last executing test programs: 6.794545176s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0xd0, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f0000000180)={0x2c, &(0x7f0000000040)={0x0, 0x0, 0x5, {0x5, 0x0, "c61229"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 6.033966111s ago: executing program 4: bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000071320b00164668e8aaa2bdb400000000dc23cf1b20150bbe111a21"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) accept$nfc_llcp(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) sched_setaffinity(0x0, 0xfffffda9, &(0x7f00000002c0)=0x2) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) 5.11341688s ago: executing program 4: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000402f170200000000000001090224030100000000090400000103000000092100000007220500090581030000000000"], 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000800000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r2, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r3 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@private0, 0x0, 0x33}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x7}}, 0xe8) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x3, 0x4, 0x4}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000b80)={0x24, 0x0, 0x0, &(0x7f0000000b00), 0x0}, 0x0) 3.535661978s ago: executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='9p_client_req\x00', r1}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000f00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='9p_client_req\x00', r2}, 0xd) pipe2$9p(&(0x7f0000002180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) 3.498306133s ago: executing program 3: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x5, &(0x7f0000000400)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x9}, [@cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffff8}]}, &(0x7f0000000180)='syzkaller\x00', 0x2, 0xe9, &(0x7f0000000240)=""/233, 0x0, 0x11}, 0x90) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES16], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x7, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x1f, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5e}]}, &(0x7f0000000180)='GPL\x00', 0x2, 0xc6, &(0x7f0000000300)=""/198, 0x0, 0x10}, 0x80) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x1000a) mmap(&(0x7f00001fc000/0x1000)=nil, 0x1000, 0x0, 0x10112, r2, 0x47e2f000) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000001100000200b7080000000000007b8af8ff00000000bfa2000000000007ffb70300000800b700000000000000100000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) ioctl$EVIOCGSND(r2, 0x8040451a, &(0x7f0000000f80)=""/4096) r4 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x400, 0x0) fcntl$setsig(r4, 0xa, 0x1a) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00220f000000a3"], 0x0}, 0x0) 2.018561407s ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x3d}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x7}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) 2.008493188s ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) 1.997842149s ago: executing program 2: r0 = creat(&(0x7f0000000280)='./file0\x00', 0x0) io_setup(0xa82, &(0x7f0000000140)=0x0) r2 = eventfd(0x0) io_submit(r1, 0x1, &(0x7f0000000f40)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r2}]) 1.933032039s ago: executing program 2: sched_setscheduler(0x0, 0x0, &(0x7f0000000200)) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) syz_open_pts(0xffffffffffffffff, 0x105b01) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2dc5c07001a000100000000897b2a1d84f5c7ffff00000000000067e77dc70b90bbb45efd97899a16f2df4fa2a8f069d9b047389f672eb3080000000000000065890d2d0d1b8d3d62f6d77b0283e166e2ca4c35483d3f00d6bf7da9299e6e81c96daf520300a16cab12d75a852b3e4470420877efbe1f000000000000007e15f9b683e63cfff7c638bca835b33bc18c4ed0351cd285197b0241569048b5b416ba1c57217be5a338392f831637ee8c25bb2183634a33b18c4b459f9aea5ab222d7060000000000665106000000a803d1b56126efec0225a5433883b0d17cb21dbfd886caf2624e7f00da0ef9893ef57c79a182dceca9c46a9f8b001e53b29c0c698ed30d8942e94ac057bde74e42021d895c22b6400000002b2c604ed73249e80f08bfdcebee7a07856a3a23e0907f3dc0eb52c40f6b21c14832dd9845ee8d8733b52c8422295fde5626cd43fb43fb3acf9b2e840713cba86d43a570ee3589b7e9000000000000000000000000000000dc85131317c56465978d957d000000000000000000000000000000000000000000000000000000000000000000301171e8e3a2d0c842c20fd293c073b93f7662fad1f4ae3e1fe359aa29a4b8965229fa06b0fb2e23d2644cfbdbd6929aa42151ea48334743ad0c378641e74d55d6cd7b098599190100000055ec9c0c26b71588d6fc97e3098fb0e778be446659cf665e7f848d85de70c3c426a539a9a0e92e7bbf77528053dcb3b791b8e3faae507a3b721b670b06b78bb09e82ecc85a4bbc596d8ce02a2cbede5573f8bdc84d61c5634fffa50e74ec0f2da4f3d82c2d2b5a20ec152df14481c3bb59a23e014d07fc070d87f58118f468bf80283e0ce7efda7906f9c53319aef22e01a9ba5649fc10fb5b8132dcf42c47a4b79efb9f720ebd2dcc1634f870cee6201bc0ad9e17c4633a17de505bed8fded3053cb455636132bdae3239b9c8b437256ac21a49c4f03b268c47e9becbaff440728429f9e0b0222485188b745b3c871d01d27eb4e5e00bcd79b95601098e044345a8aaa12fda56277aef89192b9af038ab8808a2adf0c3a15ec863e5f352c7967607cede40848eae2704701b7af0a0b30e9e5b76f45500000000000000", @ANYRESDEC=0x0], 0xfb, 0x11e0, &(0x7f00000036c0)="$eJzs3MGLG1UcB/Bf19rW1N2sWqstiA+96GVo9uBFL0G2IA0obSO0gjB1JxoyJiETFiJi9eTVv0M8ehPEm1724t/gbS8eK4gjJmq7JR6KsFPK53PJD977wu9lYOAN8+bwja8+Hg2qbJDPY+PEidiYRqQ7KVJsxD8+j1df//GnF67duHml2+vtXk3pcvd657WU0taL37/36Tcv/TA/++63W9+djoPt9w9/3fnl4PzBhcM/rn80rNKwSuPJPOXp1mQyz2+VRdobVqMspXfKIq+KNBxXxezI+KCcTKeLlI/3NlvTWVFVKR8v0qhYpPkkzWeLlH+YD8cpy7K02Qr+j/7Xd+q6jqjrx+NU1HVdPxGtOBtPxmZsRTu246l4Op6Jc/FsnI/n4vm4sJzVdN8AAAAAAAAAAAAAAAAAAADwaHH+HwAAAAAAAAAAAAAAAAAAAJp37cbNK91eb/dqSmciyi/3+/v91e9qvDuIYZRRxKVox++xPP2/sqovv9XbvZSWtuOL8vbf+dv7/ceO5jvLzwmszXdW+XQ0fzpa9+Z3oh3n1ud31ubPxCsv35PPoh0/fxCTKGMv/srezX/WSenNt3v35S8u5wEAAMCjIEv/Wrt/z7L/Gl/lH+D5wH3765Nx8WSzayeiWnwyysuymCke+uJUs238Vtd183+C4piKpu9MHIe7F73pTgAAAAAAAAAAAHgQx/E6YdNrBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4kx04FgAAAAAQ5m+dRscGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAVwEAAP//zI7XaA==") r0 = open(&(0x7f0000000040)='./file2\x00', 0x181042, 0x0) write$P9_RREADDIR(r0, &(0x7f0000000500), 0xbf) getpgid(0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0x40001) sendfile(r0, r0, &(0x7f0000000240), 0x7f06) 1.497499295s ago: executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_pid(r1, &(0x7f0000000980), 0x12) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='ext4_begin_ordered_truncate\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='ext4_begin_ordered_truncate\x00', r3}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) 1.490711106s ago: executing program 2: syz_btf_id_by_name$bpf_lsm(0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000007c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, &(0x7f0000000a80)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000a40)={&(0x7f0000000800)=ANY=[@ANYBLOB="1e00", @ANYRES16=r2, @ANYRES16=r2], 0xf8}, 0x1, 0x0, 0x0, 0x10}, 0xc840) gettid() sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, 0x0}, 0x801) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000280)={'wg2\x00'}) r3 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r3, 0x800c6613, &(0x7f0000000140)=@v1={0x0, @adiantum, 0x0, @desc3}) chdir(&(0x7f0000000000)='./file0\x00') add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000240)={'fscrypt:', @desc3}, &(0x7f00000002c0)={0x0, "615a091a55a8c9a640115d99d981b3886420589c6685d4982a83b71b906769e737201ac6b7a7804454156569cbf3a5be811debc957b5831b89b59d703e748c7c", 0x25}, 0x48, 0xffffffffffffffff) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 1.46569347s ago: executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000071122000000000009500000700000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80) open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) ftruncate(r1, 0x2007ffb) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000c00)={r0, 0xe0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x8, &(0x7f0000001000)}}, 0x10) 1.39808871s ago: executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x9) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001b40)={0x0}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) unlink(&(0x7f0000000080)='./cgroup\x00') 1.26790098s ago: executing program 1: sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@newqdisc={0x34, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000000c0), 0x8) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000000)=0x7f, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 1.127271391s ago: executing program 1: bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000}, 0x48) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x4000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r5 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r5, &(0x7f0000000800)="51e251578851f74182a74b89b27df427aeef44966d202e4138b5a18e75a0424e7fe93b0d32c7abba87b6", 0x2a, 0x0, &(0x7f0000000080)={0xa, 0x5e20, 0x0, @mcast2}, 0x1c) 1.121531841s ago: executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18f5c84f48cc757e5acd0000000000000000000075d8bee77710ac5c868bb669f36a5c2f3d7276fe44d393e62a0d9e5d564de37dd29b018cb4a86872754c52324051aecc95a4a2887c1868ebcee12a26335c1128a26acab393ca5ae98974d24d708373af4a", @ANYRES32=r1, @ANYBLOB="0000000000000000b708000000001b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005800000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r2}, 0x10) getrusage(0x0, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) r4 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008088100b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000580)='kmem_cache_free\x00', r6}, 0x10) fcntl$setlease(r4, 0x400, 0x3) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r8, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa010600ba9380d440fe0000000000002900000005000000", 0xfe60) r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYRESDEC=r9], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r10}, 0x10) sendmsg$ETHTOOL_MSG_PAUSE_GET(r7, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001940)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01080000000000000000210000000c00018008000100", @ANYRES32=r3], 0x20}}, 0x0) 1.096791955s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x5c0900a0}, 0x38) 1.089398576s ago: executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000028c0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ad30c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b82614b2550bae878ec65a6fe5f7ee415af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd7fe926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846b3e578af7dc7d5e87d44ff828de453f7edf34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd353646000000000000000000000000000000000000000000000000eeffffff000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37c53cb57ff9d57ac41afb92a9d13e5de7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489a261f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db55474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1386f58c5eeab6dac2877225e90995554e92cb5d2f6af1f70188027773d82e5f43d0dbc60fd3dc8763c3aa884e7a3d06496384e179be004e56176dfc64fe5b1b0e6ede32527d6bed6225d9b6efe63b3798f8606ab2e5b50a15fd66f54d49ac9eaeb79dd87ec000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x10) socket$netlink(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f088a847e04305000f4000631177fbac141445e000030394029f034d2f87e589ca6aab845013f286dd1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000e1e, 0x0, 0x60e}, 0x2c) 1.030998455s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20) mount_setattr(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000300)={0x0, 0x0, 0x20000}, 0x20) 1.018391457s ago: executing program 0: r0 = socket(0x11, 0x80a, 0x0) capset(&(0x7f00000025c0)={0x20080522}, &(0x7f0000002600)={0x10001, 0x30001}) ioctl$sock_SIOCGIFINDEX(r0, 0x8919, &(0x7f0000000300)={'bond0\x00'}) 1.013245888s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x4, 0x4}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000001000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b70300000000ffff850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002880)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) read$FUSE(r2, &(0x7f0000004940)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r2, &(0x7f0000002140)={0x50, 0x0, r3}, 0x50) read$FUSE(r2, &(0x7f0000002900)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r2, &(0x7f0000000000)={0x10, 0x0, r4}, 0x10) 999.5814ms ago: executing program 0: sched_setscheduler(0x0, 0x0, &(0x7f0000000200)) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) syz_open_pts(0xffffffffffffffff, 0x105b01) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2dc5c07001a000100000000897b2a1d84f5c7ffff00000000000067e77dc70b90bbb45efd97899a16f2df4fa2a8f069d9b047389f672eb3080000000000000065890d2d0d1b8d3d62f6d77b0283e166e2ca4c35483d3f00d6bf7da9299e6e81c96daf520300a16cab12d75a852b3e4470420877efbe1f000000000000007e15f9b683e63cfff7c638bca835b33bc18c4ed0351cd285197b0241569048b5b416ba1c57217be5a338392f831637ee8c25bb2183634a33b18c4b459f9aea5ab222d7060000000000665106000000a803d1b56126efec0225a5433883b0d17cb21dbfd886caf2624e7f00da0ef9893ef57c79a182dceca9c46a9f8b001e53b29c0c698ed30d8942e94ac057bde74e42021d895c22b6400000002b2c604ed73249e80f08bfdcebee7a07856a3a23e0907f3dc0eb52c40f6b21c14832dd9845ee8d8733b52c8422295fde5626cd43fb43fb3acf9b2e840713cba86d43a570ee3589b7e9000000000000000000000000000000dc85131317c56465978d957d000000000000000000000000000000000000000000000000000000000000000000301171e8e3a2d0c842c20fd293c073b93f7662fad1f4ae3e1fe359aa29a4b8965229fa06b0fb2e23d2644cfbdbd6929aa42151ea48334743ad0c378641e74d55d6cd7b098599190100000055ec9c0c26b71588d6fc97e3098fb0e778be446659cf665e7f848d85de70c3c426a539a9a0e92e7bbf77528053dcb3b791b8e3faae507a3b721b670b06b78bb09e82ecc85a4bbc596d8ce02a2cbede5573f8bdc84d61c5634fffa50e74ec0f2da4f3d82c2d2b5a20ec152df14481c3bb59a23e014d07fc070d87f58118f468bf80283e0ce7efda7906f9c53319aef22e01a9ba5649fc10fb5b8132dcf42c47a4b79efb9f720ebd2dcc1634f870cee6201bc0ad9e17c4633a17de505bed8fded3053cb455636132bdae3239b9c8b437256ac21a49c4f03b268c47e9becbaff440728429f9e0b0222485188b745b3c871d01d27eb4e5e00bcd79b95601098e044345a8aaa12fda56277aef89192b9af038ab8808a2adf0c3a15ec863e5f352c7967607cede40848eae2704701b7af0a0b30e9e5b76f45500000000000000", @ANYRESDEC=0x0], 0xfb, 0x11e0, &(0x7f00000036c0)="$eJzs3MGLG1UcB/Bf19rW1N2sWqstiA+96GVo9uBFL0G2IA0obSO0gjB1JxoyJiETFiJi9eTVv0M8ehPEm1724t/gbS8eK4gjJmq7JR6KsFPK53PJD977wu9lYOAN8+bwja8+Hg2qbJDPY+PEidiYRqQ7KVJsxD8+j1df//GnF67duHml2+vtXk3pcvd657WU0taL37/36Tcv/TA/++63W9+djoPt9w9/3fnl4PzBhcM/rn80rNKwSuPJPOXp1mQyz2+VRdobVqMspXfKIq+KNBxXxezI+KCcTKeLlI/3NlvTWVFVKR8v0qhYpPkkzWeLlH+YD8cpy7K02Qr+j/7Xd+q6jqjrx+NU1HVdPxGtOBtPxmZsRTu246l4Op6Jc/FsnI/n4vm4sJzVdN8AAAAAAAAAAAAAAAAAAADwaHH+HwAAAAAAAAAAAAAAAAAAAJp37cbNK91eb/dqSmciyi/3+/v91e9qvDuIYZRRxKVox++xPP2/sqovv9XbvZSWtuOL8vbf+dv7/ceO5jvLzwmszXdW+XQ0fzpa9+Z3oh3n1ud31ubPxCsv35PPoh0/fxCTKGMv/srezX/WSenNt3v35S8u5wEAAMCjIEv/Wrt/z7L/Gl/lH+D5wH3765Nx8WSzayeiWnwyysuymCke+uJUs238Vtd183+C4piKpu9MHIe7F73pTgAAAAAAAAAAAHgQx/E6YdNrBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4kx04FgAAAAAQ5m+dRscGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAVwEAAP//zI7XaA==") r0 = open(&(0x7f0000000040)='./file2\x00', 0x181042, 0x0) write$P9_RREADDIR(r0, &(0x7f0000000500), 0xbf) getpgid(0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0x40001) sendfile(r0, r0, &(0x7f0000000240), 0x7f06) 581.770753ms ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000001c0)=ANY=[@ANYRESDEC=r3], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = getpid() sendmmsg$unix(0xffffffffffffffff, &(0x7f0000004580)=[{{0x0, 0x0, &(0x7f0000002b80)=[{0x0}], 0x1, &(0x7f0000000dc0)=ANY=[@ANYRESDEC, @ANYRESDEC=r4, @ANYRES32, @ANYRES32=0x0, @ANYBLOB="000000001c0000000000000001000000020000", @ANYRES32, @ANYBLOB="c702ba19a2fe26d597579b57149caee6746000cd13d85358811532f1e24c3b43e3f622de3a668c2a52dc7fbda8c3ae6b33531c51f95186469d6c93d19fa56171fc640a5489faa02cb9957b0d168d14ae7d46f0b1f217d738d68df478b128a6e09c022cb4224d2d7aa5e0f53c475cc8181293f914aa910f44c6af99691afead8c3a340e35f74e5b99ce38ebab1cb78267df028cbdeaf0c5300b53d869f931c636268136d0cba0e8de8668ab12bc5c89331e509d648dd01915cc029c9e2f5293347a25d8682b96782995fb673e304af423e28b4fe88dd31be9a4", @ANYRES32=0xee01, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYBLOB="ea9346", @ANYBLOB="d87076926acce57aae455cff69c0d6c1d87e902f496c16c7c21e9864469749bccdb51453792ea5bd8ccc5b0d81aace0ac54a3f9e59cb4022804fb8b0fc3cd361828ea759f4852e41a4", @ANYRES16=r6, @ANYRES64, @ANYRES32, @ANYRES32=r5, @ANYRES32, @ANYRES32, @ANYRES16=r4, @ANYBLOB="0000090000000001000000020000000000000000380e4677b2356a403c8c9ca7832c5a901ad2155612a8a564dfbf8bfcbb990272117c24b9c9e0e80306c33627e8814ea6289a6bd57e74b452d43481cd2b9585816cdf", @ANYRES32, @ANYRESDEC=r7, @ANYRES32=0x0, @ANYBLOB="0000000010000000000000000100000001000000"], 0xd8}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="1400000000000000010000000100", @ANYRES32, @ANYBLOB="000000001e000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYRES16, @ANYBLOB="00000000006bf68e31ab373e", @ANYRES32=r1, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES64, @ANYRES32=0x0, @ANYBLOB="000000002c00000000000000010000000100", @ANYRES16=r3, @ANYRES32=r6, @ANYRES32, @ANYRESHEX=r2, @ANYRES32=r5, @ANYRES8=r6, @ANYRESHEX, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r1, @ANYRES32=0x0, @ANYRES64, @ANYRES32=r0, @ANYRES32, @ANYRES32, @ANYRESDEC, @ANYBLOB, @ANYRES32=r7, @ANYRES32], 0x100, 0x24000081}}], 0x2, 0x90) bind$inet6(r6, &(0x7f00000004c0)={0xa, 0x8000002, 0x0, @empty, 0x1}, 0x1c) symlinkat(0x0, 0xffffffffffffffff, &(0x7f0000000400)='./file0\x00') socket$inet6_tcp(0xa, 0x1, 0x0) accept(r2, &(0x7f0000000500)=@ethernet={0x0, @local}, &(0x7f0000000700)=0x80) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000940)=ANY=[@ANYBLOB="9feb01f318000000000000000c0000000c00000007000000000400000000000000000000000000002e5f00cee0e97ae622d0655c7a19d9043bc33bb40e542178bcf396860de76e832cd1edf6e81c89d67031dd3495c75bc112eb5b48ca2f679e726da53b6edf30f42d370aea350e2648fec67ba4e9830468d1e5a0791544f665af95c81ff5f6273f5f4128916994c7446e6a47986e6c61a5229e6e66aa50bcc28d3efba4e35f0e8fef57da336dfa37461643db8d47393e09ee9865c8f8827b63750f8668a8bc8bb52bd8e16b7c315d05c4e67fb81fd24c1de8aff98907ad4f"], 0x0, 0x2b}, 0x20) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x3c1, 0x3, 0x3f0, 0x0, 0xc8, 0x8, 0x6, 0x5803, 0x320, 0x2e8, 0x2e8, 0x320, 0x2e8, 0x3, 0x0, {[{{@ipv6={@remote, @mcast1, [], [], 'vlan0\x00', 'geneve1\x00'}, 0x0, 0x190, 0x1c0, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5df11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f35a214e67262c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5", 0x1, 0x2}}, @common=@inet=@socket1={{0x28}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0xf8, 0x160, 0x0, {}, [@common=@ipv6header={{0x28}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x450) setsockopt$inet6_int(r8, 0x29, 0x16, &(0x7f0000000780)=0x3, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xd, &(0x7f00000007c0)=ANY=[@ANYBLOB="18000016c86cdd8c7e27a2492300060000000000000000000100775630000800000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000001fcffff85000000060000008510000002000000950000000000000032c1a23546160f8d68955874ac183997eab363ae4f603176987648cad1231bd869186b5f018f3c2fdac8c72538bcd62fa465d3304efb39211faefa1759bc877dc74635e8560a35527a1fe450b0de4fceda0e645ad20dea846b803d33c2d83ca0bbe45e812f1d2b7613e50734e444007aea834437d5b31714fc57c75026a85ca779669fd26fd20510520a9dbc53ca824dfb30118f85bcbf4c29776cb777c858938507bca52c16881ce1d01aa5e06822567ddee15bf92bcbc79b27e75b2c98eb7cf688973cbeeadbba35b533c618129ff10622eb222efa947b1488a82570b3c10b"], &(0x7f0000000080)='GPL\x00', 0x9, 0x72, &(0x7f00000000c0)=""/114, 0x41100, 0x19, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000600)={0x4, 0x9, 0x9, 0x1f}, 0x10, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000640)=[{0x5, 0x0, 0xd}, {0x2, 0x5, 0xd, 0x8}, {0x0, 0x3, 0x7, 0x9}, {0x2, 0x2, 0x2000008, 0x2}, {0x2, 0x5, 0xd}], 0x10, 0x4}, 0x90) sched_setaffinity(0x0, 0x0, 0x0) process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000008640), 0x0, 0x0) getrlimit(0x2, &(0x7f0000000380)) capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)) getpgrp(0x0) inotify_init1(0x0) 551.484558ms ago: executing program 3: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 165.657085ms ago: executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000071122000000000009500000700000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80) open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) ftruncate(r1, 0x2007ffb) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000c00)={r0, 0xe0, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x8, &(0x7f0000001000)}}, 0x10) 143.031389ms ago: executing program 1: sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@newqdisc={0x34, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000000c0), 0x8) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000000)=0x7f, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 139.44694ms ago: executing program 0: bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000180)='vnet_rx_one\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x4c37e, 0x0) fallocate(r2, 0x0, 0x0, 0x9000f4) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000280)) ioctl$sock_SIOCGPGRP(r2, 0x8904, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xfffffffffffffc00}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000b40), 0x2b842ac, 0x0) listxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000b00)=""/4096, 0x1000) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) unshare(0x42000000) 39.375995ms ago: executing program 1: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x5, &(0x7f0000000400)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x9}, [@cb_func={0x18, 0x9, 0x4, 0x0, 0xfffffffffffffff8}]}, &(0x7f0000000180)='syzkaller\x00', 0x2, 0xe9, &(0x7f0000000240)=""/233, 0x0, 0x11}, 0x90) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES16], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x7, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x1f, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5e}]}, &(0x7f0000000180)='GPL\x00', 0x2, 0xc6, &(0x7f0000000300)=""/198, 0x0, 0x10}, 0x80) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x1000a) mmap(&(0x7f00001fc000/0x1000)=nil, 0x1000, 0x0, 0x10112, r2, 0x47e2f000) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000001100000200b7080000000000007b8af8ff00000000bfa2000000000007ffb70300000800b700000000000000100000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) ioctl$EVIOCGSND(r2, 0x8040451a, &(0x7f0000000f80)=""/4096) r4 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x400, 0x0) fcntl$setsig(r4, 0xa, 0x1a) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00220f000000a3"], 0x0}, 0x0) 17.318198ms ago: executing program 4: prlimit64(0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x42000, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(0xffffffffffffffff, &(0x7f0000000000), 0x10) r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000004000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r4, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r4, &(0x7f0000000600)={0x50, 0x0, r5, {0x7, 0x1f, 0xfffffffe, 0x1403410, 0x0, 0xfff}}, 0x50) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x44401, 0x0) write$FUSE_INIT(r6, 0x0, 0x0) dup3(r3, r4, 0x0) dup3(r1, r2, 0x80000) socket(0x11, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040)=0x1, 0x4) 0s ago: executing program 3: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000402f170200000000000001090224030100000000090400000103000000092100000007220500090581030000000000"], 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000800000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r2, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r3 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@private0, 0x0, 0x33}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x7}}, 0xe8) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x3, 0x4, 0x4}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000b80)={0x24, 0x0, 0x0, &(0x7f0000000b00), 0x0}, 0x0) kernel console output (not intermixed with test programs): 40.060442][T25151] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 1640.073961][T25151] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 1640.081456][T28743] device veth1_macvtap left promiscuous mode [ 1640.087351][T28743] device veth0_vlan left promiscuous mode [ 1640.094541][T25151] F2FS-fs (loop2): Unrecognized mount option "" or missing value [ 1640.211250][T25170] fuse: Invalid rootmode [ 1640.457246][T25174] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1640.468914][T25174] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1640.797978][T25196] device dummy0 entered promiscuous mode [ 1640.803532][T25196] device vlan2 entered promiscuous mode [ 1640.809983][T25196] device dummy0 left promiscuous mode [ 1640.824959][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 1640.824971][ T30] audit: type=1326 audit(2268436371.872:125993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25197 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb918a06ea9 code=0x7ffc0000 [ 1640.868805][ T30] audit: type=1326 audit(2268436371.903:125994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25197 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb918a06ea9 code=0x7ffc0000 [ 1640.894012][ T30] audit: type=1326 audit(2268436371.924:125995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25197 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb918a06ea9 code=0x7ffc0000 [ 1640.919137][ T30] audit: type=1326 audit(2268436371.924:125996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25197 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb918a06ea9 code=0x7ffc0000 [ 1640.945096][ T30] audit: type=1326 audit(2268436371.924:125997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25197 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb918a06ea9 code=0x7ffc0000 [ 1640.978417][ T30] audit: type=1326 audit(2268436371.945:125998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25197 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb918a06ea9 code=0x7ffc0000 [ 1641.002834][ T30] audit: type=1326 audit(2268436371.945:125999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25197 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb918a06ea9 code=0x7ffc0000 [ 1641.032763][T25195] bridge0: port 1(bridge_slave_0) entered blocking state [ 1641.039763][T25195] bridge0: port 1(bridge_slave_0) entered disabled state [ 1641.047430][T25195] device bridge_slave_0 entered promiscuous mode [ 1641.055672][T25195] bridge0: port 2(bridge_slave_1) entered blocking state [ 1641.062618][T25195] bridge0: port 2(bridge_slave_1) entered disabled state [ 1641.069979][T25195] device bridge_slave_1 entered promiscuous mode [ 1641.086908][ T30] audit: type=1326 audit(2268436371.945:126000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25197 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb918a06ea9 code=0x7ffc0000 [ 1641.112008][ T30] audit: type=1326 audit(2268436371.945:126001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25197 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb918a06ea9 code=0x7ffc0000 [ 1641.136556][ T30] audit: type=1326 audit(2268436371.977:126002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25197 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb918a06ea9 code=0x7ffc0000 [ 1641.327448][T25219] loop3: detected capacity change from 0 to 1024 [ 1641.338494][T25195] bridge0: port 2(bridge_slave_1) entered blocking state [ 1641.345376][T25195] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1641.352482][T25195] bridge0: port 1(bridge_slave_0) entered blocking state [ 1641.359244][T25195] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1641.387022][T25219] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,data_err=abort,data_err=abort,,errors=continue. Quota mode: writeback. [ 1641.442984][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 1641.453463][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 1641.552746][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1641.563749][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1641.577763][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1641.609503][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1641.639026][ T2946] bridge0: port 1(bridge_slave_0) entered blocking state [ 1641.645905][ T2946] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1641.693700][T25233] fuse: Invalid rootmode [ 1641.705003][ T60] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 1641.732831][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1641.816648][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1641.905439][ T2946] bridge0: port 2(bridge_slave_1) entered blocking state [ 1641.912328][ T2946] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1641.972078][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1641.980878][T25238] loop3: detected capacity change from 0 to 128 [ 1641.988162][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1642.004029][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1642.012208][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1642.027922][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1642.036251][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1642.048317][T25238] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1642.049965][T25195] device veth0_vlan entered promiscuous mode [ 1642.059311][T25238] ext4 filesystem being mounted at /root/syzkaller-testdir2383864459/syzkaller.4v5i5M/224/mnt supports timestamps until 2038 (0x7fffffff) [ 1642.085370][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1642.096436][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1642.104667][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1642.111978][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1642.128496][T25195] device veth1_macvtap entered promiscuous mode [ 1642.136838][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1642.144619][ T60] usb 2-1: Using ep0 maxpacket: 16 [ 1642.145205][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1642.166422][T25248] loop3: detected capacity change from 0 to 2048 [ 1642.167400][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1642.191473][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1642.199820][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1642.208088][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1642.218131][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1642.245829][T25248] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1642.263895][ T60] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 1642.273387][ T60] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 1642.284359][T28743] device bridge_slave_1 left promiscuous mode [ 1642.290307][T28743] bridge0: port 2(bridge_slave_1) entered disabled state [ 1642.297730][T28743] device bridge_slave_0 left promiscuous mode [ 1642.303777][ T60] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 1642.313395][T28743] bridge0: port 1(bridge_slave_0) entered disabled state [ 1642.320472][ T60] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 1642.324522][T25258] loop4: detected capacity change from 0 to 1024 [ 1642.330112][ T60] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 1642.330140][ T60] usb 2-1: config 1 interface 0 has no altsetting 0 [ 1642.352899][ T60] usb 2-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 1642.361804][ T60] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1642.370828][T28743] device veth1_macvtap left promiscuous mode [ 1642.386073][T23087] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1642.406158][T28743] device veth0_vlan left promiscuous mode [ 1642.425552][ T60] ums-sddr09 2-1:1.0: USB Mass Storage device detected [ 1642.431794][T23087] EXT4-fs error (device loop3): __ext4_iget:4892: inode #13: block 127754: comm syz-executor.3: invalid block [ 1642.463177][T23087] EXT4-fs error (device loop3): __ext4_iget:4892: inode #13: block 127754: comm syz-executor.3: invalid block [ 1642.463328][T25258] EXT4-fs (loop4): mounted filesystem without journal. Opts: noauto_da_alloc,max_dir_size_kb=0x0000000000000001,dioread_lock,norecovery,abort,lazytime,noload,nojournal_checksum,noauto_da_alloc,,errors=continue. Quota mode: none. [ 1642.516663][T25258] incfs: iterate_incfs_dir / -22 [ 1642.540329][T25195] EXT4-fs error (device loop4): ext4_lookup:1859: inode #2: comm syz-executor.4: deleted inode referenced: 11 [ 1642.558957][T25195] EXT4-fs error (device loop4): ext4_lookup:1859: inode #2: comm syz-executor.4: deleted inode referenced: 11 [ 1642.683216][ T60] ums-sddr09: probe of 2-1:1.0 failed with error -22 [ 1642.692542][ T60] usb 2-1: USB disconnect, device number 7 [ 1643.584242][T25305] bridge0: port 1(bridge_slave_0) entered blocking state [ 1643.597349][T25305] bridge0: port 1(bridge_slave_0) entered disabled state [ 1643.626539][T25305] device bridge_slave_0 entered promiscuous mode [ 1643.647826][T25305] bridge0: port 2(bridge_slave_1) entered blocking state [ 1643.667396][T25305] bridge0: port 2(bridge_slave_1) entered disabled state [ 1643.675405][T25312] loop1: detected capacity change from 0 to 128 [ 1643.691942][T25305] device bridge_slave_1 entered promiscuous mode [ 1643.738928][T25312] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1643.739525][T25302] loop2: detected capacity change from 0 to 40427 [ 1643.750577][T25312] ext4 filesystem being mounted at /root/syzkaller-testdir2042907881/syzkaller.f1kfrd/239/mnt supports timestamps until 2038 (0x7fffffff) [ 1643.789035][T25302] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 1643.796582][T25302] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 1643.837796][T25302] F2FS-fs (loop2): invalid crc value [ 1643.848916][T25312] fscrypt: loop1: 1 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 12 [ 1643.883829][T25302] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1643.914538][T25310] bridge0: port 1(bridge_slave_0) entered blocking state [ 1643.922723][T25310] bridge0: port 1(bridge_slave_0) entered disabled state [ 1643.923741][T25302] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 1643.930057][T25310] device bridge_slave_0 entered promiscuous mode [ 1643.936625][T25302] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1643.951279][T25310] bridge0: port 2(bridge_slave_1) entered blocking state [ 1643.958118][T25310] bridge0: port 2(bridge_slave_1) entered disabled state [ 1644.017224][T25310] device bridge_slave_1 entered promiscuous mode [ 1644.334450][T25335] netem: change failed [ 1644.356671][ T10] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 1644.365833][ T10] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 1644.390812][T28743] device bridge_slave_1 left promiscuous mode [ 1644.403129][T28743] bridge0: port 2(bridge_slave_1) entered disabled state [ 1644.413285][T28743] device bridge_slave_0 left promiscuous mode [ 1644.420519][T28743] bridge0: port 1(bridge_slave_0) entered disabled state [ 1644.431728][T28743] device bridge_slave_1 left promiscuous mode [ 1644.438576][T28743] bridge0: port 2(bridge_slave_1) entered disabled state [ 1644.448056][T28743] device bridge_slave_0 left promiscuous mode [ 1644.454102][T28743] bridge0: port 1(bridge_slave_0) entered disabled state [ 1644.462798][T28743] device veth1_macvtap left promiscuous mode [ 1644.468914][T28743] device veth0_vlan left promiscuous mode [ 1644.475084][T28743] device veth1_macvtap left promiscuous mode [ 1644.481103][T28743] device veth0_vlan left promiscuous mode [ 1644.536183][T25353] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1644.602587][T25364] loop2: detected capacity change from 0 to 2048 [ 1644.637288][T25364] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities [ 1645.599190][T25366] overlayfs: failed to resolve './file2': -2 [ 1645.635713][T20242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1645.643161][T20242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1645.661907][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1645.670486][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1645.678685][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 1645.685546][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1645.693035][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1645.752605][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1645.760842][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 1645.767688][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1645.776961][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1645.792858][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1645.800865][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1645.817307][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1645.838421][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1645.861017][T25381] serio: Serial port pts0 [ 1645.872956][T25383] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1645.899264][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1645.907238][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1645.915783][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1645.924792][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1645.932825][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 1645.939764][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1645.946964][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1645.955164][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1645.963114][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 1645.969931][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1645.977308][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1645.985470][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1645.993661][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1646.001374][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1646.009370][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1646.016893][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1646.024180][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1646.042895][T25394] syz-executor.2[25394] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1646.042950][T25305] device veth0_vlan entered promiscuous mode [ 1646.042975][T25394] syz-executor.2[25394] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1646.068255][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1646.103312][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1646.117910][T25305] device veth1_macvtap entered promiscuous mode [ 1646.128856][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1646.137372][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1646.146750][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1646.154400][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1646.162444][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1646.180179][T25394] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1646.195118][T25409] syz-executor.1[25409] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1646.195201][T25409] syz-executor.1[25409] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1646.207615][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1646.231987][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1646.244086][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1646.252594][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1646.261790][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1646.270285][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1646.283394][T25417] serio: Serial port pts0 [ 1646.298776][T25310] device veth0_vlan entered promiscuous mode [ 1646.312728][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1646.327654][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1646.337075][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1646.347547][T25428] loop2: detected capacity change from 0 to 128 [ 1646.361394][T25310] device veth1_macvtap entered promiscuous mode [ 1646.378634][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1646.459578][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1646.489183][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1646.497760][T25428] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1646.508454][T25428] ext4 filesystem being mounted at /root/syzkaller-testdir2620434001/syzkaller.qXMdLG/46/mnt supports timestamps until 2038 (0x7fffffff) [ 1646.533660][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1646.797968][T25428] fscrypt: loop2: 1 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 12 [ 1646.801222][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1646.829529][T25443] loop4: detected capacity change from 0 to 2048 [ 1646.857044][T25436] loop3: detected capacity change from 0 to 40427 [ 1646.873298][T25450] syz-executor.1[25450] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1646.873353][T25450] syz-executor.1[25450] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1646.890770][T25436] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1646.924568][T25443] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1646.968337][T25436] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1646.994766][T25305] attempt to access beyond end of device [ 1646.994766][T25305] loop3: rw=2049, want=45104, limit=40427 [ 1647.000039][T25310] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1647.028329][T25310] EXT4-fs error (device loop4): __ext4_iget:4892: inode #13: block 127754: comm syz-executor.4: invalid block [ 1647.043815][T25310] EXT4-fs error (device loop4): __ext4_iget:4892: inode #13: block 127754: comm syz-executor.4: invalid block [ 1647.074291][T25473] loop2: detected capacity change from 0 to 128 [ 1647.097912][T25473] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1647.118989][T25473] ext4 filesystem being mounted at /root/syzkaller-testdir2620434001/syzkaller.qXMdLG/51/mnt supports timestamps until 2038 (0x7fffffff) [ 1647.147407][T25473] fscrypt: loop2: 1 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 12 [ 1647.330235][T25489] bridge0: port 1(bridge_slave_0) entered blocking state [ 1647.339318][T25489] bridge0: port 1(bridge_slave_0) entered disabled state [ 1647.346871][T25489] device bridge_slave_0 entered promiscuous mode [ 1647.357269][T25489] bridge0: port 2(bridge_slave_1) entered blocking state [ 1647.364239][T25489] bridge0: port 2(bridge_slave_1) entered disabled state [ 1647.371931][T25489] device bridge_slave_1 entered promiscuous mode [ 1647.567345][T25489] bridge0: port 2(bridge_slave_1) entered blocking state [ 1647.574252][T25489] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1647.581357][T25489] bridge0: port 1(bridge_slave_0) entered blocking state [ 1647.588183][T25489] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1647.855977][ T1048] bridge0: port 1(bridge_slave_0) entered disabled state [ 1647.865183][ T1048] bridge0: port 2(bridge_slave_1) entered disabled state [ 1647.921395][ T1048] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1647.931201][ T1048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1647.977670][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1647.996125][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1648.028527][ T2946] bridge0: port 1(bridge_slave_0) entered blocking state [ 1648.035398][ T2946] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1648.073266][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1648.095907][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1648.117304][ T2946] bridge0: port 2(bridge_slave_1) entered blocking state [ 1648.124192][ T2946] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1648.137876][T25499] loop3: detected capacity change from 0 to 40427 [ 1648.160651][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1648.171601][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1648.179532][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1648.187508][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1648.197970][T25499] F2FS-fs (loop3): invalid crc value [ 1648.204601][ T10] device bridge_slave_1 left promiscuous mode [ 1648.211391][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 1648.225665][ T10] device bridge_slave_0 left promiscuous mode [ 1648.239234][T25499] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1648.260272][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 1648.287408][ T10] device veth1_macvtap left promiscuous mode [ 1648.301810][ T10] device veth0_vlan left promiscuous mode [ 1648.311077][T25515] netlink: 'syz-executor.2': attribute type 10 has an invalid length. [ 1648.324758][T25515] netlink: 148 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1648.366190][T25499] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1648.409693][T25305] attempt to access beyond end of device [ 1648.409693][T25305] loop3: rw=2049, want=45104, limit=40427 [ 1648.519064][T25528] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 1648.536954][T25530] syz-executor.2[25530] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1648.537038][T25530] syz-executor.2[25530] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1648.676728][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1648.735295][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1648.753059][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1648.770973][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1648.817584][T25489] device veth0_vlan entered promiscuous mode [ 1648.977557][T25545] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=25545 comm=syz-executor.2 [ 1649.094786][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1649.102632][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1649.119643][T25489] device veth1_macvtap entered promiscuous mode [ 1649.126644][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1649.135503][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1649.140062][T25549] netlink: 'syz-executor.0': attribute type 10 has an invalid length. [ 1649.143547][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1649.168496][T20242] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1649.176675][T20242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1649.181345][T25549] netlink: 148 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1649.186527][T20242] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1649.202335][T20242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1649.285827][T25508] loop1: detected capacity change from 0 to 131072 [ 1649.321900][T25508] F2FS-fs (loop1): invalid crc value [ 1649.333084][T25508] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1649.374999][T25508] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 1649.412865][T25584] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1649.539559][T25595] syz-executor.4[25595] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1649.539655][T25595] syz-executor.4[25595] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1649.705463][ T1048] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 1649.972313][ T1048] usb 3-1: Using ep0 maxpacket: 8 [ 1650.086984][ T1048] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 238, changing to 11 [ 1650.110904][ T1048] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 16 [ 1650.143753][ T1048] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 1650.248702][ T1048] usb 3-1: New USB device found, idVendor=0001, idProduct=8000, bcdDevice= 0.00 [ 1650.268249][ T1048] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1650.276104][ T1048] usb 3-1: SerialNumber: syz [ 1650.363259][T25588] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1650.402646][ T1048] hub 3-1:1.0: bad descriptor, ignoring hub [ 1650.409790][ T1048] hub: probe of 3-1:1.0 failed with error -5 [ 1650.551175][T25637] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 1650.592111][T25641] incfs: Options parsing error. -22 [ 1650.597158][T25641] incfs: mount failed -22 [ 1650.599828][T25588] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1650.703706][T25615] loop1: detected capacity change from 0 to 131072 [ 1650.759446][T25615] F2FS-fs (loop1): invalid crc value [ 1650.766846][T25615] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1650.805964][T25615] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 1651.048932][T25667] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 1651.056871][T25671] bpf_get_probe_write_proto: 2 callbacks suppressed [ 1651.056900][T25671] syz-executor.3[25671] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1651.064904][T25671] syz-executor.3[25671] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1651.081705][T25673] incfs: Options parsing error. -22 [ 1651.100746][T25673] incfs: mount failed -22 [ 1651.335332][ T1048] cdc_ether: probe of 3-1:1.0 failed with error -71 [ 1651.363682][ T1048] usb 3-1: USB disconnect, device number 18 [ 1652.224365][T25688] syz-executor.1[25688] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1652.224446][T25688] syz-executor.1[25688] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1652.250626][T25682] loop2: detected capacity change from 0 to 256 [ 1652.344838][T25681] loop3: detected capacity change from 0 to 40427 [ 1652.445952][T25681] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1652.482509][T25681] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1652.513718][T25305] attempt to access beyond end of device [ 1652.513718][T25305] loop3: rw=2049, want=45104, limit=40427 [ 1652.793029][ T60] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 1652.881204][T25719] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 1652.942869][T25727] incfs: Options parsing error. -22 [ 1652.948095][T25727] incfs: mount failed -22 [ 1652.954829][T25710] loop4: detected capacity change from 0 to 40427 [ 1652.975755][T25710] F2FS-fs (loop4): invalid crc value [ 1652.982116][T25710] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1652.984112][T25734] syz-executor.3[25734] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1652.988252][T25734] syz-executor.3[25734] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1653.001508][T25731] incfs: Can't find or create .index dir in ./file0 [ 1653.020092][T25731] incfs: mount failed -14 [ 1653.020349][T25734] syz-executor.3[25734] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1653.029867][T25734] syz-executor.3[25734] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1653.038195][T25710] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1653.090452][T25489] attempt to access beyond end of device [ 1653.090452][T25489] loop4: rw=2049, want=45104, limit=40427 [ 1653.149039][T25751] incfs: Options parsing error. -22 [ 1653.154180][T25751] incfs: mount failed -22 [ 1653.174034][ T60] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1653.185615][ T60] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1653.195249][ T60] usb 2-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00 [ 1653.204059][ T60] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1653.213224][ T60] usb 2-1: config 0 descriptor?? [ 1653.242172][T25764] syz-executor.3[25764] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1653.242256][T25764] syz-executor.3[25764] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1653.337812][T25773] loop3: detected capacity change from 0 to 256 [ 1653.337969][T25774] tmpfs: Unknown parameter 'nolazytime' [ 1653.448014][T25763] loop2: detected capacity change from 0 to 40427 [ 1653.499922][T25763] F2FS-fs (loop2): invalid crc value [ 1653.506494][T25763] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1653.559365][T25763] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1653.778015][ T60] logitech-djreceiver 0003:046D:C71B.0129: unknown main item tag 0x0 [ 1653.790098][ T60] logitech-djreceiver 0003:046D:C71B.0129: unknown main item tag 0x0 [ 1653.798671][ T60] logitech-djreceiver 0003:046D:C71B.0129: unknown main item tag 0x0 [ 1653.806676][ T60] logitech-djreceiver 0003:046D:C71B.0129: unknown main item tag 0x0 [ 1653.817292][T24914] attempt to access beyond end of device [ 1653.817292][T24914] loop2: rw=2049, want=45104, limit=40427 [ 1653.835532][ T60] logitech-djreceiver 0003:046D:C71B.0129: unknown main item tag 0x0 [ 1653.843630][ T60] logitech-djreceiver 0003:046D:C71B.0129: unknown main item tag 0x0 [ 1653.999315][ T60] logitech-djreceiver 0003:046D:C71B.0129: unknown main item tag 0x0 [ 1654.008877][ T60] usb 2-1: USB disconnect, device number 8 [ 1654.497828][T25826] device veth1_macvtap left promiscuous mode [ 1654.505087][T25826] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 1654.564265][T25832] incfs: Options parsing error. -22 [ 1654.569555][T25832] incfs: mount failed -22 [ 1655.023515][T25861] overlayfs: unrecognized mount option "Dd|')b!wг [ 1667.531869][ T10] tipc: Left network mode [ 1667.647576][T26650] bridge0: port 1(bridge_slave_0) entered blocking state [ 1667.654804][T26650] bridge0: port 1(bridge_slave_0) entered disabled state [ 1667.662325][T26650] device bridge_slave_0 entered promiscuous mode [ 1667.673131][T26650] bridge0: port 2(bridge_slave_1) entered blocking state [ 1667.680058][T26650] bridge0: port 2(bridge_slave_1) entered disabled state [ 1667.687315][T26650] device bridge_slave_1 entered promiscuous mode [ 1667.762809][T26650] bridge0: port 2(bridge_slave_1) entered blocking state [ 1667.769702][T26650] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1667.776834][T26650] bridge0: port 1(bridge_slave_0) entered blocking state [ 1667.783685][T26650] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1667.815216][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1667.823296][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 1667.830936][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 1667.853673][T25295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1667.862449][T25295] bridge0: port 1(bridge_slave_0) entered blocking state [ 1667.869411][T25295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1667.876882][T25295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1667.885245][T25295] bridge0: port 2(bridge_slave_1) entered blocking state [ 1667.892105][T25295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1667.901013][T25295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1667.908952][T25295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1667.928400][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1667.941375][T26650] device veth0_vlan entered promiscuous mode [ 1667.948258][T25295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1667.956035][T26648] loop4: detected capacity change from 0 to 131072 [ 1667.963204][T25295] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1667.970715][T25295] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1667.988381][T26650] device veth1_macvtap entered promiscuous mode [ 1667.991235][T26648] F2FS-fs (loop4): invalid crc value [ 1667.995550][T25295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1668.009595][T26648] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1668.013582][T25295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1668.033190][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1668.048246][T26648] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 1668.059965][T26648] SELinux: Context system_u:object_r:semanage_store_t:s0 is not valid (left unmapped). [ 1668.178286][T26673] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=26673 comm=syz-executor.0 [ 1668.263524][T26669] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 1668.640496][T20241] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 1668.698947][T26686] bridge0: port 1(bridge_slave_0) entered blocking state [ 1668.705824][T26686] bridge0: port 1(bridge_slave_0) entered disabled state [ 1668.713188][T26686] device bridge_slave_0 entered promiscuous mode [ 1668.716281][ T1048] uclogic 0003:256C:006D.012D: failed retrieving string descriptor #100: -71 [ 1668.720487][T26686] bridge0: port 2(bridge_slave_1) entered blocking state [ 1668.728113][ T1048] uclogic 0003:256C:006D.012D: failed retrieving pen parameters: -71 [ 1668.734781][T26686] bridge0: port 2(bridge_slave_1) entered disabled state [ 1668.742988][ T1048] uclogic 0003:256C:006D.012D: failed probing pen v1 parameters: -71 [ 1668.750518][T26686] device bridge_slave_1 entered promiscuous mode [ 1668.762019][ T1048] uclogic 0003:256C:006D.012D: failed probing parameters: -71 [ 1668.771208][ T1048] uclogic: probe of 0003:256C:006D.012D failed with error -71 [ 1668.779882][ T1048] usb 4-1: USB disconnect, device number 36 [ 1668.836904][T26686] bridge0: port 2(bridge_slave_1) entered blocking state [ 1668.843868][T26686] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1668.850943][T26686] bridge0: port 1(bridge_slave_0) entered blocking state [ 1668.857717][T26686] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1668.868761][T20241] usb 2-1: Using ep0 maxpacket: 8 [ 1668.887167][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1668.895959][ T332] bridge0: port 1(bridge_slave_0) entered disabled state [ 1668.903300][ T332] bridge0: port 2(bridge_slave_1) entered disabled state [ 1668.914599][T25295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1668.922791][T25295] bridge0: port 1(bridge_slave_0) entered blocking state [ 1668.929647][T25295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1668.944736][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1668.952995][ T332] bridge0: port 2(bridge_slave_1) entered blocking state [ 1668.959841][ T332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1668.967036][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1668.974918][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1668.992598][T20241] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 1669.007175][T26686] device veth0_vlan entered promiscuous mode [ 1669.010162][T20241] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1669.024654][T26686] device veth1_macvtap entered promiscuous mode [ 1669.033893][T20241] usb 2-1: config 0 descriptor?? [ 1669.041176][ T1048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1669.049431][ T1048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1669.057343][ T1048] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1669.064898][ T1048] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1669.072846][ T1048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1669.119789][T20242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1669.128507][T20242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1669.175272][ T10] device bridge_slave_1 left promiscuous mode [ 1669.181216][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 1669.189339][ T10] device bridge_slave_0 left promiscuous mode [ 1669.205655][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 1669.214472][ T10] device veth1_macvtap left promiscuous mode [ 1669.220328][ T10] device veth0_vlan left promiscuous mode [ 1669.356537][T26711] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 1669.433744][T26725] syz-executor.3[26725] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1669.433812][T26725] syz-executor.3[26725] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1669.813728][ T30] kauditd_printk_skb: 285 callbacks suppressed [ 1669.813744][ T30] audit: type=1326 audit(2268436402.294:127819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26771 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efda2d1cea9 code=0x7ffc0000 [ 1669.857317][ T30] audit: type=1326 audit(2268436402.294:127820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26771 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efda2d1cea9 code=0x7ffc0000 [ 1669.883544][ T30] audit: type=1326 audit(2268436402.367:127821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26771 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efda2d1cea9 code=0x7ffc0000 [ 1669.911017][ T30] audit: type=1326 audit(2268436402.367:127822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26771 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efda2d1cea9 code=0x7ffc0000 [ 1669.963632][T26778] loop4: detected capacity change from 0 to 512 [ 1669.970132][ T30] audit: type=1326 audit(2268436402.420:127823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26771 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efda2d1cea9 code=0x7ffc0000 [ 1670.002753][ T30] audit: type=1326 audit(2268436402.420:127824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26771 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efda2d1cea9 code=0x7ffc0000 [ 1670.029181][ T30] audit: type=1326 audit(2268436402.420:127825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26771 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efda2d1a627 code=0x7ffc0000 [ 1670.053245][ T30] audit: type=1326 audit(2268436402.430:127826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26771 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efda2ce0309 code=0x7ffc0000 [ 1670.079360][ T30] audit: type=1326 audit(2268436402.430:127827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26771 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efda2d1cea9 code=0x7ffc0000 [ 1670.120736][ T30] audit: type=1326 audit(2268436402.430:127828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26771 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efda2d1a627 code=0x7ffc0000 [ 1670.120797][T26778] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1670.160975][T26785] EXT4-fs warning (device sda1): ext4_group_extend:1822: can't shrink FS - resize aborted [ 1670.172397][T26778] ext4 filesystem being mounted at /root/syzkaller-testdir3099400273/syzkaller.xI5L63/113/w5T)`)YFnA@T<3ڂ$rcnHwC" -8 supports timestamps until 2038 (0x7fffffff) [ 1670.192990][T20241] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 1670.203388][T20241] asix: probe of 2-1:0.0 failed with error -71 [ 1670.210689][T20241] usb 2-1: USB disconnect, device number 10 [ 1670.539249][T26811] loop2: detected capacity change from 0 to 512 [ 1670.572104][T26811] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1670.590660][T26811] ext4 filesystem being mounted at /root/syzkaller-testdir207366701/syzkaller.Sc4DmR/11/w5T)`)YFnA@T<3ڂ$rcnHwC" -8 supports timestamps until 2038 (0x7fffffff) [ 1670.719951][T26837] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=26837 comm=syz-executor.1 [ 1670.758853][T26843] loop2: detected capacity change from 0 to 512 [ 1670.778951][T26846] loop1: detected capacity change from 0 to 256 [ 1670.823815][T26843] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1670.836916][T26846] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x38db593b, utbl_chksum : 0xe619d30d) [ 1670.841621][T26843] ext4 filesystem being mounted at /root/syzkaller-testdir207366701/syzkaller.Sc4DmR/14/w5T)`)YFnA@T<3ڂ$rcnHwC" -8 supports timestamps until 2038 (0x7fffffff) [ 1671.401371][T26846] device pim6reg1 entered promiscuous mode [ 1671.621194][T26868] loop2: detected capacity change from 0 to 256 [ 1671.659639][T26873] bridge0: port 3(syz_tun) entered blocking state [ 1671.665954][T26873] bridge0: port 3(syz_tun) entered disabled state [ 1671.710804][T26873] device syz_tun entered promiscuous mode [ 1671.716757][T26873] bridge0: port 3(syz_tun) entered blocking state [ 1671.723001][T26873] bridge0: port 3(syz_tun) entered forwarding state [ 1671.740981][T26874] fuse: Invalid rootmode [ 1671.882503][T26873] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 1671.904800][T26876] syz-executor.0[26876] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1671.904884][T26876] syz-executor.0[26876] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1671.917824][T26876] syz-executor.0[26876] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1671.929795][T26876] syz-executor.0[26876] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1672.150057][T26890] loop2: detected capacity change from 0 to 40427 [ 1672.206039][T26890] F2FS-fs (loop2): invalid crc value [ 1672.212987][T26890] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1672.250431][T26890] F2FS-fs (loop2): Cannot turn on quotas: -2 on 1 [ 1672.257410][T26890] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1672.281463][T26686] attempt to access beyond end of device [ 1672.281463][T26686] loop2: rw=2049, want=45104, limit=40427 [ 1672.391427][T26904] syz-executor.1[26904] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1672.391512][T26904] syz-executor.1[26904] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1672.423892][T26904] syz-executor.1[26904] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1672.438366][T26904] syz-executor.1[26904] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1672.473214][T26910] loop2: detected capacity change from 0 to 256 [ 1672.681262][T26918] binder: 26917:26918 ioctl c018620c 200001c0 returned -22 [ 1672.991069][T26943] binder: 26942:26943 ioctl c018620c 200001c0 returned -22 [ 1673.007427][T26945] netlink: 'syz-executor.1': attribute type 5 has an invalid length. [ 1673.102823][ T332] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 1673.187344][T26948] loop1: detected capacity change from 0 to 40427 [ 1673.229637][T26948] F2FS-fs (loop1): invalid crc value [ 1673.241016][T26948] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1673.273122][T26948] F2FS-fs (loop1): Cannot turn on quotas: -2 on 1 [ 1673.279885][T26948] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1673.298801][T26650] attempt to access beyond end of device [ 1673.298801][T26650] loop1: rw=2049, want=45104, limit=40427 [ 1673.481154][ T332] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1673.491945][ T332] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1673.501773][ T332] usb 3-1: New USB device found, idVendor=045e, idProduct=009d, bcdDevice= 0.00 [ 1673.510617][ T332] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1673.519347][ T332] usb 3-1: config 0 descriptor?? [ 1673.968217][ T332] microsoft 0003:045E:009D.012E: hidraw0: USB HID v0.00 Device [HID 045e:009d] on usb-dummy_hcd.2-1/input0 [ 1673.979502][ T332] microsoft 0003:045E:009D.012E: no inputs found [ 1673.985575][ T332] microsoft 0003:045E:009D.012E: could not initialize ff, continuing anyway [ 1674.158719][ T332] usb 3-1: USB disconnect, device number 19 [ 1674.325509][T26998] device pim6reg1 entered promiscuous mode [ 1674.471811][ T6] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 1674.572785][T27010] loop1: detected capacity change from 0 to 40427 [ 1674.615646][T27010] F2FS-fs (loop1): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 1674.623193][T27010] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1674.632321][T27010] F2FS-fs (loop1): invalid crc value [ 1674.639244][T27010] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1674.662196][T27010] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1674.669147][T27010] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1674.682528][T26650] attempt to access beyond end of device [ 1674.682528][T26650] loop1: rw=2049, want=45104, limit=40427 [ 1674.815267][ T6] usb 4-1: config index 0 descriptor too short (expected 45, got 36) [ 1674.823320][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 1674.834882][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 1674.845973][ T6] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1674.858790][ T6] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1674.867850][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1674.876908][ T6] usb 4-1: config 0 descriptor?? [ 1674.900769][T26993] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 1675.445104][T27063] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1675.463842][ T6] plantronics 0003:047F:FFFF.012F: unknown main item tag 0xd [ 1675.472076][ T6] plantronics 0003:047F:FFFF.012F: No inputs registered, leaving [ 1675.481629][ T6] plantronics 0003:047F:FFFF.012F: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 1675.674174][T27070] loop4: detected capacity change from 0 to 40427 [ 1675.703944][T27070] F2FS-fs (loop4): invalid crc value [ 1675.710609][T27070] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1675.747419][ T1268] usb 4-1: USB disconnect, device number 37 [ 1675.748236][T27070] F2FS-fs (loop4): Cannot turn on quotas: -2 on 1 [ 1675.773952][T27083] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1675.783194][T27070] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1675.809236][T25489] attempt to access beyond end of device [ 1675.809236][T25489] loop4: rw=2049, want=45104, limit=40427 [ 1675.899781][T27093] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1676.035887][ T30] kauditd_printk_skb: 1135 callbacks suppressed [ 1676.035904][ T30] audit: type=1326 audit(2268436408.821:128964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27101 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efda2d1a627 code=0x7ffc0000 [ 1676.080451][ T30] audit: type=1326 audit(2268436408.821:128965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27101 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efda2ce0309 code=0x7ffc0000 [ 1676.106629][ T30] audit: type=1326 audit(2268436408.821:128966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27101 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efda2d1a627 code=0x7ffc0000 [ 1676.130856][ T30] audit: type=1326 audit(2268436408.821:128967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27101 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efda2ce0309 code=0x7ffc0000 [ 1676.155009][ T30] audit: type=1326 audit(2268436408.821:128968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27101 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efda2d1a627 code=0x7ffc0000 [ 1676.201539][ T30] audit: type=1326 audit(2268436408.821:128969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27101 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efda2ce0309 code=0x7ffc0000 [ 1676.226571][ T30] audit: type=1326 audit(2268436408.821:128970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27101 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efda2d1a627 code=0x7ffc0000 [ 1676.255535][ T30] audit: type=1326 audit(2268436408.821:128971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27101 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efda2ce0309 code=0x7ffc0000 [ 1676.311214][ T30] audit: type=1326 audit(2268436408.821:128972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27101 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efda2d1a627 code=0x7ffc0000 [ 1676.323315][T27113] 9pnet: Insufficient options for proto=fd [ 1676.358745][ T30] audit: type=1326 audit(2268436408.821:128973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27101 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efda2ce0309 code=0x7ffc0000 [ 1676.391320][T27113] 9pnet: Insufficient options for proto=fd [ 1676.500383][T27115] loop1: detected capacity change from 0 to 40427 [ 1676.550841][T27115] F2FS-fs (loop1): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 1676.559925][T27115] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1676.579572][T27115] F2FS-fs (loop1): invalid crc value [ 1676.602265][T27115] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1676.652019][T27115] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1676.663196][T27115] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1676.681451][T27136] bridge0: port 1(bridge_slave_0) entered blocking state [ 1676.688657][T27136] bridge0: port 1(bridge_slave_0) entered disabled state [ 1676.696320][T27136] device bridge_slave_0 entered promiscuous mode [ 1676.711876][T27136] bridge0: port 2(bridge_slave_1) entered blocking state [ 1676.719772][T27136] bridge0: port 2(bridge_slave_1) entered disabled state [ 1676.727406][T27136] device bridge_slave_1 entered promiscuous mode [ 1676.748170][T26650] attempt to access beyond end of device [ 1676.748170][T26650] loop1: rw=2049, want=45104, limit=40427 [ 1676.816975][T27148] 9pnet: Insufficient options for proto=fd [ 1676.825657][T27148] 9pnet: Insufficient options for proto=fd [ 1676.858820][T27136] bridge0: port 2(bridge_slave_1) entered blocking state [ 1676.865698][T27136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1676.872810][T27136] bridge0: port 1(bridge_slave_0) entered blocking state [ 1676.879584][T27136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1676.922131][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1676.929822][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 1676.937041][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 1676.965006][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1676.974076][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 1676.980943][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1676.989213][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1676.997485][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 1677.004322][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1677.011986][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1677.019877][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1677.058440][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1677.068824][T27165] syz-executor.1[27165] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1677.068893][T27165] syz-executor.1[27165] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1677.101390][T27136] device veth0_vlan entered promiscuous mode [ 1677.108959][T27167] loop1: detected capacity change from 0 to 256 [ 1677.127914][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1677.136515][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1677.153222][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1677.175391][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1677.186264][T27136] device veth1_macvtap entered promiscuous mode [ 1677.195278][T27167] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x38db593b, utbl_chksum : 0xe619d30d) [ 1677.201087][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1677.233119][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1677.257250][ T10] device bridge_slave_1 left promiscuous mode [ 1677.267728][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 1677.289815][ T10] device bridge_slave_0 left promiscuous mode [ 1677.313639][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 1677.360515][ T10] device veth0_vlan left promiscuous mode [ 1677.551387][T27183] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1099 sclass=netlink_route_socket pid=27183 comm=syz-executor.4 [ 1677.934464][T27189] overlayfs: statfs failed on './file0' [ 1678.075610][T27156] loop2: detected capacity change from 0 to 131072 [ 1678.133766][T27156] F2FS-fs (loop2): invalid crc value [ 1678.143420][T27156] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1678.163406][T27208] syz-executor.3[27208] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1678.163482][T27208] syz-executor.3[27208] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1678.182406][T27156] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 1678.225928][T27222] loop4: detected capacity change from 0 to 512 [ 1678.323033][T27222] EXT4-fs (loop4): 1 truncate cleaned up [ 1678.328521][T27222] EXT4-fs (loop4): mounted filesystem without journal. Opts: prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,sysvgroups,nolazytime,errors=continue,grpjquota=,,errors=continue. Quota mode: writeback. [ 1678.409462][T27136] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 13: comm syz-executor.4: path /root/syzkaller-testdir3254786134/syzkaller.CzUxQ0/4/file2: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=196608, rec_len=0, size=1024 fake=0 [ 1678.443706][T27234] loop3: detected capacity change from 0 to 2048 [ 1678.446027][T27136] EXT4-fs error (device loop4): ext4_lookup:1855: inode #11: comm syz-executor.4: iget: checksum invalid [ 1678.461277][T27136] EXT4-fs error (device loop4): ext4_lookup:1855: inode #11: comm syz-executor.4: iget: checksum invalid [ 1678.505048][T27236] input: syz1 as /devices/virtual/input/input200 [ 1678.533537][T27240] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 1678.585343][T27245] syz-executor.3[27245] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1678.585421][T27245] syz-executor.3[27245] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1678.649614][T27247] bridge0: port 1(bridge_slave_0) entered blocking state [ 1678.668614][T27247] bridge0: port 1(bridge_slave_0) entered disabled state [ 1678.676469][T27247] device bridge_slave_0 entered promiscuous mode [ 1678.679506][T27247] bridge0: port 2(bridge_slave_1) entered blocking state [ 1678.679522][T27247] bridge0: port 2(bridge_slave_1) entered disabled state [ 1678.679943][T27247] device bridge_slave_1 entered promiscuous mode [ 1678.765379][T27247] bridge0: port 2(bridge_slave_1) entered blocking state [ 1678.772355][T27247] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1678.779474][T27247] bridge0: port 1(bridge_slave_0) entered blocking state [ 1678.786307][T27247] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1678.803609][T27267] loop2: detected capacity change from 0 to 2048 [ 1678.814191][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1678.822170][ T2946] bridge0: port 1(bridge_slave_0) entered disabled state [ 1678.830296][ T2946] bridge0: port 2(bridge_slave_1) entered disabled state [ 1678.841294][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1678.849485][ T1268] bridge0: port 1(bridge_slave_0) entered blocking state [ 1678.851032][T27267] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1678.856342][ T1268] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1678.875875][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1678.884101][ T1268] bridge0: port 2(bridge_slave_1) entered blocking state [ 1678.890951][ T1268] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1678.898687][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1678.906447][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1678.926176][T27247] device veth0_vlan entered promiscuous mode [ 1678.932653][T20242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1678.940896][T20242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1678.948640][T20242] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1678.955824][T20242] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1678.962848][ T26] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 1678.978658][T27247] device veth1_macvtap entered promiscuous mode [ 1678.985198][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1678.993166][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1679.001179][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1679.016279][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1679.024318][ T2946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1679.037930][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1679.046076][ T1268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1679.064451][ T10] device bridge_slave_1 left promiscuous mode [ 1679.070458][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 1679.078421][ T10] device bridge_slave_0 left promiscuous mode [ 1679.084475][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 1679.093222][ T10] device veth1_macvtap left promiscuous mode [ 1679.099105][ T10] device veth0_vlan left promiscuous mode [ 1679.198342][ T1048] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 1679.208153][ T26] usb 4-1: Using ep0 maxpacket: 32 [ 1679.242820][T27284] syz-executor.1[27284] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1679.242887][T27284] syz-executor.1[27284] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1679.338460][T27281] loop4: detected capacity change from 0 to 40427 [ 1679.360752][ T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 1679.371840][ T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 1679.382974][ T26] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1679.383688][T27281] F2FS-fs (loop4): Unrecognized mount option "notiscard" or missing value [ 1679.391837][ T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1679.410233][ T26] usb 4-1: config 0 descriptor?? [ 1679.422400][T27292] overlayfs: statfs failed on './file0' [ 1679.428381][T27259] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1679.436614][ T1048] usb 3-1: Using ep0 maxpacket: 32 [ 1679.447202][ T26] hub 4-1:0.0: USB hub found [ 1679.483490][T27298] syz-executor.1[27298] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1679.483561][T27298] syz-executor.1[27298] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1679.703937][ T1048] usb 3-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 1679.717832][ T1048] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1679.725662][ T1048] usb 3-1: Product: syz [ 1679.729619][ T1048] usb 3-1: Manufacturer: syz [ 1679.734423][ T1048] usb 3-1: SerialNumber: syz [ 1679.884498][ T1268] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 1680.333351][ T1048] usb 3-1: config 0 descriptor?? [ 1680.704172][ T1268] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 1680.713119][ T1268] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1680.721587][ T1268] usb 2-1: config 0 descriptor?? [ 1680.832318][T27349] netlink: 'syz-executor.4': attribute type 2 has an invalid length. [ 1680.880624][T27355] 9pnet: Insufficient options for proto=fd [ 1680.889123][T27355] 9pnet: Insufficient options for proto=fd [ 1681.115511][ T30] kauditd_printk_skb: 151 callbacks suppressed [ 1681.115527][ T30] audit: type=1326 audit(2268436414.152:129125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27366 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb918a06ea9 code=0x7ffc0000 [ 1681.145906][ T30] audit: type=1326 audit(2268436414.152:129126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27366 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb918a06ea9 code=0x7ffc0000 [ 1681.170476][ T30] audit: type=1326 audit(2268436414.152:129127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27366 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb918a06ea9 code=0x7ffc0000 [ 1681.195137][ T30] audit: type=1326 audit(2268436414.215:129128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27366 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb918a06ea9 code=0x7ffc0000 [ 1681.220043][ T30] audit: type=1326 audit(2268436414.215:129129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27366 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb918a06ea9 code=0x7ffc0000 [ 1681.244427][ T30] audit: type=1326 audit(2268436414.215:129130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27366 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb918a06ea9 code=0x7ffc0000 [ 1681.268481][ T30] audit: type=1326 audit(2268436414.236:129131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27366 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb918a06ea9 code=0x7ffc0000 [ 1681.293548][ T30] audit: type=1326 audit(2268436414.236:129132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27366 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb918a06ea9 code=0x7ffc0000 [ 1681.317979][ T30] audit: type=1326 audit(2268436414.236:129133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27366 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb918a04627 code=0x7ffc0000 [ 1681.342091][ T30] audit: type=1326 audit(2268436414.236:129134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27366 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb9189ca309 code=0x7ffc0000 [ 1681.579470][T27379] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 1681.607025][T27381] loop3: detected capacity change from 0 to 256 [ 1681.618807][ T26] hub 4-1:0.0: config failed, can't read hub descriptor (err -22) [ 1681.672030][T27381] FAT-fs (loop3): Directory bread(block 64) failed [ 1681.693165][T27381] FAT-fs (loop3): Directory bread(block 65) failed [ 1681.704238][T27381] FAT-fs (loop3): Directory bread(block 66) failed [ 1681.710651][T27381] FAT-fs (loop3): Directory bread(block 67) failed [ 1681.717357][T27381] FAT-fs (loop3): Directory bread(block 68) failed [ 1681.723937][T27381] FAT-fs (loop3): Directory bread(block 69) failed [ 1681.730355][T27381] FAT-fs (loop3): Directory bread(block 70) failed [ 1681.736758][T27381] FAT-fs (loop3): Directory bread(block 71) failed [ 1681.743202][T27381] FAT-fs (loop3): Directory bread(block 72) failed [ 1681.749526][T27381] FAT-fs (loop3): Directory bread(block 73) failed [ 1681.755993][ T26] usbhid 4-1:0.0: can't add hid device: -71 [ 1681.761745][ T26] usbhid: probe of 4-1:0.0 failed with error -71 [ 1681.814358][ T26] usb 4-1: USB disconnect, device number 38 [ 1682.136644][T27373] loop4: detected capacity change from 0 to 131072 [ 1682.163975][T27373] F2FS-fs (loop4): invalid crc value [ 1683.375991][ T1268] usb 2-1: Cannot set autoneg [ 1683.380788][ T1268] MOSCHIP usb-ethernet driver: probe of 2-1:0.0 failed with error -71 [ 1683.463100][ T1268] usb 2-1: USB disconnect, device number 11 [ 1683.481176][T27395] loop1: detected capacity change from 0 to 256 [ 1683.488920][T27373] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1683.535614][T27395] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1683.538562][T27373] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 1683.546382][T27395] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 1683.571339][T27395] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 1684.207523][T27420] loop1: detected capacity change from 0 to 1024 [ 1684.231179][T27420] EXT4-fs (loop1): Unrecognized mount option "smackfsfloor=" or missing value [ 1684.853542][T27428] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1099 sclass=netlink_route_socket pid=27428 comm=syz-executor.2 [ 1684.921325][T27439] bpf_get_probe_write_proto: 2 callbacks suppressed [ 1684.921343][T27439] syz-executor.3[27439] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1684.937900][T27439] syz-executor.3[27439] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1685.897434][ T30] kauditd_printk_skb: 2881 callbacks suppressed [ 1685.897452][ T30] audit: type=1326 audit(2268436418.654:132013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27461 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe201782309 code=0x7ffc0000 [ 1685.940293][ T30] audit: type=1326 audit(2268436419.158:132014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27461 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe2017bc627 code=0x7ffc0000 [ 1685.964419][ T30] audit: type=1326 audit(2268436419.158:132015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27461 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe201782309 code=0x7ffc0000 [ 1686.041513][T27458] loop3: detected capacity change from 0 to 40427 [ 1686.054448][ T30] audit: type=1326 audit(2268436419.158:132016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27461 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2017beea9 code=0x7ffc0000 [ 1686.083088][ T30] audit: type=1326 audit(2268436419.158:132017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27461 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe2017bc627 code=0x7ffc0000 [ 1686.107434][ T30] audit: type=1326 audit(2268436419.158:132018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27461 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe201782309 code=0x7ffc0000 [ 1686.131671][ T30] audit: type=1326 audit(2268436419.158:132019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27461 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2017beea9 code=0x7ffc0000 [ 1686.138126][T27458] F2FS-fs (loop3): invalid crc value [ 1686.161223][ T30] audit: type=1326 audit(2268436419.158:132020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27461 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe2017bc627 code=0x7ffc0000 [ 1686.185463][ T30] audit: type=1326 audit(2268436419.158:132021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27461 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe201782309 code=0x7ffc0000 [ 1686.210571][T27458] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1686.224115][T27474] syz-executor.4[27474] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1686.224198][T27474] syz-executor.4[27474] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1686.239544][ T30] audit: type=1326 audit(2268436419.158:132022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27461 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe2017beea9 code=0x7ffc0000 [ 1686.275176][ T1048] rtl8150 3-1:0.0: couldn't reset the device [ 1686.281291][ T1048] rtl8150: probe of 3-1:0.0 failed with error -5 [ 1686.286136][T27458] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1686.290482][T27436] loop1: detected capacity change from 0 to 131072 [ 1686.312272][ T1048] usb 3-1: USB disconnect, device number 20 [ 1686.357071][T27436] F2FS-fs (loop1): invalid crc value [ 1686.363794][T27436] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1686.469527][T27436] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 1686.839636][T27513] loop4: detected capacity change from 0 to 128 [ 1686.852053][T27513] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 1) [ 1686.860640][T27513] FAT-fs (loop4): Filesystem has been set read-only [ 1687.022339][ T1048] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 1687.355649][ T2946] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 1687.632222][ T1048] usb 1-1: config index 0 descriptor too short (expected 804, got 36) [ 1687.640225][ T1048] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1687.669827][ T1048] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1687.688908][ T1048] usb 1-1: New USB device found, idVendor=172f, idProduct=0002, bcdDevice= 0.00 [ 1687.698511][ T2946] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1687.717869][ T2946] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1687.726642][ T1048] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1687.737029][T27529] loop2: detected capacity change from 0 to 131072 [ 1687.750637][ T1048] usb 1-1: config 0 descriptor?? [ 1687.794250][ T2946] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1687.804124][ T1048] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 1687.813710][T27529] F2FS-fs (loop2): invalid crc value [ 1687.829931][ T2946] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1687.838027][ T2946] usb 4-1: SerialNumber: syz [ 1687.842729][T27529] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1688.103257][T27529] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 1688.185616][ T2946] usb 4-1: 0:2 : does not exist [ 1688.379511][ T2946] usb 4-1: USB disconnect, device number 39 [ 1688.380786][T27546] loop4: detected capacity change from 0 to 131072 [ 1688.407753][T27546] F2FS-fs (loop4): Invalid segment/section count (24 != 24 * 8) [ 1688.415469][T27546] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 1688.428244][T27546] F2FS-fs (loop4): invalid crc value [ 1688.437496][T27546] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1688.505760][T27546] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 1688.512816][T27546] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1688.692950][ T2946] usb 1-1: USB disconnect, device number 45 [ 1688.831579][T27594] SELinux: security_context_str_to_sid(system_u) failed for (dev ?, type ?) errno=-22 [ 1688.842990][T27594] SELinux: security_context_str_to_sid(system_u) failed for (dev tmpfs, type tmpfs) errno=-22 [ 1688.859296][ T1268] kernel read not supported for file root/syzkaller-testdir988225615/syzkaller.p1ZoS5/72 (pid: 1268 comm: kworker/1:6) [ 1689.375602][ T1048] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 1689.422957][T27589] loop3: detected capacity change from 0 to 131072 [ 1689.462868][T27589] F2FS-fs (loop3): Invalid segment/section count (24 != 24 * 8) [ 1689.470385][T27589] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 1689.479720][T27589] F2FS-fs (loop3): invalid crc value [ 1689.486658][T27589] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1689.509979][T27589] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 1689.516926][T27589] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1689.718710][ T1048] usb 3-1: config index 0 descriptor too short (expected 804, got 36) [ 1689.731666][ T1048] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1689.741586][ T1048] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1689.754305][ T1048] usb 3-1: New USB device found, idVendor=172f, idProduct=0002, bcdDevice= 0.00 [ 1689.763496][ T1048] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1689.771857][ T1048] usb 3-1: config 0 descriptor?? [ 1689.797501][T27638] loop1: detected capacity change from 0 to 2048 [ 1689.819316][ T1048] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 1689.845551][T27638] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1690.271409][T21130] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 1690.557278][T21130] usb 2-1: Using ep0 maxpacket: 32 [ 1690.764562][ T30] kauditd_printk_skb: 135 callbacks suppressed [ 1690.764577][ T30] audit: type=1326 audit(2268436424.279:132158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27637 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efe667d7c0b code=0x7ffc0000 [ 1690.843138][ T30] audit: type=1326 audit(2268436424.310:132159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27637 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efe667d7c0b code=0x7ffc0000 [ 1690.929485][ T30] audit: type=1326 audit(2268436424.331:132160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27637 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efe667d7c0b code=0x7ffc0000 [ 1690.955303][ T30] audit: type=1326 audit(2268436424.352:132161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27637 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efe667d7c0b code=0x7ffc0000 [ 1690.982633][ T30] audit: type=1326 audit(2268436424.384:132162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27637 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efe667d7c0b code=0x7ffc0000 [ 1691.016482][ T30] audit: type=1326 audit(2268436424.415:132163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27637 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efe667d7c0b code=0x7ffc0000 [ 1691.041055][ T30] audit: type=1326 audit(2268436424.436:132164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27637 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efe667d7c0b code=0x7ffc0000 [ 1691.065558][T21130] usb 2-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 1691.075059][T21130] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1691.082980][T21130] usb 2-1: Product: syz [ 1691.087087][T21130] usb 2-1: Manufacturer: syz [ 1691.146125][T21130] usb 2-1: SerialNumber: syz [ 1691.150873][ T30] audit: type=1326 audit(2268436424.478:132165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27637 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efe667d7c0b code=0x7ffc0000 [ 1691.175424][ T30] audit: type=1326 audit(2268436424.510:132166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27637 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efe667d7c0b code=0x7ffc0000 [ 1691.199622][T21130] usb 2-1: config 0 descriptor?? [ 1691.204602][ T30] audit: type=1326 audit(2268436424.541:132167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27637 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efe667d7c0b code=0x7ffc0000 [ 1691.239194][T27648] loop4: detected capacity change from 0 to 131072 [ 1691.282505][T27648] F2FS-fs (loop4): Invalid segment/section count (24 != 24 * 8) [ 1691.290226][T27648] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 1691.299664][T27648] F2FS-fs (loop4): invalid crc value [ 1691.306704][T27648] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1691.330166][T27648] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 1691.337142][T27648] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 1691.337498][T20242] usb 3-1: USB disconnect, device number 21 [ 1692.204387][T27744] loop4: detected capacity change from 0 to 256 [ 1692.256719][T27744] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x38db593b, utbl_chksum : 0xe619d30d) [ 1692.358097][T27749] futex_wake_op: syz-executor.2 tries to shift op by 32; fix this program [ 1692.844886][T27773] loop2: detected capacity change from 0 to 256 [ 1692.864389][T27775] futex_wake_op: syz-executor.0 tries to shift op by 32; fix this program [ 1694.294204][T27772] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1694.522809][T27808] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=27808 comm=syz-executor.2 [ 1694.554000][T27808] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1694.607350][ T332] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 1694.664008][T27827] loop2: detected capacity change from 0 to 256 [ 1697.802337][T27826] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1697.913881][ T332] usb 4-1: device descriptor read/all, error -71 [ 1698.270949][T27878] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=27878 comm=syz-executor.3 [ 1698.296596][T27878] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1698.931119][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 1698.931133][ T30] audit: type=1107 audit(2268436432.842:132183): pid=27908 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 1698.980685][T27915] syz-executor.2[27915] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1698.980764][T27915] syz-executor.2[27915] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1699.004720][T27915] syz-executor.2[27915] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1699.016471][T27915] syz-executor.2[27915] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1699.748225][T27952] syz-executor.3[27952] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1699.773523][T27952] syz-executor.3[27952] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1699.796732][T27952] syz-executor.3[27952] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1699.817652][T27952] syz-executor.3[27952] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1699.972229][T21130] rtl8150 2-1:0.0: couldn't reset the device [ 1699.995128][T21130] rtl8150: probe of 2-1:0.0 failed with error -5 [ 1700.011506][T21130] usb 2-1: USB disconnect, device number 12 [ 1700.477509][ T1048] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 1700.495953][T27988] loop4: detected capacity change from 0 to 512 [ 1700.759034][T27988] EXT4-fs (loop4): 1 orphan inode deleted [ 1700.764711][T27988] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1700.775981][T27988] ext4 filesystem being mounted at /root/syzkaller-testdir483630573/syzkaller.0mSBhY/89/file1 supports timestamps until 2038 (0x7fffffff) [ 1700.797214][T27988] input: syz1 as /devices/virtual/input/input201 [ 1700.963221][ T1048] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1700.977303][ T1048] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1700.996044][ T1048] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1701.017083][ T1048] usb 4-1: New USB device found, idVendor=056a, idProduct=00d0, bcdDevice= 0.00 [ 1701.158319][ T1048] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1701.348105][ T1048] usb 4-1: config 0 descriptor?? [ 1701.608688][T28023] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 1701.712714][T28029] A link change request failed with some changes committed already. Interface veth0_virt_wifi may have been left with an inconsistent configuration, please check. [ 1702.518608][ T1048] hid (null): unknown global tag 0xc [ 1702.525143][ T1048] wacom 0003:056A:00D0.0130: unknown global tag 0xc [ 1702.531642][ T1048] wacom 0003:056A:00D0.0130: item 0 2 1 12 parsing failed [ 1702.538699][ T1048] wacom 0003:056A:00D0.0130: parse failed [ 1702.544232][ T1048] wacom: probe of 0003:056A:00D0.0130 failed with error -22 [ 1702.775328][ T1048] usb 4-1: USB disconnect, device number 42 [ 1702.899454][T28062] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 1702.928928][T28064] syz-executor.2[28064] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1702.929019][T28064] syz-executor.2[28064] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1703.429549][T28085] loop1: detected capacity change from 0 to 256 [ 1703.612276][ T1048] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 1703.738434][ T30] audit: type=1400 audit(2268436437.900:132184): avc: denied { read } for pid=28107 comm="syz-executor.2" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=304919 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1703.802606][T28102] loop1: detected capacity change from 0 to 40427 [ 1703.857332][T28102] F2FS-fs (loop1): Fix alignment : internally, start(4096) end(16896) block(12288) [ 1703.867611][T28102] F2FS-fs (loop1): invalid crc value [ 1703.873523][T28102] F2FS-fs (loop1): invalid crc value [ 1703.878626][T28102] F2FS-fs (loop1): Failed to get valid F2FS checkpoint [ 1703.923702][T28120] loop2: detected capacity change from 0 to 1024 [ 1703.956195][ T1048] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1703.968252][T28120] EXT4-fs (loop2): Ignoring removed orlov option [ 1703.974423][T28120] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 1703.981535][T28102] EXT4-fs warning (device sda1): ext4_group_extend:1830: need to use ext2online to resize further [ 1703.988987][ T1048] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1704.005021][ T1048] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1704.014102][ T1048] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1704.022977][ T1048] usb 4-1: config 0 descriptor?? [ 1704.033920][T28120] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 1704.072656][T28120] EXT4-fs error (device loop2): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.2: corrupt xattr in inline inode [ 1704.086354][T28120] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.2: corrupted in-inode xattr [ 1704.679819][ T30] audit: type=1400 audit(2268436438.761:132185): avc: denied { append } for pid=28078 comm="syz-executor.3" name="rtc0" dev="devtmpfs" ino=167 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 1704.718777][ T1048] plantronics 0003:047F:FFFF.0131: unknown main item tag 0x2 [ 1704.729149][ T1048] plantronics 0003:047F:FFFF.0131: unknown main item tag 0x0 [ 1704.745668][ T1048] plantronics 0003:047F:FFFF.0131: unknown main item tag 0x0 [ 1704.752968][ T1048] plantronics 0003:047F:FFFF.0131: unknown main item tag 0x0 [ 1704.752996][ T1048] plantronics 0003:047F:FFFF.0131: unknown main item tag 0x0 [ 1704.753040][ T1048] plantronics 0003:047F:FFFF.0131: unknown main item tag 0x0 [ 1704.753061][ T1048] plantronics 0003:047F:FFFF.0131: unknown main item tag 0x2 [ 1704.753082][ T1048] plantronics 0003:047F:FFFF.0131: unknown main item tag 0x0 [ 1704.753104][ T1048] plantronics 0003:047F:FFFF.0131: unbalanced collection at end of report description [ 1704.753282][ T1048] plantronics 0003:047F:FFFF.0131: parse failed [ 1704.753304][ T1048] plantronics: probe of 0003:047F:FFFF.0131 failed with error -22 [ 1704.929580][ T332] usb 4-1: USB disconnect, device number 43 [ 1704.947151][T28169] loop2: detected capacity change from 0 to 8192 [ 1704.962035][T28175] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 1705.463197][T28203] syz-executor.3[28203] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1705.463282][T28203] syz-executor.3[28203] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1706.300924][T28233] loop3: detected capacity change from 0 to 1024 [ 1706.364034][T28233] EXT4-fs (loop3): Ignoring removed orlov option [ 1706.681966][T28233] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 1706.715258][T28242] syz-executor.0[28242] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1706.715339][T28242] syz-executor.0[28242] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1706.731219][T28242] syz-executor.0[28242] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1706.743288][T28233] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 1706.747920][T28242] syz-executor.0[28242] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1706.778909][T28233] EXT4-fs error (device loop3): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.3: corrupt xattr in inline inode [ 1706.814637][T28233] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.3: corrupted in-inode xattr [ 1706.849294][T26148] ================================================================== [ 1706.857173][T26148] BUG: KASAN: out-of-bounds in ext4_xattr_delete_inode+0xcd0/0xce0 [ 1706.864894][T26148] Read of size 4 at addr ffff888131cfb000 by task syz-executor.3/26148 [ 1706.872967][T26148] [ 1706.875136][T26148] CPU: 0 PID: 26148 Comm: syz-executor.3 Tainted: G W 5.15.149-syzkaller-00165-g85445b5a2107 #0 [ 1706.886680][T26148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 1706.896573][T26148] Call Trace: [ 1706.899695][T26148] [ 1706.902475][T26148] dump_stack_lvl+0x151/0x1b7 [ 1706.906986][T26148] ? io_uring_drop_tctx_refs+0x190/0x190 [ 1706.912466][T26148] ? panic+0x751/0x751 [ 1706.916362][T26148] print_address_description+0x87/0x3b0 [ 1706.921742][T26148] kasan_report+0x179/0x1c0 [ 1706.926081][T26148] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 1706.931550][T26148] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 1706.937020][T26148] __asan_report_load4_noabort+0x14/0x20 [ 1706.942485][T26148] ext4_xattr_delete_inode+0xcd0/0xce0 [ 1706.947786][T26148] ? sb_end_intwrite+0x120/0x120 [ 1706.952555][T26148] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 1706.958455][T26148] ? ext4_journal_check_start+0x16c/0x230 [ 1706.964009][T26148] ? __kasan_check_read+0x11/0x20 [ 1706.968870][T26148] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 1706.974685][T26148] ? ext4_evict_inode+0xb8d/0x14e0 [ 1706.979634][T26148] ext4_evict_inode+0xea1/0x14e0 [ 1706.984406][T26148] ? _raw_spin_unlock+0x4d/0x70 [ 1706.989096][T26148] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 1706.994824][T26148] ? _raw_spin_unlock+0x4d/0x70 [ 1706.999508][T26148] ? inode_io_list_del+0x18b/0x1a0 [ 1707.004458][T26148] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 1707.010184][T26148] evict+0x2a3/0x630 [ 1707.013919][T26148] iput+0x63b/0x7e0 [ 1707.017563][T26148] vfs_rmdir+0x359/0x470 [ 1707.021643][T26148] do_rmdir+0x3ab/0x630 [ 1707.025635][T26148] ? d_delete_notify+0x160/0x160 [ 1707.030412][T26148] __x64_sys_unlinkat+0xdf/0xf0 [ 1707.035095][T26148] do_syscall_64+0x3d/0xb0 [ 1707.039345][T26148] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1707.045076][T26148] RIP: 0033:0x7f49e28cd687 [ 1707.049333][T26148] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1707.068769][T26148] RSP: 002b:00007fff7d349558 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 1707.077015][T26148] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f49e28cd687 [ 1707.084826][T26148] RDX: 0000000000000200 RSI: 00007fff7d34a700 RDI: 00000000ffffff9c [ 1707.092638][T26148] RBP: 00007f49e292a636 R08: 0000000000000000 R09: 0000000000000000 [ 1707.100449][T26148] R10: 0000000000000100 R11: 0000000000000207 R12: 00007fff7d34a700 [ 1707.108261][T26148] R13: 00007f49e292a636 R14: 00000000001a4024 R15: 0000000000000007 [ 1707.116076][T26148] [ 1707.118938][T26148] [ 1707.121111][T26148] The buggy address belongs to the page: [ 1707.126588][T26148] page:ffffea0004c73ec0 refcount:2 mapcount:1 mapping:ffff888116133018 index:0x582 pfn:0x131cfb [ 1707.136820][T26148] memcg:ffff88810adbc000 [ 1707.140896][T26148] aops:shmem_aops ino:12db dentry name:"dev/zero" [ 1707.147146][T26148] flags: 0x4000000000080016(referenced|uptodate|lru|swapbacked|zone=1) [ 1707.155223][T26148] raw: 4000000000080016 ffffea00050c3d08 ffffea00050c3cc8 ffff888116133018 [ 1707.163726][T26148] raw: 0000000000000582 0000000000000000 0000000200000000 ffff88810adbc000 [ 1707.172140][T26148] page dumped because: kasan: bad access detected [ 1707.178397][T26148] page_owner tracks the page as allocated [ 1707.183942][T26148] page last allocated via order 0, migratetype Movable, gfp_mask 0x100cca(GFP_HIGHUSER_MOVABLE), pid 28242, ts 1706854121459, free_ts 1706785196099 [ 1707.198704][T26148] post_alloc_hook+0x1a3/0x1b0 [ 1707.203302][T26148] prep_new_page+0x1b/0x110 [ 1707.207638][T26148] get_page_from_freelist+0x3550/0x35d0 [ 1707.213022][T26148] __alloc_pages+0x27e/0x8f0 [ 1707.217447][T26148] shmem_alloc_and_acct_page+0x4bd/0xa80 [ 1707.222913][T26148] shmem_getpage_gfp+0x1388/0x23c0 [ 1707.227863][T26148] shmem_fault+0x1b8/0x6c0 [ 1707.232126][T26148] __do_fault+0x273/0x300 [ 1707.236280][T26148] handle_pte_fault+0x167b/0x24d0 [ 1707.241140][T26148] do_handle_mm_fault+0x1ea9/0x23a0 [ 1707.246177][T26148] __get_user_pages+0x379/0xee0 [ 1707.250865][T26148] __mm_populate+0x38d/0x560 [ 1707.255287][T26148] vm_mmap_pgoff+0x271/0x450 [ 1707.259714][T26148] ksys_mmap_pgoff+0xed/0x1e0 [ 1707.264228][T26148] __x64_sys_mmap+0x103/0x120 [ 1707.268742][T26148] do_syscall_64+0x3d/0xb0 [ 1707.272996][T26148] page last free stack trace: [ 1707.277528][T26148] free_unref_page_prepare+0x7c8/0x7d0 [ 1707.282808][T26148] free_unref_page_list+0x14b/0xa60 [ 1707.287835][T26148] release_pages+0x1310/0x1370 [ 1707.292436][T26148] free_pages_and_swap_cache+0x8a/0xa0 [ 1707.297730][T26148] tlb_flush_mmu+0xd0/0x180 [ 1707.302070][T26148] unmap_page_range+0x1c70/0x1ed0 [ 1707.306932][T26148] unmap_vmas+0x389/0x560 [ 1707.311096][T26148] exit_mmap+0x3e4/0x940 [ 1707.315176][T26148] __mmput+0x95/0x310 [ 1707.318994][T26148] mmput+0x5b/0x170 [ 1707.322649][T26148] do_exit+0xb9c/0x2ca0 [ 1707.326644][T26148] do_group_exit+0x141/0x310 [ 1707.331058][T26148] __x64_sys_exit_group+0x3f/0x40 [ 1707.335920][T26148] do_syscall_64+0x3d/0xb0 [ 1707.340172][T26148] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 1707.345906][T26148] [ 1707.348073][T26148] Memory state around the buggy address: [ 1707.353545][T26148] ffff888131cfaf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1707.361444][T26148] ffff888131cfaf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1707.369337][T26148] >ffff888131cfb000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1707.377235][T26148] ^ [ 1707.381141][T26148] ffff888131cfb080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1707.389038][T26148] ffff888131cfb100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2041/11/19 01:14:01 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 1707.397029][T26148] ================================================================== [ 1707.404921][T26148] Disabling lock debugging due to kernel taint [ 1707.483625][T28241] bridge0: port 3(syz_tun) entered disabled state [ 1707.491338][T28241] device syz_tun left promiscuous mode [ 1707.496614][T28241] bridge0: port 3(syz_tun) entered disabled state