6kd1wTDQQ1Ufv/fT1wf7Vbafj6Nz5kx0hhHpTooUnTjx5k57vXFzZ6vb3b6W0tWt6xvvppRW3/rts28XI+L8p7+s/roYR+ufH/+5+cfRxaNLx39f/6pXpV6V+oNxytOtwWCc3yqLtNerDrKUPi6LvCpSr18Vo6n+/XIwHE5S3t9bWR6OiqpKeX+SDopJGg/SeDRJ+Zd5r5+yLEsry8Ejnf3/Ibs/36nrOqKuz8aLUdd1fS6W43y8FCuxGt9HxMvxSrwaF+K1uBivxxtxqRl1GrcPAAAAAAAAAAAAAAAAAAAAz4/Hnf9fi3Xn/wEAAAAAAAAAAAAAAAAAAOAUfHLj5s5Wt7t9LaWliPLHw93D3fba9m/tRy/KKOJKrMVf0Zz+b7X11Q+721dSYz1+KG/fy98+3H2hzd/9uJvfaF4ncC+/0PSd5DfafJrOL8byg/NvxlpcmD3/5sz8Urzz9gP5LNbi9y9iEGXsNXPfz3+3kdIHH3Ufyl9uxgEAAMCzIEv/mvn8nmWP6m/zT/D/wEPP1wtxeWG+ayeimnxzkHfKYtQU5Umx9J8WxWOKxemWzlOaqxNzX6niWS3OxXTLvH+ZOA33vwbzvhMAAAAAAAAAAACexFPeV7gQM3aWvT+fpQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/sAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAAAD///7lyMc=") r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) lseek(r1, 0x7fd, 0x1) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000040)={@my=0x1}) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, &(0x7f0000000140)={0xffffffff, 0x7, 0xe8, 0x2f}, 0x10) r3 = socket$vsock_stream(0x28, 0x1, 0x0) fcntl$setstatus(r3, 0x4, 0x2800) connect$vsock_stream(r3, &(0x7f0000000200)={0x28, 0x0, 0x2711, @my=0x1}, 0xe) connect$vsock_stream(r3, &(0x7f00000003c0)={0x28, 0x0, 0x0, @my=0x1}, 0x10) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file2\x00', 0x14552, &(0x7f0000000240)=ANY=[], 0x1, 0x11f3, &(0x7f0000000980)="$eJzs3E+LW1UYB+C3cWrHqfNHrdV2oQfduLo0s3AlSJApyASU2gitINw6NxpyTUJuGIiI1ZVbP4e4dCeIX2A2fgZ3s3HZhXiFpLVNTdUuOpH6PJv7kvf8cu8hEDjhnBy/8c2n/W6VdfNJNE6disYoIt1KkaIRd7y0P79eu77farf3rqR0uXW1+XpKaevlHz/4/LtXfpqcff/7rR/OxNHOh8e/7v5ydP7owvHvVz/pValXpcFwkvJ0Yzic5DfKIh30qn6W0rtlkVdF6g2qYrzQ75bD0Wia8sHB5sZoXFRVygfT1C+maTJMk/E05R/nvUHKsixtbgQPdPqfh3S+vVXXdURdn44no67r+qnYiLPxdGzGVnwZEc/Es/FcnIvn43y8EC/Ghdmok3h8AAAAAAAAAAAAAAAAAAAA+P/4u/P/27Hj/D8AAAAAAAAAAAAAAAAAAACcgPeuXd9vtdt7V1Jajyi/PuwcdubXeb/VjV6UUcSl2I7fYnb6f25eX367vXcpzezEV+XN2/mbh50nFvPN2d8J3M6vzXp38s15Pi3mz8TGvfnd2I5zy++/uzS/Hq+9ek8+i+34+aMYRhkHs3vfzX/RTOmtd9r35S/OxgEAAMDjIEt/Wrp+z7IH9ef5h/h94L719VpcXFvt3Imopp/187IsxovF+l9eUfz7ovGI3rkR/5EJKh7/YtXfTJyEux/6qp8EAAAAAAAAAACAh/GIdxGuxZKdZW+uZqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgqAAD//99CzUo=") munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r4, &(0x7f0000000040)=""/104, 0x4d) getdents(r4, &(0x7f0000001fc0)=""/184, 0xb8) getdents64(r1, 0x0, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f000000c380)='/proc/keys\x00', 0x0, 0x0) read$FUSE(r5, &(0x7f00000001c0)={0x2020}, 0x2020) 372.299192ms ago: executing program 2: r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, &(0x7f0000000600), 0x4) getsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, 0x0, &(0x7f0000002180)) 339.053737ms ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x6, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000008c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000140)='mm_page_alloc\x00', r1}, 0x10) readv(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000280)=""/144, 0x28}], 0x300) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$FS_IOC_GETFSLABEL(r2, 0x800452d2, &(0x7f0000000100)) 251.616811ms ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 35.089914ms ago: executing program 0: r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) r2 = eventfd(0x800a6) write$eventfd(r2, &(0x7f0000000000)=0xfffffffffffffffb, 0x8) r3 = dup(r2) read$eventfd(r3, &(0x7f0000000280), 0x8) 0s ago: executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000005000000850000006d00000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='scsi_dispatch_cmd_start\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_pid(r1, &(0x7f0000000980), 0x12) kernel console output (not intermixed with test programs): slave_0) entered disabled state [ 75.734338][ T41] usbhid 3-1:0.0: can't add hid device: -71 [ 75.752332][ T41] usbhid: probe of 3-1:0.0 failed with error -71 [ 75.752514][ T822] device veth1_macvtap left promiscuous mode [ 75.766181][ T41] usb 3-1: USB disconnect, device number 4 [ 75.766721][ T822] device veth0_vlan left promiscuous mode [ 75.814633][ T1720] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 76.163581][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 76.172367][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 76.183204][ T1684] device veth0_vlan entered promiscuous mode [ 76.198267][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 76.210063][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 76.245460][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 76.253940][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.277949][ T1684] device veth1_macvtap entered promiscuous mode [ 76.326237][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 76.336756][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.348265][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.350592][ T1729] loop2: detected capacity change from 0 to 256 [ 76.374690][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 76.391333][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 76.655520][ T1744] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=1744 comm=syz-executor.3 [ 76.782287][ T1749] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 76.802860][ T1751] loop3: detected capacity change from 0 to 128 [ 76.846590][ T1751] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 76.862018][ T1751] ext4 filesystem being mounted at /root/syzkaller-testdir3581307062/syzkaller.FXDsHv/120/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 76.928590][ T1757] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 77.069091][ T28] audit: type=1400 audit(1717599423.580:790): avc: denied { shutdown } for pid=1761 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 77.098623][ T315] EXT4-fs (loop3): unmounting filesystem. [ 77.116423][ T1762] capability: warning: `syz-executor.1' uses deprecated v2 capabilities in a way that may be insecure [ 77.147466][ T28] audit: type=1400 audit(1717599423.660:791): avc: denied { read } for pid=1761 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 77.232628][ T1771] loop3: detected capacity change from 0 to 256 [ 77.249412][ T1771] exfat: Deprecated parameter 'namecase' [ 77.278454][ T1771] exFAT-fs (loop3): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 77.358213][ T28] audit: type=1400 audit(1717599423.870:792): avc: denied { read append open } for pid=1770 comm="syz-executor.3" path="/root/syzkaller-testdir3581307062/syzkaller.FXDsHv/122/file0/cpuacct.usage_sys" dev="loop3" ino=1048711 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 77.425754][ T1778] mmap: syz-executor.1 (1778) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 77.446859][ T28] audit: type=1400 audit(1717599423.900:793): avc: denied { map } for pid=1770 comm="syz-executor.3" path="/root/syzkaller-testdir3581307062/syzkaller.FXDsHv/122/file0/cpuacct.usage_sys" dev="loop3" ino=1048711 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 77.457426][ T1778] binder_alloc: binder_alloc_mmap_handler: 1776 20ffc000-20ffd000 already mapped failed -16 [ 78.271994][ T1812] loop3: detected capacity change from 0 to 256 [ 78.729455][ T1831] loop2: detected capacity change from 0 to 512 [ 78.756959][ T1831] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 78.799595][ T1831] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 78.827939][ T1831] EXT4-fs (loop2): 1 truncate cleaned up [ 78.838111][ T1831] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 78.889626][ T317] EXT4-fs (loop2): unmounting filesystem. [ 79.777805][ T6] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 80.154383][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 80.175594][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 80.206703][ T6] usb 2-1: New USB device found, idVendor=056a, idProduct=00e2, bcdDevice= 0.00 [ 80.232337][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.263670][ T6] usb 2-1: config 0 descriptor?? [ 80.279259][ T1883] loop2: detected capacity change from 0 to 256 [ 80.299016][ T1883] exfat: Deprecated parameter 'namecase' [ 80.324454][ T1883] exFAT-fs (loop2): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 80.530588][ T28] kauditd_printk_skb: 8 callbacks suppressed [ 80.530620][ T28] audit: type=1400 audit(1717599427.040:802): avc: denied { remove_name } for pid=1891 comm="syz-executor.0" name="file0" dev="incremental-fs" ino=1967 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 80.599374][ T28] audit: type=1400 audit(1717599427.040:803): avc: denied { rename } for pid=1891 comm="syz-executor.0" name="file0" dev="incremental-fs" ino=1967 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 80.634397][ T28] audit: type=1400 audit(1717599427.040:804): avc: denied { rmdir } for pid=1891 comm="syz-executor.0" name=131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D338 dev="incremental-fs" ino=1970 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 81.603304][ T6] wacom 0003:056A:00E2.0004: unknown main item tag 0x0 [ 81.669454][ T1903] device wireguard0 entered promiscuous mode [ 81.730422][ T6] wacom 0003:056A:00E2.0004: hidraw0: USB HID v0.00 Device [HID 056a:00e2] on usb-dummy_hcd.1-1/input0 [ 81.759390][ T6] usb 2-1: USB disconnect, device number 4 [ 81.874962][ T1914] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 82.185052][ T1939] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.4'. [ 82.296103][ T1953] loop4: detected capacity change from 0 to 512 [ 82.339119][ T1953] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 82.391340][ T1953] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 82.419064][ T1953] EXT4-fs (loop4): 1 truncate cleaned up [ 82.425868][ T1953] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 82.517466][ T1966] overlayfs: failed to create directory ./file0\/work (errno: 126); mounting read-only [ 82.558003][ T1966] overlayfs: failed to resolve './file1': -2 [ 82.568058][ T314] EXT4-fs (loop4): unmounting filesystem. [ 82.576570][ T1971] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 82.639999][ T1971] overlayfs: failed to create directory ./file0/work (errno: 126); mounting read-only [ 82.641513][ T1976] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.4'. [ 82.880451][ T28] audit: type=1326 audit(1717599429.020:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1986 comm="syz-executor.2" exe="/root/syz-executor.2" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4b0947cf69 code=0x0 [ 84.305927][ T2014] overlayfs: failed to create directory ./file0\/work (errno: 126); mounting read-only [ 84.336976][ T2014] overlayfs: failed to resolve './file1': -2 [ 84.350096][ T2023] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 84.350788][ T2021] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.1'. [ 84.394792][ T28] audit: type=1326 audit(1717599430.530:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2012 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4b0947cf69 code=0x0 [ 84.429492][ T2023] overlayfs: failed to create directory ./file0/work (errno: 126); mounting read-only [ 85.780269][ T2059] overlayfs: failed to create directory ./file0\/work (errno: 126); mounting read-only [ 85.790196][ T2059] overlayfs: failed to resolve './file1': -2 [ 85.800833][ T2059] overlayfs: failed to create directory ./file0/work (errno: 126); mounting read-only [ 85.887637][ T2065] device wireguard0 entered promiscuous mode [ 87.229336][ T2100] tipc: Enabling of bearer rejected, failed to enable media [ 87.354188][ T28] audit: type=1326 audit(1717599433.490:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2102 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc2db27cf69 code=0x0 [ 88.376871][ T2124] SELinux: security_context_str_to_sid (root::) failed with errno=-22 [ 88.462804][ T2113] device wireguard0 entered promiscuous mode [ 88.794941][ T2160] tipc: Enabling of bearer rejected, failed to enable media [ 88.886964][ T28] audit: type=1400 audit(1717599435.030:808): avc: denied { read write } for pid=2164 comm="syz-executor.4" name="uhid" dev="devtmpfs" ino=175 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 88.890362][ T6] hid-generic 0000:0000:0000.0005: item fetching failed at offset 0/1 [ 89.605097][ T6] hid-generic: probe of 0000:0000:0000.0005 failed with error -22 [ 89.617227][ T28] audit: type=1400 audit(1717599435.030:809): avc: denied { open } for pid=2164 comm="syz-executor.4" path="/dev/uhid" dev="devtmpfs" ino=175 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 89.856931][ T2175] serio: Serial port ptm0 [ 90.055765][ T2188] loop0: detected capacity change from 0 to 256 [ 90.080877][ T2188] exfat: Bad value for 'allow_utime' [ 90.190229][ T2188] kvm [2187]: vcpu0, guest rIP: 0xfff0 unimplemented MMIO_CONF_BASE wrmsr: 0x30303030303d6b73 [ 90.232239][ T2196] loop4: detected capacity change from 0 to 512 [ 90.289007][ T2196] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 90.338109][ T2196] ext4 filesystem being mounted at /root/syzkaller-testdir878117838/syzkaller.qoJIan/149/file0 supports timestamps until 2038 (0x7fffffff) [ 90.360969][ T2201] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'. [ 90.480341][ T2196] EXT4-fs error (device loop4): ext4_do_update_inode:5212: inode #2: comm syz-executor.4: corrupted inode contents [ 90.516826][ T2196] EXT4-fs error (device loop4): ext4_dirty_inode:6074: inode #2: comm syz-executor.4: mark_inode_dirty error [ 90.580207][ T2196] EXT4-fs error (device loop4): ext4_do_update_inode:5212: inode #2: comm syz-executor.4: corrupted inode contents [ 90.592606][ T2196] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #2: comm syz-executor.4: mark_inode_dirty error [ 90.624433][ T28] audit: type=1400 audit(1717599436.760:810): avc: denied { mounton } for pid=2195 comm="syz-executor.4" path="/root/syzkaller-testdir878117838/syzkaller.qoJIan/149/file0/bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 91.397523][ T28] audit: type=1400 audit(1717599437.520:811): avc: denied { create } for pid=2195 comm="syz-executor.4" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 91.425736][ T314] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 3: comm syz-executor.4: path /root/syzkaller-testdir878117838/syzkaller.qoJIan/149/file0: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 91.513506][ T314] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 12: comm syz-executor.4: path /root/syzkaller-testdir878117838/syzkaller.qoJIan/149/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 91.593999][ T314] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 13: comm syz-executor.4: path /root/syzkaller-testdir878117838/syzkaller.qoJIan/149/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 91.655478][ T314] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 14: comm syz-executor.4: path /root/syzkaller-testdir878117838/syzkaller.qoJIan/149/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 91.710627][ T314] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 15: comm syz-executor.4: path /root/syzkaller-testdir878117838/syzkaller.qoJIan/149/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 91.762240][ T314] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 16: comm syz-executor.4: path /root/syzkaller-testdir878117838/syzkaller.qoJIan/149/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 91.809932][ T2190] loop3: detected capacity change from 0 to 40427 [ 91.834318][ T2190] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 91.842235][ T2190] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 92.024693][ T2190] F2FS-fs (loop3): Found nat_bits in checkpoint [ 92.409461][ T2229] loop2: detected capacity change from 0 to 512 [ 92.471800][ T2229] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 92.589132][ T2229] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #3: comm syz-executor.2: pblk 24 bad header/extent: invalid extent entries - magic f30a, entries 3, max 4(4), depth 0(0) [ 92.644090][ T2190] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 92.651537][ T2229] EXT4-fs error (device loop2): ext4_quota_enable:6946: comm syz-executor.2: Bad quota inode: 3, type: 0 [ 92.669120][ T2229] EXT4-fs warning (device loop2): ext4_enable_quotas:6987: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 92.674844][ T2190] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 92.746646][ T2229] EXT4-fs (loop2): mount failed [ 92.910150][ T2234] loop0: detected capacity change from 0 to 256 [ 92.937602][ T2234] exfat: Bad value for 'allow_utime' [ 93.025628][ T2234] kvm [2233]: vcpu0, guest rIP: 0xfff0 unimplemented MMIO_CONF_BASE wrmsr: 0x30303030303d6b73 [ 93.236192][ T2243] overlayfs: failed to resolve './file0': -2 [ 93.754562][ T28] audit: type=1400 audit(1851817167.268:812): avc: denied { mounton } for pid=2186 comm="syz-executor.3" path="/root/syzkaller-testdir3581307062/syzkaller.FXDsHv/158/bus/bus" dev="loop3" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 93.782020][ T28] audit: type=1400 audit(1851817167.288:813): avc: denied { setattr } for pid=2186 comm="syz-executor.3" name="work" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 93.805026][ T28] audit: type=1400 audit(1851817167.308:814): avc: denied { remove_name } for pid=2186 comm="syz-executor.3" name="#2f" dev="loop3" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 93.827560][ T28] audit: type=1400 audit(1851817167.308:815): avc: denied { rename } for pid=2186 comm="syz-executor.3" name="#2f" dev="loop3" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 93.849861][ T28] audit: type=1400 audit(1851817167.338:816): avc: denied { unlink } for pid=2186 comm="syz-executor.3" name="#2f" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1 [ 93.879849][ T28] audit: type=1400 audit(1851817167.358:817): avc: denied { unlink } for pid=2186 comm="syz-executor.3" name="#30" dev="loop3" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 94.029781][ T2248] loop1: detected capacity change from 0 to 512 [ 94.074290][ T2248] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 94.090644][ T28] audit: type=1400 audit(1851817168.238:818): avc: denied { relabelfrom } for pid=2249 comm="syz-executor.2" name="" dev="pipefs" ino=22045 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 94.141822][ T2248] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 94.196470][ T2248] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor.1: invalid indirect mapped block 2683928664 (level 1) [ 94.248217][ T2248] EXT4-fs (loop1): Remounting filesystem read-only [ 94.266730][ T2248] EXT4-fs (loop1): 1 truncate cleaned up [ 94.286814][ T2248] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 94.315863][ T28] audit: type=1400 audit(1851817168.468:819): avc: denied { mount } for pid=2247 comm="syz-executor.1" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 94.476532][ T28] audit: type=1400 audit(1851817168.628:820): avc: denied { mounton } for pid=2247 comm="syz-executor.1" path="/root/syzkaller-testdir550169471/syzkaller.dSsl86/35/file0/file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 94.588909][ T28] audit: type=1400 audit(1851817168.738:821): avc: denied { unmount } for pid=1684 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 94.589147][ T1684] EXT4-fs error (device loop1): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz-executor.1: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 95.002791][ T1684] EXT4-fs (loop1): Remounting filesystem read-only [ 95.100088][ T1684] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.1: corrupted in-inode xattr [ 95.323850][ T1684] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.1: corrupted in-inode xattr [ 95.700080][ T1684] EXT4-fs (loop1): unmounting filesystem. [ 96.747546][ T2298] 9pnet_fd: Insufficient options for proto=fd [ 96.895931][ T10] device bridge_slave_1 left promiscuous mode [ 96.903197][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.921066][ T10] device bridge_slave_0 left promiscuous mode [ 96.933913][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.956737][ T10] device veth1_macvtap left promiscuous mode [ 96.968292][ T10] device veth0_vlan left promiscuous mode [ 97.144243][ T24] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 97.524220][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 98.065145][ T24] usb 1-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 98.102606][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.415543][ T24] usb 1-1: Product: syz [ 98.419702][ T24] usb 1-1: Manufacturer: syz [ 98.424161][ T24] usb 1-1: SerialNumber: syz [ 98.430111][ T24] usb 1-1: config 0 descriptor?? [ 98.457526][ T6] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 98.537355][ T2309] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.551588][ T2309] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.567842][ T2309] device bridge_slave_0 entered promiscuous mode [ 98.585876][ T2309] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.596219][ T2309] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.625962][ T2309] device bridge_slave_1 entered promiscuous mode [ 98.963147][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 98.973874][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 98.984384][ T6] usb 3-1: New USB device found, idVendor=066b, idProduct=20f9, bcdDevice=ff.94 [ 98.998128][ T6] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.000059][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 99.013873][ T6] usb 3-1: Product: syz [ 99.022553][ T6] usb 3-1: Manufacturer: syz [ 99.022689][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 99.032779][ T6] usb 3-1: SerialNumber: syz [ 99.044646][ T6] usb 3-1: config 0 descriptor?? [ 99.048086][ T2268] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.056426][ T2268] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.064387][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 99.073134][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 99.081680][ T2268] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.088638][ T2268] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.105379][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 99.114307][ T24] (unnamed net_device) (uninitialized): Assigned a random MAC address: de:4c:8a:9e:9e:2b [ 99.149420][ T24] rtl8150 1-1:0.0: eth1: rtl8150 is detected [ 99.170282][ T24] usb 1-1: USB disconnect, device number 4 [ 99.198110][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 99.215402][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 99.223780][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 99.233675][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 99.256135][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 99.265619][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 99.278852][ T2309] device veth0_vlan entered promiscuous mode [ 99.288815][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 99.297767][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 99.314307][ T6] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 99.318759][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 99.332216][ T6] asix: probe of 3-1:0.0 failed with error -71 [ 99.332472][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 99.355340][ T2309] device veth1_macvtap entered promiscuous mode [ 99.356322][ T6] usb 3-1: USB disconnect, device number 5 [ 99.364257][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 99.375899][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 99.385638][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 99.405274][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 99.414617][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 99.423878][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 99.445818][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 99.748359][ T2343] tipc: MTU too low for tipc bearer [ 99.759247][ T2345] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 99.784277][ T2345] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 99.828621][ T2347] syz-executor.0[2347] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 99.828775][ T2347] syz-executor.0[2347] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 99.963204][ T28] kauditd_printk_skb: 1 callbacks suppressed [ 99.963238][ T28] audit: type=1400 audit(1851817174.108:823): avc: denied { create } for pid=2357 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 100.050164][ T28] audit: type=1400 audit(1851817174.158:824): avc: denied { bind } for pid=2357 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 100.100206][ T28] audit: type=1400 audit(1851817174.158:825): avc: denied { read } for pid=2357 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 100.148953][ T28] audit: type=1400 audit(1851817174.218:826): avc: denied { write } for pid=2357 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 100.461230][ T2378] syz-executor.1[2378] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 100.461388][ T2378] syz-executor.1[2378] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 100.525502][ T2382] syz-executor.0[2382] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 100.537919][ T2382] syz-executor.0[2382] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 100.724173][ T2268] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 101.981026][ T2413] syz-executor.1[2413] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 101.981188][ T2413] syz-executor.1[2413] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 101.994317][ T2268] usb 3-1: New USB device found, idVendor=066b, idProduct=20f9, bcdDevice=ff.94 [ 102.014283][ T19] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 102.032179][ T2268] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.040899][ T2268] usb 3-1: Product: syz [ 102.053158][ T2268] usb 3-1: Manufacturer: syz [ 102.062582][ T2268] usb 3-1: SerialNumber: syz [ 102.069545][ T2268] usb 3-1: config 0 descriptor?? [ 102.173660][ T2421] loop3: detected capacity change from 0 to 256 [ 102.344403][ T2268] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 102.365539][ T2268] asix: probe of 3-1:0.0 failed with error -71 [ 102.374264][ T19] usb 1-1: config 0 has no interfaces? [ 102.379864][ T19] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 102.382868][ T2268] usb 3-1: USB disconnect, device number 6 [ 102.398836][ T19] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.422567][ T19] usb 1-1: config 0 descriptor?? [ 102.568149][ T28] audit: type=1400 audit(1851817176.718:827): avc: denied { unmount } for pid=314 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 102.597807][ T28] audit: type=1400 audit(1851817176.738:828): avc: denied { remove_name } for pid=314 comm="syz-executor.4" name="bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 102.621909][ T28] audit: type=1400 audit(1851817176.738:829): avc: denied { unlink } for pid=314 comm="syz-executor.4" name="file0" dev="loop4" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 102.681949][ T6] usb 1-1: USB disconnect, device number 5 [ 102.694521][ T314] EXT4-fs (loop4): unmounting filesystem. [ 102.708470][ T2427] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.716390][ T2427] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.742583][ T2427] device bridge_slave_0 entered promiscuous mode [ 102.764332][ T2427] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.774827][ T2427] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.783304][ T2427] device bridge_slave_1 entered promiscuous mode [ 102.920506][ T2433] loop2: detected capacity change from 0 to 256 [ 103.002759][ T2433] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1768846636 (3537693272 ns) > initial count (1927074542 ns). Using initial count to start timer. [ 103.022815][ T10] device bridge_slave_1 left promiscuous mode [ 103.029345][ T2433] Disabled LAPIC found during irq injection [ 103.035572][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.048741][ T10] device bridge_slave_0 left promiscuous mode [ 103.056455][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.067272][ T10] device veth1_macvtap left promiscuous mode [ 103.073812][ T10] device veth0_vlan left promiscuous mode [ 103.266107][ T28] audit: type=1400 audit(1851817177.418:830): avc: denied { map } for pid=2440 comm="syz-executor.0" path="socket:[23472]" dev="sockfs" ino=23472 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 103.298143][ T28] audit: type=1400 audit(1851817177.418:831): avc: denied { read } for pid=2440 comm="syz-executor.0" path="socket:[23472]" dev="sockfs" ino=23472 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 103.399240][ T2447] syz-executor.3[2447] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 103.399414][ T2447] syz-executor.3[2447] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 103.634223][ T339] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 103.780046][ T2427] device veth0_vlan entered promiscuous mode [ 103.809609][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 103.827651][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 103.856626][ T2461] loop3: detected capacity change from 0 to 2048 [ 103.869057][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 103.878486][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 103.887218][ T19] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.888471][ T2461] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 103.894338][ T19] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.894615][ T339] usb 1-1: Using ep0 maxpacket: 16 [ 103.903159][ T2461] ext4 filesystem being mounted at /root/syzkaller-testdir3581307062/syzkaller.FXDsHv/188/file0 supports timestamps until 2038 (0x7fffffff) [ 103.910220][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 103.933728][ T2461] fs-verity: sha256 using implementation "sha256-avx2" [ 103.937826][ T28] audit: type=1400 audit(1851817178.078:832): avc: denied { read } for pid=2460 comm="syz-executor.3" name="file0" dev="loop3" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 103.938856][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 103.949818][ T2461] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor.3: bg 0: block 288: padding at end of block bitmap is not set [ 104.300659][ T2461] fs-verity (loop3, inode 13): ext4_end_enable_verity() failed with err -117 [ 104.673390][ T19] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.680451][ T19] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.688203][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 104.698092][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 104.706604][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 104.718765][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 104.732895][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 104.746318][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 104.755159][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 104.763736][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 104.801217][ T315] EXT4-fs (loop3): unmounting filesystem. [ 104.818474][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 104.826446][ T339] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 104.844272][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 104.853050][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 104.874754][ T2427] device veth1_macvtap entered promiscuous mode [ 104.881941][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 104.890960][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 104.904845][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 104.956968][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 104.966812][ T2480] syz-executor.3[2480] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 104.967060][ T2480] syz-executor.3[2480] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 104.968654][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 105.002114][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 105.010904][ T339] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 105.021798][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 105.032117][ T339] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.041499][ T339] usb 1-1: Product: syz [ 105.045768][ T339] usb 1-1: Manufacturer: syz [ 105.050319][ T339] usb 1-1: SerialNumber: syz [ 105.058312][ T2437] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.066069][ T2437] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.075747][ T2437] device bridge_slave_0 entered promiscuous mode [ 105.105545][ T339] cdc_ether: probe of 1-1:1.0 failed with error -22 [ 105.114404][ T2437] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.123892][ T2437] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.137119][ T2268] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 105.138515][ T2437] device bridge_slave_1 entered promiscuous mode [ 105.315623][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 105.315657][ T28] audit: type=1400 audit(1851817179.468:836): avc: denied { getopt } for pid=2491 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 105.322442][ T320] usb 1-1: USB disconnect, device number 6 [ 105.646875][ T2437] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.654616][ T2437] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.661936][ T2437] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.668905][ T2437] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.682219][ T2268] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 105.694380][ T2268] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 105.704551][ T2268] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 105.714506][ T2268] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.724498][ T2268] usb 3-1: config 0 descriptor?? [ 106.203702][ T10] device bridge_slave_1 left promiscuous mode [ 106.249196][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.493997][ T2486] loop3: detected capacity change from 0 to 40427 [ 106.509020][ T2472] loop2: detected capacity change from 0 to 1024 [ 106.515839][ T10] device bridge_slave_0 left promiscuous mode [ 106.528412][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.538718][ T10] device veth1_macvtap left promiscuous mode [ 106.545484][ T10] device veth0_vlan left promiscuous mode [ 106.555238][ T2486] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 106.576866][ T2486] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 106.610583][ T2486] F2FS-fs (loop3): Found nat_bits in checkpoint [ 106.630539][ T2472] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 106.640275][ T2472] EXT4-fs (loop2): orphan cleanup on readonly fs [ 106.650169][ T2472] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 10: padding at end of block bitmap is not set [ 106.669336][ T2472] Quota error (device loop2): write_blk: dquota write failed [ 106.677103][ T2472] Quota error (device loop2): find_free_dqentry: Can't write quota data block 5 [ 106.687190][ T2472] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 106.697786][ T2472] EXT4-fs error (device loop2): ext4_free_blocks:6197: comm syz-executor.2: Freeing blocks not in datazone - block = 0, count = 4096 [ 106.712235][ T2472] EXT4-fs (loop2): 1 truncate cleaned up [ 106.724755][ T2472] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 106.739787][ T2472] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 106.769118][ T2486] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 106.776385][ T2486] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 107.009134][ T2459] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 107.018694][ T2459] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 107.032139][ T2459] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 107.039955][ T2459] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 107.094588][ T2268] usbhid 3-1:0.0: can't add hid device: -71 [ 107.101015][ T2268] usbhid: probe of 3-1:0.0 failed with error -71 [ 107.203176][ T2268] usb 3-1: USB disconnect, device number 7 [ 107.218162][ T2508] overlayfs: failed to resolve './file0': -2 [ 107.274230][ T28] audit: type=1400 audit(1851817181.318:837): avc: denied { unlink } for pid=2485 comm="syz-executor.3" name="#33" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1 [ 108.335246][ T2472] syz-executor.2 (2472) used greatest stack depth: 19240 bytes left [ 108.370807][ T317] EXT4-fs (loop2): unmounting filesystem. [ 108.444833][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 108.458308][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 108.494867][ T345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 108.503972][ T345] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 108.546548][ T345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 108.555934][ T345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 108.570885][ T2437] device veth0_vlan entered promiscuous mode [ 108.578831][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 108.588797][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 108.615822][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 108.624692][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 108.632922][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 108.642440][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 108.652245][ T2437] device veth1_macvtap entered promiscuous mode [ 108.669408][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 108.678200][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 108.686955][ T2268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 108.704908][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 108.713614][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 112.050873][ T28] audit: type=1400 audit(1851817186.198:838): avc: denied { setattr } for pid=2514 comm="syz-executor.3" name="PPPOL2TP" dev="sockfs" ino=24810 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 112.149295][ T2518] device veth1 entered promiscuous mode [ 114.074109][ C0] sched: RT throttling activated [ 115.450301][ T2515] device veth1 left promiscuous mode [ 115.689712][ T2547] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 115.747343][ T2547] loop0: detected capacity change from 0 to 512 [ 115.778125][ T2547] EXT4-fs error (device loop0): ext4_orphan_get:1396: inode #15: comm syz-executor.0: casefold flag without casefold feature [ 115.794229][ T320] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 115.802831][ T2547] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.0: missing EA_INODE flag [ 115.824463][ T2547] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor.0: error while reading EA inode 12 err=-117 [ 115.841949][ T2547] EXT4-fs (loop0): 1 orphan inode deleted [ 115.852320][ T2547] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 115.923188][ T318] EXT4-fs (loop0): unmounting filesystem. [ 116.029090][ T28] audit: type=1400 audit(1851817190.178:839): avc: denied { mounton } for pid=2577 comm="syz-executor.3" path="/root/syzkaller-testdir3581307062/syzkaller.FXDsHv/201/file0" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 116.060496][ T2578] loop3: detected capacity change from 0 to 1024 [ 116.067301][ T320] usb 5-1: Using ep0 maxpacket: 16 [ 116.075332][ T2578] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 116.086733][ T2578] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (38281!=20869) [ 116.100276][ T2578] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #3: comm syz-executor.3: pblk 82 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 116.120594][ T2578] EXT4-fs (loop3): no journal found [ 116.233037][ T2561] loop1: detected capacity change from 0 to 40427 [ 116.267715][ T2561] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 116.275635][ T2561] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 116.284275][ T320] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 116.299089][ T2561] F2FS-fs (loop1): invalid crc value [ 116.470445][ T2561] F2FS-fs (loop1): Found nat_bits in checkpoint [ 116.470705][ T2589] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'. [ 116.574461][ T320] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 116.583580][ T320] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.616881][ T320] usb 5-1: Product: syz [ 116.621009][ T320] usb 5-1: Manufacturer: syz [ 116.626551][ T320] usb 5-1: SerialNumber: syz [ 116.675174][ T320] cdc_ether: probe of 5-1:1.0 failed with error -22 [ 116.710927][ T2561] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 116.718381][ T2561] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 116.831467][ T28] audit: type=1400 audit(1851817190.978:840): avc: denied { setattr } for pid=2560 comm="syz-executor.1" name="file1" dev="overlay" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 116.884341][ T2459] usb 5-1: USB disconnect, device number 7 [ 116.890307][ T2597] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 116.915622][ T28] audit: type=1400 audit(1851817191.008:841): avc: denied { link } for pid=2560 comm="syz-executor.1" name="#17" dev="loop1" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 116.976751][ T28] audit: type=1400 audit(1851817191.128:842): avc: denied { rmdir } for pid=2427 comm="syz-executor.1" name="work" dev="loop1" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 116.982497][ T2597] loop0: detected capacity change from 0 to 512 [ 117.051493][ T2597] EXT4-fs error (device loop0): ext4_orphan_get:1396: inode #15: comm syz-executor.0: casefold flag without casefold feature [ 117.074257][ T2618] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. [ 117.100339][ T2597] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.0: missing EA_INODE flag [ 117.148278][ T2597] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor.0: error while reading EA inode 12 err=-117 [ 117.186881][ T2597] EXT4-fs (loop0): 1 orphan inode deleted [ 117.192576][ T2597] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 117.323169][ T28] audit: type=1326 audit(1851817191.468:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2623 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4b0947cf69 code=0x0 [ 117.356937][ T318] EXT4-fs (loop0): unmounting filesystem. [ 117.412942][ T2613] loop3: detected capacity change from 0 to 40427 [ 117.434250][ T2613] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 117.448566][ T2613] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 117.503651][ T2613] F2FS-fs (loop3): Found nat_bits in checkpoint [ 117.657402][ T2613] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 117.664821][ T2613] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 118.656294][ T2654] overlayfs: failed to resolve './file0': -2 [ 118.806941][ T2665] syz-executor.0[2665] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 118.807093][ T2665] syz-executor.0[2665] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 118.841898][ T28] audit: type=1400 audit(1851817192.988:844): avc: denied { audit_read } for pid=2666 comm="syz-executor.1" capability=37 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 118.903009][ T2665] loop0: detected capacity change from 0 to 1024 [ 118.925431][ T2665] EXT4-fs: Ignoring removed orlov option [ 118.942162][ T2665] EXT4-fs: Ignoring removed nomblk_io_submit option [ 118.961618][ T2665] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 119.255409][ T318] EXT4-fs (loop0): unmounting filesystem. [ 119.323445][ T2694] syz-executor.0[2694] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 119.334608][ T2694] syz-executor.0[2694] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 119.446459][ T2703] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 119.469160][ T2699] syz-executor.1[2699] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 119.469314][ T2699] syz-executor.1[2699] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 119.613399][ T28] audit: type=1326 audit(1851817193.758:845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2714 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4b0c7cf69 code=0x7ffc0000 [ 119.670122][ T28] audit: type=1326 audit(1851817193.808:846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2714 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4b0c7cf69 code=0x7ffc0000 [ 119.702883][ T28] audit: type=1326 audit(1851817193.818:847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2714 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa4b0c7cf69 code=0x7ffc0000 [ 119.733114][ T28] audit: type=1326 audit(1851817193.818:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2714 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4b0c7cf69 code=0x7ffc0000 [ 119.769941][ T28] audit: type=1326 audit(1851817193.818:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2714 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4b0c7cf69 code=0x7ffc0000 [ 119.801988][ T28] audit: type=1326 audit(1851817193.818:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2714 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa4b0c7cf69 code=0x7ffc0000 [ 119.883753][ T28] audit: type=1326 audit(1851817193.848:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2714 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4b0c7cf69 code=0x7ffc0000 [ 119.913225][ T2710] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.914810][ T28] audit: type=1326 audit(1851817193.848:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2714 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa4b0c7a6e7 code=0x7ffc0000 [ 119.945334][ T2710] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.961627][ T2710] device bridge_slave_0 entered promiscuous mode [ 119.984313][ T2710] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.991985][ T2710] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.002016][ T2710] device bridge_slave_1 entered promiscuous mode [ 120.114790][ T2730] device wireguard0 entered promiscuous mode [ 120.163563][ T2742] syz-executor.4[2742] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 120.163780][ T2742] syz-executor.4[2742] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 120.178776][ T571] device bridge_slave_1 left promiscuous mode [ 120.190610][ T2742] loop4: detected capacity change from 0 to 1024 [ 120.205911][ T2742] EXT4-fs: Ignoring removed orlov option [ 120.206047][ T571] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.211780][ T2742] EXT4-fs: Ignoring removed nomblk_io_submit option [ 120.228396][ T571] device bridge_slave_0 left promiscuous mode [ 120.249684][ T571] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.265308][ T2742] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 120.276341][ T571] device veth1_macvtap left promiscuous mode [ 120.287838][ T571] device veth0_vlan left promiscuous mode [ 120.631733][ T2437] EXT4-fs (loop4): unmounting filesystem. [ 120.661502][ T2734] loop0: detected capacity change from 0 to 40427 [ 120.679809][ T2734] request_module fs- succeeded, but still no fs? [ 120.821004][ T2757] loop4: detected capacity change from 0 to 256 [ 121.175791][ T2769] syz-executor.3[2769] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 121.175951][ T2769] syz-executor.3[2769] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 121.229351][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 121.339149][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 122.120748][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 122.141206][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 122.156827][ T19] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.164052][ T19] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.196823][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 122.213609][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 122.223264][ T19] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.230268][ T19] bridge0: port 2(bridge_slave_1) entered forwarding state [ 122.231565][ T2751] loop1: detected capacity change from 0 to 40427 [ 122.246933][ T2751] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 122.256459][ T2751] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 122.273090][ T2751] F2FS-fs (loop1): Found nat_bits in checkpoint [ 122.281556][ T2459] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 122.290075][ T2459] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 122.301316][ T2459] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 122.309879][ T2459] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 122.319689][ T2459] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 122.417845][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 122.445468][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 122.489161][ T2751] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 122.501072][ T2710] device veth0_vlan entered promiscuous mode [ 122.509647][ T2751] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 122.518228][ T2787] loop3: detected capacity change from 0 to 512 [ 122.533382][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 122.542268][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 122.551534][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 122.559656][ T2787] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 122.560958][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 122.577773][ T2787] EXT4-fs (loop3): Errors on filesystem, clearing orphan list. [ 122.583025][ T2783] device pim6reg1 entered promiscuous mode [ 122.585666][ T2787] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 122.640998][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 122.641030][ T28] audit: type=1400 audit(1851817196.788:859): avc: denied { remount } for pid=2786 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 122.670701][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 122.680131][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 122.691767][ T2710] device veth1_macvtap entered promiscuous mode [ 122.710901][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 122.719695][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 122.728330][ T2787] EXT4-fs (loop3): re-mounted. Quota mode: writeback. [ 122.735933][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 122.757781][ T345] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 122.767233][ T345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 122.788041][ T315] EXT4-fs (loop3): unmounting filesystem. [ 123.570004][ T2794] overlayfs: failed to resolve './file0': -2 [ 123.775316][ T2810] loop3: detected capacity change from 0 to 512 [ 123.795623][ T2810] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 123.836806][ T2810] EXT4-fs (loop3): Errors on filesystem, clearing orphan list. [ 123.866620][ T2810] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 123.950371][ T2810] EXT4-fs (loop3): re-mounted. Quota mode: writeback. [ 124.035918][ T315] EXT4-fs (loop3): unmounting filesystem. [ 124.072815][ T2822] device pim6reg1 entered promiscuous mode [ 124.078728][ T2268] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 124.345036][ T2808] loop4: detected capacity change from 0 to 40427 [ 124.352870][ T2808] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 124.366399][ T2808] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 124.394632][ T2808] F2FS-fs (loop4): invalid crc value [ 124.420243][ T2808] F2FS-fs (loop4): Found nat_bits in checkpoint [ 124.440071][ T28] audit: type=1400 audit(1851817198.588:860): avc: denied { read } for pid=2839 comm="syz-executor.1" path="socket:[25695]" dev="sockfs" ino=25695 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 124.465762][ T2268] usb 3-1: New USB device found, idVendor=050d, idProduct=011b, bcdDevice=6f.a4 [ 124.478174][ T2268] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.498420][ T2268] usb 3-1: config 0 descriptor?? [ 124.703539][ T2268] usb 3-1: bad CDC descriptors [ 124.796232][ T2808] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 124.803185][ T2808] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 124.909122][ T2268] usb 3-1: USB disconnect, device number 8 [ 125.952021][ T2854] syz-executor.1[2854] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 125.952179][ T2854] syz-executor.1[2854] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 125.983342][ T2829] loop0: detected capacity change from 0 to 40427 [ 126.005034][ T2829] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 126.012862][ T2829] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 126.135359][ T822] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 126.146888][ T2829] F2FS-fs (loop0): Found nat_bits in checkpoint [ 126.164873][ T822] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 126.189807][ T2867] overlayfs: missing 'lowerdir' [ 126.216992][ T2863] device pim6reg1 entered promiscuous mode [ 126.356782][ T2872] can0: slcan on ptm0. [ 126.378138][ T2829] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 126.404506][ T2829] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 126.444359][ T2871] can0 (unregistered): slcan off ptm0. [ 126.521121][ T28] audit: type=1400 audit(1851817200.668:861): avc: denied { create } for pid=2880 comm="syz-executor.2" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=chr_file permissive=1 [ 126.542478][ T2879] loop3: detected capacity change from 0 to 1024 [ 126.571035][ T28] audit: type=1400 audit(1851817200.678:862): avc: denied { write } for pid=2880 comm="syz-executor.2" name="bus" dev="sda1" ino=1969 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=chr_file permissive=1 [ 126.576605][ T2879] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 126.653149][ T28] audit: type=1400 audit(1851817200.678:863): avc: denied { open } for pid=2880 comm="syz-executor.2" path="/root/syzkaller-testdir2384348752/syzkaller.3CEy3d/6/bus" dev="sda1" ino=1969 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=chr_file permissive=1 [ 128.287931][ T2829] overlayfs: failed to resolve './file0': -2 [ 128.630640][ T315] EXT4-fs (loop3): unmounting filesystem. [ 128.684272][ T6] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 128.889509][ T2909] xt_TCPMSS: Only works on TCP SYN packets [ 129.114312][ T345] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 129.124288][ T6] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 129.136721][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 129.165278][ T6] usb 3-1: SerialNumber: syz [ 129.215091][ T6] cdc_ether 3-1:1.0: skipping garbage [ 129.220376][ T6] usb 3-1: bad CDC descriptors [ 129.374202][ T345] usb 2-1: Using ep0 maxpacket: 16 [ 129.383510][ T2901] loop3: detected capacity change from 0 to 40427 [ 129.403412][ T2926] loop4: detected capacity change from 0 to 512 [ 129.404288][ T2901] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 129.411615][ T2926] ext4: Unknown parameter 'subj_type' [ 129.420244][ T6] usb 3-1: USB disconnect, device number 9 [ 129.429846][ T2901] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 129.441244][ T2901] F2FS-fs (loop3): invalid crc value [ 129.450016][ T2901] F2FS-fs (loop3): Found nat_bits in checkpoint [ 129.584248][ T345] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 129.610540][ T2901] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 129.617861][ T2901] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 129.873670][ T345] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 129.883446][ T345] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.893428][ T345] usb 2-1: Product: syz [ 129.897562][ T345] usb 2-1: Manufacturer: syz [ 129.902142][ T345] usb 2-1: SerialNumber: syz [ 129.948558][ T345] cdc_ether: probe of 2-1:1.0 failed with error -22 [ 130.676162][ T345] usb 2-1: USB disconnect, device number 5 [ 130.714257][ T2948] loop4: detected capacity change from 0 to 1024 [ 130.728845][ T2948] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 130.796907][ T2952] EXT4-fs error (device loop4) in ext4_setattr:5613: Out of memory [ 130.831635][ T2952] EXT4-fs (loop4): Remounting filesystem read-only [ 130.898767][ T10] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 130.918302][ T10] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 130.931668][ T2437] EXT4-fs error (device loop4): ext4_map_blocks:607: inode #2: block 16: comm syz-executor.4: lblock 0 mapped to illegal pblock 16 (length 1) [ 130.978024][ T2437] EXT4-fs (loop4): unmounting filesystem. [ 131.421394][ T2959] device pim6reg1 entered promiscuous mode [ 131.489599][ T28] audit: type=1400 audit(1851817205.638:864): avc: denied { getopt } for pid=2963 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 131.696653][ T10] device bridge_slave_1 left promiscuous mode [ 131.703136][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.713864][ T10] device bridge_slave_0 left promiscuous mode [ 131.721506][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.738497][ T10] device veth1_macvtap left promiscuous mode [ 131.754934][ T10] device veth0_vlan left promiscuous mode [ 131.784321][ T2459] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 132.025053][ T3006] binder: 3005:3006 ioctl c0306201 20000580 returned -14 [ 132.224536][ T2459] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 132.233491][ T2459] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 132.267986][ T2459] usb 1-1: SerialNumber: syz [ 132.325504][ T2459] cdc_ether 1-1:1.0: skipping garbage [ 132.331077][ T2459] usb 1-1: bad CDC descriptors [ 132.415294][ T2979] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.423130][ T2979] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.431911][ T2979] device bridge_slave_0 entered promiscuous mode [ 132.441821][ T3027] device veth0_vlan left promiscuous mode [ 132.469380][ T2979] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.476583][ T2979] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.485768][ T2979] device bridge_slave_1 entered promiscuous mode [ 132.532263][ T24] usb 1-1: USB disconnect, device number 7 [ 132.623989][ T3034] binder: 3033:3034 ioctl c0306201 20000580 returned -14 [ 132.731082][ T28] audit: type=1326 audit(1851817206.878:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3041 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc23e47cf69 code=0x7ffc0000 [ 132.792192][ T28] audit: type=1326 audit(1851817206.878:866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3041 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc23e47cf69 code=0x7ffc0000 [ 132.833611][ T28] audit: type=1326 audit(1851817206.918:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3041 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc23e47cf69 code=0x7ffc0000 [ 132.866858][ T28] audit: type=1326 audit(1851817206.918:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3041 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc23e47cf69 code=0x7ffc0000 [ 132.893328][ T28] audit: type=1326 audit(1851817206.918:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3041 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc23e47cf69 code=0x7ffc0000 [ 132.946408][ T28] audit: type=1326 audit(1851817206.918:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3041 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc23e47cf69 code=0x7ffc0000 [ 132.955480][ T2979] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.973355][ T28] audit: type=1326 audit(1851817206.918:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3041 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc23e47cf69 code=0x7ffc0000 [ 132.978422][ T2979] bridge0: port 2(bridge_slave_1) entered forwarding state [ 132.978651][ T2979] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.978694][ T2979] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.003655][ T28] audit: type=1326 audit(1851817206.918:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3041 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fc23e47a6e7 code=0x7ffc0000 [ 133.050880][ T28] audit: type=1326 audit(1851817206.918:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3041 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc23e4403b9 code=0x7ffc0000 [ 133.134941][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.154981][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.247170][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 133.260503][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 133.287748][ T2459] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 133.297654][ T2459] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 133.318236][ T2459] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.325217][ T2459] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.334270][ T2459] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 133.343654][ T2459] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 133.364684][ T2459] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.372065][ T2459] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.419505][ T2459] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 133.430551][ T2459] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 133.463867][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 133.475129][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 133.498747][ T6] kernel write not supported for file bpf-prog (pid: 6 comm: kworker/0:0) [ 133.556821][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 133.566322][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 133.567589][ T3069] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 133.609322][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 133.618528][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 133.648381][ T2979] device veth0_vlan entered promiscuous mode [ 133.665455][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 133.674043][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 133.717742][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 133.734957][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 133.747170][ T2979] device veth1_macvtap entered promiscuous mode [ 133.787558][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 133.806507][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 133.826985][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 133.865624][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 133.875008][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 133.955974][ T3051] loop2: detected capacity change from 0 to 40427 [ 133.982081][ T3051] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 134.005036][ T3051] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 134.033994][ T3093] bridge0: port 3(syz_tun) entered blocking state [ 134.053225][ T3093] bridge0: port 3(syz_tun) entered disabled state [ 134.062942][ T3051] F2FS-fs (loop2): Found nat_bits in checkpoint [ 134.069141][ T3093] device syz_tun entered promiscuous mode [ 134.080850][ T3093] bridge0: port 3(syz_tun) entered blocking state [ 134.087582][ T3093] bridge0: port 3(syz_tun) entered forwarding state [ 134.124551][ T3101] binder: 3100:3101 ioctl c0306201 20000580 returned -14 [ 134.273442][ T3051] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 134.280969][ T3051] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 134.324182][ T24] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 134.584285][ T345] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 134.598409][ T3004] loop1: detected capacity change from 0 to 131072 [ 134.606735][ T3004] F2FS-fs (loop1): Invalid log sectorsize (67108873) [ 134.613706][ T3004] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 134.644409][ T3004] F2FS-fs (loop1): invalid crc value [ 134.754400][ T24] usb 4-1: device descriptor read/64, error -71 [ 135.320970][ T3120] overlayfs: failed to resolve './file0': -2 [ 135.344533][ T3004] F2FS-fs (loop1): Failed to initialize F2FS segment manager (-4) [ 135.424647][ T345] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 135.544470][ T345] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 135.555336][ T345] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 135.563697][ T345] usb 1-1: SerialNumber: syz [ 135.594383][ T24] usb 4-1: device descriptor read/64, error -71 [ 135.867208][ T24] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 136.154202][ T24] usb 4-1: device descriptor read/64, error -71 [ 136.239254][ T345] cdc_ether 1-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.0-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 136.453429][ T345] usb 1-1: USB disconnect, device number 8 [ 136.475643][ T345] cdc_ether 1-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.0-1, CDC Ethernet Device [ 136.515151][ T10] device bridge_slave_1 left promiscuous mode [ 136.521503][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.538259][ T10] device bridge_slave_0 left promiscuous mode [ 136.545106][ T24] usb 4-1: device descriptor read/64, error -71 [ 136.558701][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.577885][ T10] device veth1_macvtap left promiscuous mode [ 136.666798][ T24] usb usb4-port1: attempt power cycle [ 136.944163][ T3143] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.951150][ T3143] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.976693][ T3143] device bridge_slave_0 entered promiscuous mode [ 137.002691][ T3143] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.030282][ T3143] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.048700][ T3143] device bridge_slave_1 entered promiscuous mode [ 137.094148][ T24] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 137.249790][ T3161] bridge0: port 3(syz_tun) entered blocking state [ 137.264010][ T3161] bridge0: port 3(syz_tun) entered disabled state [ 137.285186][ T3161] device syz_tun entered promiscuous mode [ 137.303234][ T3161] bridge0: port 3(syz_tun) entered blocking state [ 137.309609][ T3161] bridge0: port 3(syz_tun) entered forwarding state [ 137.605548][ T24] usb 4-1: device not accepting address 6, error -71 [ 137.699519][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 137.724868][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 137.746787][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 137.764854][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 137.773221][ T19] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.780342][ T19] bridge0: port 1(bridge_slave_0) entered forwarding state [ 137.802933][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 137.819632][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 137.837151][ T19] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.844129][ T19] bridge0: port 2(bridge_slave_1) entered forwarding state [ 137.885795][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 137.893747][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 137.914943][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 137.939739][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 137.962026][ T3143] device veth0_vlan entered promiscuous mode [ 137.972683][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 137.994616][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 138.003381][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 138.031670][ T345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 138.042487][ T345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 138.057618][ T3143] device veth1_macvtap entered promiscuous mode [ 138.078256][ T345] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 138.086864][ T345] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 138.096040][ T345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 138.116820][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 138.127177][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 138.277397][ T3189] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.2'. [ 138.287042][ T24] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 138.352867][ T3192] netlink: 172 bytes leftover after parsing attributes in process `syz-executor.2'. [ 138.372509][ T28] kauditd_printk_skb: 31 callbacks suppressed [ 138.372549][ T28] audit: type=1400 audit(1851817212.518:905): avc: denied { nlmsg_read } for pid=3191 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 138.451597][ T3194] tun0: tun_chr_ioctl cmd 1074025675 [ 138.461160][ T3196] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.2'. [ 138.463829][ T3194] tun0: persist enabled [ 138.524313][ T24] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 138.561616][ T3194] tun0: tun_chr_ioctl cmd 1074025675 [ 138.567294][ T3194] tun0: persist enabled [ 138.627673][ T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 138.646545][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 138.662314][ T24] usb 4-1: SerialNumber: syz [ 138.800055][ T3145] loop1: detected capacity change from 0 to 131072 [ 138.808815][ T3145] F2FS-fs (loop1): Invalid log sectorsize (67108873) [ 138.815707][ T3145] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 138.825300][ T3145] F2FS-fs (loop1): invalid crc value [ 138.833720][ T3145] F2FS-fs (loop1): Found nat_bits in checkpoint [ 138.844222][ T19] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 138.946396][ T3145] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 138.953537][ T3145] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 139.010678][ T3145] F2FS-fs (loop1): lookup inode (7) has corrupted xattr [ 139.019711][ T3145] F2FS-fs (loop1): list inode (7) has corrupted xattr [ 139.094152][ T19] usb 5-1: Using ep0 maxpacket: 8 [ 139.126425][ T3204] loop0: detected capacity change from 0 to 40427 [ 139.135800][ T3204] F2FS-fs (loop0): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 139.143743][ T3204] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 139.153411][ T3204] F2FS-fs (loop0): invalid crc value [ 139.162480][ T3204] F2FS-fs (loop0): Found nat_bits in checkpoint [ 139.216251][ T19] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 139.293350][ T3204] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 139.301866][ T3204] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 139.314303][ T19] usb 5-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 139.323342][ T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 139.344333][ T19] usb 5-1: SerialNumber: syz [ 139.357571][ T19] usb 5-1: config 0 descriptor?? [ 139.390709][ T24] cdc_ether 4-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.3-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 139.405830][ T19] usb 5-1: Found UVC 0.00 device (05ac:8501) [ 139.413374][ T19] uvcvideo 5-1:0.0: Entity type for entity Output 255 was not initialized! [ 139.436678][ T19] usb 5-1: Failed to create links for entity 255 [ 139.448902][ T19] usb 5-1: Failed to register entities (-22). [ 139.473678][ T318] syz-executor.0: attempt to access beyond end of device [ 139.473678][ T318] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 139.608010][ T345] usb 4-1: USB disconnect, device number 7 [ 139.615390][ T345] cdc_ether 4-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.3-1, CDC Ethernet Device [ 139.635897][ T320] usb 5-1: USB disconnect, device number 8 [ 139.893617][ T3233] loop0: detected capacity change from 0 to 256 [ 139.905583][ T3233] FAT-fs (loop0): error, corrupted directory (invalid entries) [ 140.040772][ T3247] loop0: detected capacity change from 0 to 512 [ 140.048604][ T3247] ext2: Unknown parameter 'subj_user' [ 140.272178][ T28] audit: type=1400 audit(1851817214.418:906): avc: denied { create } for pid=3252 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 140.421764][ T3264] loop0: detected capacity change from 0 to 512 [ 140.507137][ T3264] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 140.677262][ T3264] EXT4-fs (loop0): 1 orphan inode deleted [ 140.682949][ T3264] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 140.693914][ T3264] ext4 filesystem being mounted at /root/syzkaller-testdir2860424016/syzkaller.5gP1VP/246/file1 supports timestamps until 2038 (0x7fffffff) [ 141.082681][ T571] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 141.183256][ T318] EXT4-fs (loop0): unmounting filesystem. [ 141.219463][ T3262] tipc: Failed to remove unknown binding: 66,1,1/0:3167941031/3167941033 [ 141.254413][ T3262] tipc: Failed to remove unknown binding: 66,1,1/0:3167941031/3167941033 [ 141.285643][ T3262] tipc: Failed to remove unknown binding: 66,1,1/0:3167941031/3167941033 [ 141.337560][ T28] audit: type=1326 audit(1851817215.488:907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3282 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa4b0c7cf69 code=0x0 [ 141.382709][ T28] audit: type=1400 audit(1851817215.528:908): avc: denied { call } for pid=3291 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 141.417705][ T28] audit: type=1400 audit(1851817215.528:909): avc: denied { transfer } for pid=3291 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 141.457286][ T3294] loop3: detected capacity change from 0 to 1024 [ 141.467719][ T3294] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 141.477337][ T3294] EXT4-fs (loop3): orphan cleanup on readonly fs [ 141.484312][ T3294] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #3: comm syz-executor.3: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 2, max 0(0), depth 0(0) [ 141.506653][ T3294] EXT4-fs error (device loop3): ext4_quota_enable:6946: comm syz-executor.3: Bad quota inode: 3, type: 0 [ 141.518549][ T3294] EXT4-fs warning (device loop3): ext4_enable_quotas:6987: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 141.533275][ T3294] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 141.540572][ T3294] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 141.554179][ T41] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 141.573007][ T315] EXT4-fs (loop3): unmounting filesystem. [ 141.704512][ T3308] loop2: detected capacity change from 0 to 512 [ 141.711771][ T3308] ext2: Unknown parameter 'subj_user' [ 141.903744][ T3296] loop4: detected capacity change from 0 to 40427 [ 141.912056][ T3296] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 141.919837][ T3296] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 141.934152][ T41] usb 1-1: Using ep0 maxpacket: 8 [ 141.954897][ T3296] F2FS-fs (loop4): Found nat_bits in checkpoint [ 142.117179][ T3316] loop2: detected capacity change from 0 to 512 [ 142.164555][ T41] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 142.323290][ T3316] EXT4-fs (loop2): 1 orphan inode deleted [ 142.329087][ T3316] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 142.340863][ T3316] ext4 filesystem being mounted at /root/syzkaller-testdir387849341/syzkaller.4t4W3m/19/file1 supports timestamps until 2038 (0x7fffffff) [ 142.545183][ T41] usb 1-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 142.595713][ T41] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 142.874445][ T822] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 142.885055][ T41] usb 1-1: SerialNumber: syz [ 142.913159][ T3296] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 142.932557][ T3296] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 142.978142][ T41] usb 1-1: config 0 descriptor?? [ 142.981738][ T3143] EXT4-fs (loop2): unmounting filesystem. [ 143.015569][ T41] usb 1-1: Found UVC 0.00 device (05ac:8501) [ 143.022454][ T41] uvcvideo 1-1:0.0: Entity type for entity Output 255 was not initialized! [ 143.050678][ T41] usb 1-1: Failed to create links for entity 255 [ 143.066264][ T3296] syz-executor.4: attempt to access beyond end of device [ 143.066264][ T3296] loop4: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 143.084985][ T41] usb 1-1: Failed to register entities (-22). [ 143.254866][ T41] usb 1-1: USB disconnect, device number 9 [ 143.393683][ T2979] syz-executor.4: attempt to access beyond end of device [ 143.393683][ T2979] loop4: rw=2051, sector=49152, nr_sectors = 4096 limit=40427 [ 143.414677][ T2979] syz-executor.4: attempt to access beyond end of device [ 143.414677][ T2979] loop4: rw=2051, sector=45096, nr_sectors = 8 limit=40427 [ 143.444414][ T2979] F2FS-fs (loop4): Issue discard(6144, 6144, 512) failed, ret: -5 [ 143.444530][ T2979] F2FS-fs (loop4): Issue discard(5637, 5637, 1) failed, ret: -5 [ 143.875966][ T28] audit: type=1326 audit(1851817218.028:910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3329 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2db27cf69 code=0x50000 [ 143.928071][ T28] audit: type=1326 audit(1851817218.028:911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3329 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2db27cf69 code=0x50000 [ 143.994249][ T3328] tmpfs: Unknown parameter '”' [ 144.014759][ T28] audit: type=1326 audit(1851817218.028:912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3329 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2db27cf69 code=0x50000 [ 144.073396][ T28] audit: type=1326 audit(1851817218.028:913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3329 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2db27cf69 code=0x50000 [ 144.131175][ T28] audit: type=1326 audit(1851817218.028:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3329 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2db27cf69 code=0x50000 [ 144.204169][ T28] audit: type=1326 audit(1851817218.028:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3329 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2db27cf69 code=0x50000 [ 144.267338][ T28] audit: type=1326 audit(1851817218.028:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3329 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2db27cf69 code=0x50000 [ 144.329715][ T3326] loop2: detected capacity change from 0 to 40427 [ 144.344179][ T28] audit: type=1326 audit(1851817218.028:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3329 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2db27cf69 code=0x50000 [ 144.389772][ T28] audit: type=1326 audit(1851817218.028:918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3329 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2db27cf69 code=0x50000 [ 144.417258][ T3326] F2FS-fs (loop2): Found nat_bits in checkpoint [ 144.457845][ T28] audit: type=1326 audit(1851817218.028:919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3329 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2db27cf69 code=0x50000 [ 144.648932][ T3326] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 144.703650][ T3350] f2fs_ckpt-7:2: attempt to access beyond end of device [ 144.703650][ T3350] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 144.748984][ T3370] tmpfs: Unknown parameter '”' [ 144.755642][ T3367] loop4: detected capacity change from 0 to 512 [ 144.773986][ T3367] EXT4-fs (loop4): Test dummy encryption mode enabled [ 144.796998][ T3367] EXT4-fs error (device loop4): __ext4_iget:5046: inode #11: block 1: comm syz-executor.4: invalid block [ 144.812242][ T3367] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz-executor.4: couldn't read orphan inode 11 (err -117) [ 144.832491][ T3367] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 144.850637][ T3367] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 144.985267][ T3367] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 146.036814][ T2979] EXT4-fs (loop4): unmounting filesystem. [ 146.247253][ T3397] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.4'. [ 146.385771][ T3405] syz-executor.2[3405] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 146.385940][ T3405] syz-executor.2[3405] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 146.559040][ T3417] loop4: detected capacity change from 0 to 512 [ 146.592385][ T3417] EXT4-fs (loop4): Test dummy encryption mode enabled [ 146.625067][ T3417] EXT4-fs error (device loop4): __ext4_iget:5046: inode #11: block 1: comm syz-executor.4: invalid block [ 146.643659][ T3417] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz-executor.4: couldn't read orphan inode 11 (err -117) [ 146.661670][ T3417] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 146.766625][ T2979] EXT4-fs (loop4): unmounting filesystem. [ 146.814217][ T41] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 146.837774][ T3427] loop4: detected capacity change from 0 to 512 [ 146.855007][ T3427] ext2: Unknown parameter 'subj_user' [ 147.184303][ T41] usb 4-1: Using ep0 maxpacket: 8 [ 147.248582][ T3444] loop4: detected capacity change from 0 to 512 [ 147.359061][ T41] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 147.382669][ T3444] EXT4-fs (loop4): 1 orphan inode deleted [ 147.388438][ T3444] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 147.399700][ T3444] ext4 filesystem being mounted at /root/syzkaller-testdir3560530188/syzkaller.BwvdX7/29/file1 supports timestamps until 2038 (0x7fffffff) [ 147.626014][ T41] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 147.637198][ T41] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 147.998174][ T41] usb 4-1: SerialNumber: syz [ 148.004338][ T41] usb 4-1: config 0 descriptor?? [ 148.048803][ T41] usb 4-1: Found UVC 0.00 device (05ac:8501) [ 148.056036][ T41] uvcvideo 4-1:0.0: Entity type for entity Output 255 was not initialized! [ 148.064735][ T41] usb 4-1: Failed to create links for entity 255 [ 148.071181][ T41] usb 4-1: Failed to register entities (-22). [ 148.095273][ T2979] EXT4-fs (loop4): unmounting filesystem. [ 150.024944][ T3454] overlayfs: conflicting lowerdir path [ 150.033462][ T28] kauditd_printk_skb: 2584 callbacks suppressed [ 150.033497][ T28] audit: type=1326 audit(1851817224.158:3503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3457 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa4b0c7a6e7 code=0x7ffc0000 [ 150.064313][ T19] usb 4-1: USB disconnect, device number 8 [ 150.071997][ T28] audit: type=1326 audit(1851817224.158:3504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3457 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa4b0c403b9 code=0x7ffc0000 [ 150.128072][ T28] audit: type=1326 audit(1851817224.158:3505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3457 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa4b0c7a6e7 code=0x7ffc0000 [ 150.169688][ T28] audit: type=1326 audit(1851817224.158:3506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3457 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa4b0c403b9 code=0x7ffc0000 [ 150.210191][ T28] audit: type=1326 audit(1851817224.158:3507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3457 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa4b0c7a6e7 code=0x7ffc0000 [ 150.238780][ T28] audit: type=1326 audit(1851817224.158:3508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3457 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa4b0c403b9 code=0x7ffc0000 [ 150.274834][ T28] audit: type=1326 audit(1851817224.158:3509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3457 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa4b0c7a6e7 code=0x7ffc0000 [ 150.310134][ T3472] loop2: detected capacity change from 0 to 256 [ 150.316943][ T28] audit: type=1326 audit(1851817224.158:3510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3457 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa4b0c403b9 code=0x7ffc0000 [ 150.360323][ T3472] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 150.374436][ T28] audit: type=1326 audit(1851817224.158:3511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3457 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa4b0c7a6e7 code=0x7ffc0000 [ 150.404103][ T28] audit: type=1326 audit(1851817224.168:3512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3457 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa4b0c403b9 code=0x7ffc0000 [ 150.611804][ T3490] loop1: detected capacity change from 0 to 256 [ 150.691774][ T3490] FAT-fs (loop1): Directory bread(block 1285) failed [ 150.717797][ T3490] FAT-fs (loop1): Directory bread(block 1285) failed [ 150.725653][ T3495] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 150.731484][ T3490] FAT-fs (loop1): Directory bread(block 1285) failed [ 150.752316][ T3490] FAT-fs (loop1): Directory bread(block 1285) failed [ 150.772250][ T3500] FAT-fs (loop1): Directory bread(block 1285) failed [ 150.813412][ T3500] FAT-fs (loop1): Directory bread(block 1285) failed [ 150.821216][ T3500] FAT-fs (loop1): Directory bread(block 1285) failed [ 150.830166][ T3490] FAT-fs (loop1): Directory bread(block 1285) failed [ 150.837170][ T3490] FAT-fs (loop1): Directory bread(block 1285) failed [ 150.853513][ T3490] FAT-fs (loop1): Directory bread(block 1285) failed [ 150.976198][ T3504] 9pnet_fd: Insufficient options for proto=fd [ 151.119768][ T3510] loop1: detected capacity change from 0 to 256 [ 151.169177][ T3510] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 151.310355][ T3527] loop3: detected capacity change from 0 to 256 [ 151.474403][ T3535] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 151.601533][ T3544] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'. [ 151.815908][ T3554] loop1: detected capacity change from 0 to 256 [ 152.059483][ T3556] loop3: detected capacity change from 0 to 256 [ 152.090986][ T3556] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 152.159279][ T3570] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 152.604214][ T355] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 152.893268][ T3608] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 152.924151][ T24] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 152.964288][ T355] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 153.064288][ T355] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 153.073327][ T355] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 153.103351][ T355] usb 5-1: SerialNumber: syz [ 153.164304][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 153.284333][ T24] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 153.301457][ T24] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 153.319911][ T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 153.342201][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 153.354240][ T24] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 153.366894][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 153.376996][ T24] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 153.394778][ T24] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 153.411588][ T24] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 153.430157][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.443244][ T24] usb 3-1: config 0 descriptor?? [ 153.617404][ T3631] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 153.725738][ T24] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 11 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 153.752835][ T24] usb 3-1: USB disconnect, device number 11 [ 153.768391][ T24] usblp0: removed [ 153.819241][ T19] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 153.827401][ T355] cdc_ether 5-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.4-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 154.021593][ T355] usb 5-1: USB disconnect, device number 9 [ 154.031992][ T355] cdc_ether 5-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.4-1, CDC Ethernet Device [ 154.074204][ T19] usb 2-1: Using ep0 maxpacket: 16 [ 154.354497][ T19] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 154.363546][ T19] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.384737][ T19] usb 2-1: Product: syz [ 154.388998][ T19] usb 2-1: Manufacturer: syz [ 154.393505][ T19] usb 2-1: SerialNumber: syz [ 154.415675][ T19] r8152-cfgselector 2-1: config 0 descriptor?? [ 154.495205][ T3639] incfs: Can't find or create .index dir in ./file0 [ 154.517151][ T3639] incfs: mount failed -14 [ 154.954287][ T19] r8152-cfgselector 2-1: Unknown version 0x0000 [ 154.969008][ T19] r8152-cfgselector 2-1: USB disconnect, device number 6 [ 155.071105][ T3666] incfs: Can't find or create .index dir in ./file0 [ 155.077942][ T3666] incfs: mount failed -14 [ 155.264889][ T3667] overlayfs: failed to resolve './file1': -2 [ 156.259595][ T3685] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'. [ 156.568695][ T3690] fscrypt: Adiantum using implementation "adiantum(xchacha12-simd,aes-aesni,nhpoly1305-generic)" [ 157.386338][ T3701] loop3: detected capacity change from 0 to 2048 [ 157.481397][ T3701] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 157.504310][ T3701] ext4 filesystem being mounted at /root/syzkaller-testdir3581307062/syzkaller.FXDsHv/318/bus supports timestamps until 2038 (0x7fffffff) [ 157.672747][ T3709] overlayfs: failed to resolve './file1': -2 [ 158.251013][ T3712] SELinux: Context Ü is not valid (left unmapped). [ 158.339712][ T315] EXT4-fs (loop3): unmounting filesystem. [ 158.516833][ T3722] Zero length message leads to an empty skb [ 158.539218][ T3722] binder_alloc: binder_alloc_mmap_handler: 3721 20ffc000-20ffd000 already mapped failed -16 [ 158.551679][ T3729] loop4: detected capacity change from 0 to 256 [ 158.575117][ T3729] exfat: Unknown parameter '' [ 158.702712][ T28] kauditd_printk_skb: 59 callbacks suppressed [ 158.702745][ T28] audit: type=1400 audit(1851817232.848:3572): avc: denied { ioctl } for pid=3743 comm="syz-executor.3" path="/root/syzkaller-testdir3581307062/syzkaller.FXDsHv/321/file0/.pending_reads" dev="incremental-fs" ino=2 ioctlcmd=0x6726 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 158.729659][ T3741] loop4: detected capacity change from 0 to 2048 [ 158.806857][ T3741] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 158.825486][ T3741] ext4 filesystem being mounted at /root/syzkaller-testdir3560530188/syzkaller.BwvdX7/63/bus supports timestamps until 2038 (0x7fffffff) [ 158.879743][ T2979] EXT4-fs (loop4): unmounting filesystem. [ 158.959184][ T3758] xt_hashlimit: size too large, truncated to 1048576 [ 159.058595][ T3764] loop4: detected capacity change from 0 to 256 [ 159.105655][ T3764] exfat: Unknown parameter '' [ 159.319895][ T3778] loop4: detected capacity change from 0 to 2048 [ 159.380081][ T3778] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 159.406189][ T3778] ext4 filesystem being mounted at /root/syzkaller-testdir3560530188/syzkaller.BwvdX7/68/bus supports timestamps until 2038 (0x7fffffff) [ 159.489971][ T3787] xt_hashlimit: size too large, truncated to 1048576 [ 159.526169][ T2979] EXT4-fs (loop4): unmounting filesystem. [ 159.699363][ T3794] binder_alloc: binder_alloc_mmap_handler: 3792 20ffc000-20ffd000 already mapped failed -16 [ 159.799527][ T28] audit: type=1400 audit(1851817233.948:3573): avc: denied { read } for pid=3797 comm="syz-executor.3" dev="nsfs" ino=4026532372 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 159.866716][ T28] audit: type=1400 audit(1851817233.948:3574): avc: denied { open } for pid=3797 comm="syz-executor.3" path="net:[4026532372]" dev="nsfs" ino=4026532372 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 159.876373][ T3800] loop4: detected capacity change from 0 to 256 [ 159.944223][ T28] audit: type=1400 audit(1851817233.948:3575): avc: denied { create } for pid=3797 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 159.952911][ T3800] exfat: Unknown parameter '' [ 160.027860][ T28] audit: type=1400 audit(1851817233.978:3576): avc: denied { read } for pid=3797 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 160.578222][ T3745] loop1: detected capacity change from 0 to 40427 [ 160.587621][ T3745] F2FS-fs (loop1): Fix alignment : internally, start(4096) end(16896) block(12288) [ 160.598678][ T3745] F2FS-fs (loop1): invalid crc value [ 160.620055][ T3745] F2FS-fs (loop1): invalid crc value [ 160.626233][ T28] audit: type=1400 audit(1851817234.778:3577): avc: denied { write } for pid=3837 comm="syz-executor.4" name="ppp" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 160.667382][ T3745] F2FS-fs (loop1): Failed to get valid F2FS checkpoint [ 161.038106][ T3850] loop2: detected capacity change from 0 to 512 [ 161.056375][ T3850] EXT4-fs (loop2): failed to open journal device unknown-block(0,0) -6 [ 161.530029][ T3877] loop2: detected capacity change from 0 to 512 [ 161.538396][ T3877] EXT4-fs (loop2): Number of reserved GDT blocks insanely large: 2048 [ 161.613917][ T28] audit: type=1400 audit(1851817235.758:3578): avc: denied { getopt } for pid=3875 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 161.641100][ T28] audit: type=1400 audit(1851817235.778:3579): avc: denied { bind } for pid=3875 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 161.667109][ T28] audit: type=1400 audit(1851817235.778:3580): avc: denied { listen } for pid=3875 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 163.429414][ T3918] bridge0: port 3(veth1_to_batadv) entered blocking state [ 163.437196][ T3918] bridge0: port 3(veth1_to_batadv) entered disabled state [ 163.460620][ T3918] device veth1_to_batadv entered promiscuous mode [ 163.493297][ T3918] bridge0: port 3(veth1_to_batadv) entered blocking state [ 163.500371][ T3918] bridge0: port 3(veth1_to_batadv) entered forwarding state [ 163.596394][ T3924] loop2: detected capacity change from 0 to 512 [ 163.605521][ T3924] EXT4-fs (loop2): Number of reserved GDT blocks insanely large: 2048 [ 164.651782][ T3943] device pim6reg1 entered promiscuous mode [ 164.790023][ T3945] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 164.980098][ T3937] loop1: detected capacity change from 0 to 40427 [ 164.995468][ T3937] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 165.009722][ T3937] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 165.047226][ T3937] F2FS-fs (loop1): Found nat_bits in checkpoint [ 165.193544][ T3932] loop4: detected capacity change from 0 to 40427 [ 165.204298][ T355] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 165.213371][ T3932] F2FS-fs (loop4): Fix alignment : internally, start(4096) end(16896) block(12288) [ 165.223161][ T3937] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 165.230488][ T3937] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 165.246098][ T3932] F2FS-fs (loop4): invalid crc value [ 165.271596][ T3932] F2FS-fs (loop4): invalid crc value [ 165.283769][ T3932] F2FS-fs (loop4): Failed to get valid F2FS checkpoint [ 165.300918][ T2427] syz-executor.1: attempt to access beyond end of device [ 165.300918][ T2427] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 165.444330][ T355] usb 3-1: Using ep0 maxpacket: 32 [ 165.564283][ T355] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 165.577488][ T355] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 165.599657][ T355] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 165.622105][ T355] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 165.644234][ T355] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 165.664426][ T355] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 165.685376][ T355] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 165.705296][ T355] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 165.732691][ T355] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 165.752002][ T355] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.770537][ T355] usb 3-1: config 0 descriptor?? [ 166.025731][ T355] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 12 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 166.050816][ T355] usb 3-1: USB disconnect, device number 12 [ 166.074548][ T355] usblp0: removed [ 166.487544][ T3970] syz-executor.4[3970] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 166.487718][ T3970] syz-executor.4[3970] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 166.504542][ T3970] devpts: called with bogus options [ 167.187375][ T3991] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 167.214174][ T3991] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 167.221474][ T3991] IPv6: NLM_F_CREATE should be set when creating new route [ 167.229694][ T3991] IPv6: NLM_F_CREATE should be set when creating new route [ 167.341633][ T3993] device pim6reg1 entered promiscuous mode [ 167.462005][ T3980] loop4: detected capacity change from 0 to 40427 [ 167.465559][ T3995] syz-executor.2[3995] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 167.472555][ T3995] syz-executor.2[3995] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 167.491386][ T3980] F2FS-fs (loop4): Found nat_bits in checkpoint [ 167.519518][ T3995] devpts: called with bogus options [ 167.666645][ T3980] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 167.741226][ T2979] syz-executor.4: attempt to access beyond end of device [ 167.741226][ T2979] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 168.118554][ T4016] loop4: detected capacity change from 0 to 512 [ 168.173129][ T4016] EXT4-fs (loop4): 1 orphan inode deleted [ 168.178892][ T4016] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 168.192598][ T4016] ext4 filesystem being mounted at /root/syzkaller-testdir3560530188/syzkaller.BwvdX7/104/bus supports timestamps until 2038 (0x7fffffff) [ 168.209128][ T4016] EXT4-fs (loop4): unmounting filesystem. [ 168.658423][ T4050] syz-executor.2[4050] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 168.658578][ T4050] syz-executor.2[4050] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 171.680437][ T4101] IPv6: NLM_F_REPLACE set, but no existing node found! [ 171.818888][ T4107] overlayfs: empty lowerdir [ 171.951131][ T4118] loop2: detected capacity change from 0 to 16 [ 171.962799][ T4118] erofs: (device loop2): mounted with root inode @ nid 36. [ 171.973353][ T4118] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 171.987912][ T4118] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -38 in[52, 4044] out[1851] [ 172.007064][ T4118] erofs: (device loop2): z_erofs_read_folio: failed to read, err [-117] [ 172.126274][ T28] audit: type=1400 audit(1851817246.278:3581): avc: denied { create } for pid=4124 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 172.169314][ T28] audit: type=1400 audit(1851817246.298:3582): avc: denied { connect } for pid=4124 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 172.223467][ T28] audit: type=1400 audit(1851817246.298:3583): avc: denied { write } for pid=4124 comm="syz-executor.2" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 172.537828][ T4138] loop2: detected capacity change from 0 to 1024 [ 172.688594][ T4138] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 173.399805][ T3143] EXT4-fs (loop2): unmounting filesystem. [ 173.525209][ T4146] input: syz1 as /devices/virtual/input/input13 [ 173.536852][ T28] audit: type=1400 audit(1851817247.688:3584): avc: denied { read } for pid=86 comm="acpid" name="event3" dev="devtmpfs" ino=504 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 173.545410][ T4148] loop2: detected capacity change from 0 to 16 [ 173.560716][ T28] audit: type=1400 audit(1851817247.688:3585): avc: denied { open } for pid=86 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=504 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 173.599325][ T28] audit: type=1400 audit(1851817247.688:3586): avc: denied { ioctl } for pid=86 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=504 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 173.605128][ T4148] erofs: (device loop2): mounted with root inode @ nid 36. [ 173.688303][ T4148] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 173.698139][ T4148] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -38 in[52, 4044] out[1851] [ 173.724047][ T4148] erofs: (device loop2): z_erofs_read_folio: failed to read, err [-117] [ 173.844226][ T4158] loop2: detected capacity change from 0 to 512 [ 173.856237][ T4158] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz-executor.2: casefold flag without casefold feature [ 173.870823][ T4158] EXT4-fs (loop2): 1 truncate cleaned up [ 173.876817][ T4158] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 174.012136][ T3143] EXT4-fs (loop2): unmounting filesystem. [ 174.582844][ T4175] loop4: detected capacity change from 0 to 256 [ 175.297980][ T4175] FAT-fs (loop4): Directory bread(block 64) failed [ 175.312216][ T4175] FAT-fs (loop4): Directory bread(block 65) failed [ 175.384623][ T4175] FAT-fs (loop4): Directory bread(block 66) failed [ 175.391284][ T4175] FAT-fs (loop4): Directory bread(block 67) failed [ 175.400221][ T318] bridge0: port 3(syz_tun) entered disabled state [ 175.406995][ T4175] FAT-fs (loop4): Directory bread(block 68) failed [ 175.418947][ T4175] FAT-fs (loop4): Directory bread(block 69) failed [ 175.426462][ T318] device syz_tun left promiscuous mode [ 175.431792][ T318] bridge0: port 3(syz_tun) entered disabled state [ 175.438338][ T4175] FAT-fs (loop4): Directory bread(block 70) failed [ 175.448400][ T4175] FAT-fs (loop4): Directory bread(block 71) failed [ 175.455015][ T4175] FAT-fs (loop4): Directory bread(block 72) failed [ 175.461601][ T4175] FAT-fs (loop4): Directory bread(block 73) failed [ 175.914635][ T4193] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.921622][ T4193] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.930021][ T4193] device bridge_slave_0 entered promiscuous mode [ 175.937869][ T4193] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.944984][ T4193] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.952935][ T4193] device bridge_slave_1 entered promiscuous mode [ 176.109107][ T4193] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.116217][ T4193] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.123385][ T4193] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.130279][ T4193] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.137529][ T355] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 176.197401][ T2001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 176.205775][ T2001] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.213233][ T2001] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.226756][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 176.235158][ T339] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.242066][ T339] bridge0: port 1(bridge_slave_0) entered forwarding state [ 176.257049][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 176.265600][ T339] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.272486][ T339] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.295434][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 176.315741][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 176.339318][ T4056] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 176.363105][ T4193] device veth0_vlan entered promiscuous mode [ 176.369894][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 176.379502][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 176.387400][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 176.418124][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 176.429307][ T4193] device veth1_macvtap entered promiscuous mode [ 176.447219][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 176.465273][ T4056] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 176.473887][ T4056] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 176.534421][ T355] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 176.545921][ T355] usb 3-1: New USB device found, idVendor=050d, idProduct=011b, bcdDevice=6f.a4 [ 176.555206][ T355] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.566787][ T355] usb 3-1: config 0 descriptor?? [ 176.605774][ T355] rndis_host: probe of 3-1:0.0 failed with error -22 [ 176.615566][ T28] audit: type=1400 audit(1851817250.768:3587): avc: denied { mount } for pid=4206 comm="syz-executor.4" name="/" dev="ramfs" ino=31790 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 176.638865][ T379] device bridge_slave_1 left promiscuous mode [ 176.645412][ T379] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.653586][ T379] device bridge_slave_0 left promiscuous mode [ 176.659950][ T379] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.670208][ T379] device veth1_macvtap left promiscuous mode [ 176.676238][ T379] device veth0_vlan left promiscuous mode [ 176.683340][ T28] audit: type=1400 audit(1851817250.828:3588): avc: denied { unmount } for pid=2979 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 177.075673][ T4209] loop4: detected capacity change from 0 to 40427 [ 177.095311][ T4209] F2FS-fs (loop4): invalid crc value [ 177.121900][ T4209] F2FS-fs (loop4): Found nat_bits in checkpoint [ 177.501859][ T2459] usb 3-1: USB disconnect, device number 13 [ 177.945546][ T4209] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 178.007513][ T10] kworker/u4:1: attempt to access beyond end of device [ 178.007513][ T10] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 178.021757][ T28] audit: type=1326 audit(1851817252.158:3589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4222 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1088a7cf69 code=0x7ffc0000 [ 178.061463][ T28] audit: type=1326 audit(1851817252.158:3590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4222 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1088a7cf69 code=0x7ffc0000 [ 178.096062][ T28] audit: type=1326 audit(1851817252.158:3591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4222 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1088a7cf69 code=0x7ffc0000 [ 178.121016][ T28] audit: type=1326 audit(1851817252.158:3592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4222 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1088a7cf69 code=0x7ffc0000 [ 178.146279][ T28] audit: type=1326 audit(1851817252.158:3593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4222 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1088a7cf69 code=0x7ffc0000 [ 178.207121][ T28] audit: type=1326 audit(1851817252.158:3594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4222 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f1088a7cf69 code=0x7ffc0000 [ 178.240567][ T28] audit: type=1326 audit(1851817252.158:3595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4222 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1088a7cf69 code=0x7ffc0000 [ 178.270350][ T28] audit: type=1326 audit(1851817252.158:3596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4222 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f1088a7cf69 code=0x7ffc0000 [ 178.294761][ T28] audit: type=1326 audit(1851817252.158:3597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4222 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1088a7cf69 code=0x7ffc0000 [ 178.320564][ T28] audit: type=1326 audit(1851817252.158:3598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4222 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1088a7cf69 code=0x7ffc0000 [ 179.098654][ T4231] loop2: detected capacity change from 0 to 512 [ 179.117052][ T4231] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 179.263177][ T4231] loop2: detected capacity change from 0 to 256 [ 179.385050][ T4262] loop2: detected capacity change from 0 to 1024 [ 179.395974][ T4262] EXT4-fs: Ignoring removed bh option [ 179.402053][ T4262] EXT4-fs (loop2): Test dummy encryption mode enabled [ 179.414675][ T4262] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 179.723853][ T4279] loop4: detected capacity change from 0 to 256 [ 180.130118][ T4285] loop4: detected capacity change from 0 to 8192 [ 180.155458][ T4285] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 180.304908][ T3143] EXT4-fs (loop2): unmounting filesystem. [ 180.490857][ T4307] SELinux: security_context_str_to_sid (ramfs) failed with errno=-22 [ 181.140660][ T4321] loop4: detected capacity change from 0 to 512 [ 181.148880][ T4321] EXT4-fs: Project quota feature not enabled. Cannot enable project quota enforcement. [ 181.319030][ T4321] loop4: detected capacity change from 0 to 256 [ 181.478296][ T4340] loop4: detected capacity change from 0 to 256 [ 181.544883][ T4340] loop4: detected capacity change from 256 to 11 [ 181.552629][ T4343] FAT-fs (loop4): unable to read inode block for updating (i_pos 201) [ 181.674816][ T2979] FAT-fs (loop4): Directory bread(block 3) failed [ 181.764277][ T4056] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 182.014217][ T4056] usb 3-1: Using ep0 maxpacket: 32 [ 182.134295][ T4056] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 182.148514][ T4056] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 184.164584][ T4358] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.172586][ T4358] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.181847][ T4358] device bridge_slave_0 entered promiscuous mode [ 184.206111][ T4358] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.213025][ T4358] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.222351][ T4358] device bridge_slave_1 entered promiscuous mode [ 184.234506][ T4056] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 184.243803][ T4056] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.251871][ T4056] usb 3-1: Product: syz [ 184.256265][ T4056] usb 3-1: Manufacturer: syz [ 184.260772][ T4056] usb 3-1: SerialNumber: syz [ 184.428568][ T4358] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.435528][ T4358] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.442803][ T4358] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.449881][ T4358] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.517121][ T4056] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 14 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 184.547679][ T4056] usb 3-1: USB disconnect, device number 14 [ 184.565989][ T4056] usblp0: removed [ 184.570696][ T2001] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.579931][ T2001] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.597859][ T2001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 184.614840][ T2001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.648467][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.656645][ T4376] loop2: detected capacity change from 0 to 1024 [ 184.663407][ T320] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.665876][ T4376] EXT4-fs: Ignoring removed orlov option [ 184.670629][ T320] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.676309][ T4376] EXT4-fs: Ignoring removed nomblk_io_submit option [ 184.710461][ T2001] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.712509][ T4376] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 184.719440][ T2001] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.733513][ T2001] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.756002][ T2001] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 184.764720][ T2001] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 184.784191][ T28] kauditd_printk_skb: 35 callbacks suppressed [ 184.784225][ T28] audit: type=1400 audit(1851817258.928:3634): avc: denied { map } for pid=4375 comm="syz-executor.2" path="/root/syzkaller-testdir387849341/syzkaller.4t4W3m/146/file1/file0/bus" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 184.820496][ T379] device veth1_to_batadv left promiscuous mode [ 184.835365][ T379] bridge0: port 3(veth1_to_batadv) entered disabled state [ 184.840101][ T4376] EXT4-fs error (device loop2): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.2: corrupt xattr in inline inode [ 184.856386][ T379] device bridge_slave_1 left promiscuous mode [ 184.856369][ T4376] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.2: corrupted in-inode xattr [ 184.875523][ T379] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.885781][ T28] audit: type=1400 audit(1851817259.038:3635): avc: denied { rmdir } for pid=3143 comm="syz-executor.2" name="lost+found" dev="loop2" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 184.909541][ T379] device bridge_slave_0 left promiscuous mode [ 184.911660][ T28] audit: type=1400 audit(1851817259.058:3636): avc: denied { unlink } for pid=3143 comm="syz-executor.2" name="file0" dev="loop2" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 184.915840][ T379] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.945616][ T28] audit: type=1400 audit(1851817259.058:3637): avc: denied { unlink } for pid=3143 comm="syz-executor.2" name="file1" dev="loop2" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 184.955095][ T3143] ================================================================== [ 184.976403][ T3143] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 184.984214][ T3143] Read of size 4 at addr ffff888138a2f000 by task syz-executor.2/3143 [ 184.992203][ T3143] [ 184.994376][ T3143] CPU: 1 PID: 3143 Comm: syz-executor.2 Not tainted 6.1.78-syzkaller-00141-g3c19f7015ee3 #0 [ 185.004261][ T3143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 185.014188][ T3143] Call Trace: [ 185.017281][ T3143] [ 185.020147][ T3143] dump_stack_lvl+0x151/0x1b7 [ 185.024676][ T3143] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 185.029963][ T3143] ? _printk+0xd1/0x111 [ 185.033963][ T3143] ? __virt_addr_valid+0x242/0x2f0 [ 185.038912][ T3143] print_report+0x158/0x4e0 [ 185.043252][ T3143] ? __virt_addr_valid+0x242/0x2f0 [ 185.048206][ T3143] ? kasan_addr_to_slab+0xd/0x80 [ 185.052967][ T3143] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 185.058610][ T3143] kasan_report+0x13c/0x170 [ 185.063046][ T3143] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 185.068613][ T3143] __asan_report_load4_noabort+0x14/0x20 [ 185.074261][ T3143] ext4_xattr_delete_inode+0xcd0/0xce0 [ 185.079565][ T3143] ? sb_end_intwrite+0x130/0x130 [ 185.084333][ T3143] ? ext4_expand_extra_isize_ea+0x1c40/0x1c40 [ 185.090341][ T3143] ? __kasan_check_read+0x11/0x20 [ 185.095368][ T3143] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 185.101095][ T3143] ? ext4_evict_inode+0xbc2/0x1550 [ 185.106060][ T3143] ext4_evict_inode+0xef9/0x1550 [ 185.110820][ T3143] ? _raw_spin_unlock+0x4c/0x70 [ 185.115623][ T3143] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 185.121342][ T3143] ? _raw_spin_unlock+0x4c/0x70 [ 185.126018][ T3143] ? inode_io_list_del+0x18b/0x1a0 [ 185.130966][ T3143] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 185.136929][ T3143] evict+0x2a3/0x630 [ 185.140660][ T3143] iput+0x642/0x870 [ 185.144339][ T3143] vfs_rmdir+0x3c2/0x500 [ 185.148388][ T3143] do_rmdir+0x3ab/0x630 [ 185.152379][ T3143] ? d_delete_notify+0x160/0x160 [ 185.157156][ T3143] __x64_sys_unlinkat+0xdf/0xf0 [ 185.161832][ T3143] do_syscall_64+0x3d/0xb0 [ 185.166090][ T3143] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 185.171817][ T3143] RIP: 0033:0x7f4c7e07c747 [ 185.176099][ T3143] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 185.195508][ T3143] RSP: 002b:00007ffc4e2b0458 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 185.204003][ T3143] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f4c7e07c747 [ 185.211794][ T3143] RDX: 0000000000000200 RSI: 00007ffc4e2b1600 RDI: 00000000ffffff9c [ 185.219611][ T3143] RBP: 00007f4c7e0d9636 R08: 0000000000000000 R09: 0000000000000000 [ 185.227416][ T3143] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffc4e2b1600 [ 185.235330][ T3143] R13: 00007f4c7e0d9636 R14: 000000000002d128 R15: 000000000000000b [ 185.243166][ T3143] [ 185.246002][ T3143] [ 185.248177][ T3143] The buggy address belongs to the physical page: [ 185.254526][ T3143] page:ffffea0004e28bc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x138a2f [ 185.264591][ T3143] flags: 0x4000000000000000(zone=1) [ 185.269653][ T3143] raw: 4000000000000000 ffffea0004e26088 ffffea0004cc1108 0000000000000000 [ 185.278070][ T3143] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 185.286461][ T3143] page dumped because: kasan: bad access detected [ 185.292956][ T3143] page_owner tracks the page as freed [ 185.298139][ T3143] page last allocated via order 0, migratetype Movable, gfp_mask 0x8140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO|__GFP_CMA), pid 4298, tgid 4298 (syz-executor.0), ts 180413052216, free_ts 180423406864 [ 185.318140][ T3143] post_alloc_hook+0x213/0x220 [ 185.322736][ T3143] prep_new_page+0x1b/0x110 [ 185.327155][ T3143] get_page_from_freelist+0x27ea/0x2870 [ 185.332538][ T3143] __alloc_pages+0x3a1/0x780 [ 185.336960][ T3143] __folio_alloc+0x15/0x40 [ 185.341219][ T3143] wp_page_copy+0x23b/0x1690 [ 185.345647][ T3143] do_wp_page+0xc25/0xdf0 [ 185.349813][ T3143] handle_mm_fault+0x15a2/0x2f40 [ 185.354587][ T3143] exc_page_fault+0x3b3/0x700 [ 185.359105][ T3143] asm_exc_page_fault+0x27/0x30 [ 185.364077][ T3143] page last free stack trace: [ 185.368570][ T3143] free_unref_page_prepare+0x83d/0x850 [ 185.374325][ T3143] free_unref_page_list+0xf1/0x7b0 [ 185.379356][ T3143] release_pages+0xf7f/0xfe0 [ 185.383925][ T3143] free_pages_and_swap_cache+0x8a/0xa0 [ 185.389479][ T3143] tlb_finish_mmu+0x1e0/0x3f0 [ 185.394089][ T3143] exit_mmap+0x421/0x940 [ 185.398189][ T3143] __mmput+0x95/0x310 [ 185.402235][ T3143] mmput+0x56/0x170 [ 185.405982][ T3143] do_exit+0xb29/0x2b80 [ 185.410212][ T3143] do_group_exit+0x21a/0x2d0 [ 185.414715][ T3143] get_signal+0x169d/0x1820 [ 185.419143][ T3143] arch_do_signal_or_restart+0xb0/0x16f0 [ 185.425070][ T3143] exit_to_user_mode_loop+0x74/0xa0 [ 185.430210][ T3143] exit_to_user_mode_prepare+0x5a/0xa0 [ 185.435590][ T3143] syscall_exit_to_user_mode+0x26/0x140 [ 185.440966][ T3143] do_syscall_64+0x49/0xb0 [ 185.445921][ T3143] [ 185.448086][ T3143] Memory state around the buggy address: [ 185.453568][ T3143] ffff888138a2ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2028/09/06 01:40:59 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 185.461466][ T3143] ffff888138a2ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 185.469555][ T3143] >ffff888138a2f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 185.477533][ T3143] ^ [ 185.481439][ T3143] ffff888138a2f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 185.489896][ T3143] ffff888138a2f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 185.497774][ T3143] ================================================================== [ 185.532759][ T379] device veth1_macvtap left promiscuous mode [ 185.545225][ T379] device veth0_vlan left promiscuous mode [ 185.615132][ T3143] Disabling lock debugging due to kernel taint