last executing test programs: 2.144764237s ago: executing program 2 (id=411): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000002c7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 2.079540482s ago: executing program 2 (id=415): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000010000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000088500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='signal_generate\x00', r3}, 0x10) 2.062795183s ago: executing program 2 (id=420): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x6}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000080007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r2, &(0x7f0000001100)={0x0, 0x0, 0x0}, 0x0) recvmsg(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)=""/78, 0x4e}], 0x1}, 0x0) 1.709518592s ago: executing program 1 (id=448): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_pidfd_open(r0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}}) 1.668392785s ago: executing program 1 (id=449): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r2, &(0x7f0000000440)=ANY=[@ANYRESHEX], 0xfdef) 1.60510099s ago: executing program 3 (id=453): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f00000009c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r2}, 0x10) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 1.531072726s ago: executing program 3 (id=455): bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{}], 0x8, 0x10, &(0x7f0000000140), &(0x7f0000000280), 0x8, 0x0, 0x8, 0x0, 0x0}}, 0x10) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x200000000000014f, 0x1000000, &(0x7f0000001680)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x19, 0x0, 0x8, 0x0, 0x0}}, 0x10) 1.366792029s ago: executing program 3 (id=456): socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) close(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(r0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='net_dev_xmit\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000100)='net_dev_xmit\x00', r4}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002ec0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e01f3440cee51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cad32b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337602d3e5a815232f5e16c1b30c3a6abc85018e5ff2c91018afc9ffc2cc788bee1b47683db012469398685211dfbbae3e2ed0a50e7393bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d300006aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7af22e30d46a9d26d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977fb536a9caab37d9ac4cfc1c7b400000000000007ffc826b956ba859ac8e3c177b91bd7d5e41ff83ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d000069a16203a967c1bbe09315c29877a308bcc87dc3addb08142bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8240000e3428d2129369ee1b85af9ffffff0d0df414b315f651c8412392191fa83ee830548f11be359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92000000000f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb74d4ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905de328c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a978ee56c83a3466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342e0eaf6f330e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea95ec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf81700cd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be3827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f969369de47422604e2fc5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293b6c833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b612272d40f522d8c98c879aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbe71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd46dbd61627a2e0a74b5e6aefb7eee403502734137ff47a57f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a125e3af1130d66a7b66837ae7e7123dde7404a067ad0a6a2d6bec9411b61cad4121be3c72ff3a04713042253d438e7becf8120de3895b8ce974958bde39cb8da3427a2e9e2de936431e67fed5ab5684db07de39083d8948cc4c8a2608100000000000000000000aecb8b0b7941088f971ce17427eec32a012295cc0cdd32955176b6ad5a4bb953e58ccfa9428f452cfb5a48a9fda26db3985c8be3c2f99827da074825b01c4a3a71fb59d5798100000000000000c76b05a45d2dd8c20d971e2f3e4369168f5cb83d6ff3a18733fec726034fbfa95624135bee374414b2c8c61f52357a520efd6a10aff244bc8a62ed367981fb4d5d77f7bc093958ff46527499957da4934cd4b370cf76f72dd05fa80cdfb68c836fd81be7a58532e041a87f9222f157610a4bcdc05b2a55308c8e7568b90f7a338557e816a16972aea79dff5becefa6f9c5ce6c58fb38da9e7532dc53cfdc2e789b76f7d32aca1bfea2aa62621b78dded30fc07171866bf3d552900000000a32dda61eeda1750e157c2d569b9d08f583c0ee28daec2e8bb85f3c8e91c4448096ee953def18dc73e55cb30f9cd069d8780b00eaba382f0c3ae391c30a5f1b0f36dd0c2193b791995d2890327a10d7abac76d1202f72e97f0105184d7aaaab8d3e29c9a8d263f076b55cf53c5bb9c0662a3d19a6722d7f83ae4331d3256f90af0857788b380ccc3b266c418e66d1d756d5df6423dd0cea67bc235d3776d22270fc19301ead09f156893e9"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r5, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03316844268cb89e14f0080047e0ffff00124000632f77fbac14fe16e000030a07080403fe80000020006558845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x24, 0x60000000}, 0x2c) 1.324881303s ago: executing program 3 (id=457): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x3a0ffffffff) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r2, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"}) 1.309004624s ago: executing program 1 (id=458): sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3014490, &(0x7f0000000100)={[{@nombcache}, {@usrjquota}, {@errors_remount}, {@block_validity}, {@noinit_itable}, {@mblk_io_submit}, {@grpquota}, {@barrier_val}, {@errors_remount}, {}]}, 0x45, 0x7de, &(0x7f0000000d00)="$eJzs3c9rHNcdAPDv7K5+2q1UKG1dKCwUWoOxVLmq3UKhKj2UQg2G9tRDbSGthaOV1mhXxhIisQmBQAgkIbfk4nN+XkKu+QHJJfk/go2TyCYOOQSF2R/SSt61V7Z217E/HxjrvZk3895Xb+btk2Y8CuCJlU//yUQciYiXkoix+vokIgaqqVzETK3cnc2NuXRJYmvrP18l1TK3Nzfmommf1KF65lcR8dFzEccyd9dbXltfnC0WCyu79l1bP35haXahsFBYPjk1PX3i1J9OnTy4WL/5fP3wjZf/+fu3Z7579pfvvPhxEjNxOI2vaieOg5KPfD2ugfRbWNWo7R8HXVnfvPd0B4UyEVtbtWSu2w1iH9JLM1vvlSMxFtl79c9IL1sGAHTLM5HOzNrItt0CAPyoJbXP/7/1ux0AQK80fg9we3NjrrH09zcSvXXz7xExXIu/cX+ztiVXv2c3XL0POno72XVnJImI8QOoPx8Rr7///zfTJfbcTwXopitXI+LceH7X+J+N6gg385DH/kPr1QvNmfyejcY/6J0P0vnPn1vN/zLb859oMf8ZanHtPoj7X/+Z6wdQTVvp/O+vTc+23WmKv248W8/9pDrnG0jOXygW0rHtpxFxNAaG0vxUrWzLJ2SO3vr+Vrv6m+d/X7/y1Btp/enXnRKZ67mh3fvMz1ZmHzbuhptXI36daxV/Ov4PVfs/aTP/PdNhHf/6y/OvtduWxp/G21jujr+7tq5F/K5l/yfbZdLUZGXp4mS51fOJk9XTYbJxUrTw7kyMtqs/n9vp/3RJ62/8LNALaf+P3jv+8aT5ec1yx4fevhY+uzb2YbtCzed/6/hbn/+DyX+r6cH6usuzlcrKVMRg8u+715/Y2beRb5RP4z/629bXf2P8a3H+/y89/rkOvxG5G1++9eDxd1ca//y++j9NZKOe2F5zj0QM31nMtqu/s/6f3rVPJ+NfB+3a39kMAAAAAAAAAAAAAAAAAAAAAAAAAA8hExGHI8lMbKczmYmJ2t/w/nmMZoqlcuXY+dLq8ny6rfr+00zjVZdjTe9Dnaq/D7+RP7En/8eI+FlEvDo0Us1PzJWK8/0OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqDrX5+/+pL4b2FM72o4UAQFcM+2AHgCdNksv1uwkAQK8Nd1wyHxEjXW0LANAbnX/+AwCPi/af/24MAMDj6j4//+/9bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwX2dOn06XrW83N+bS/PyltdXF0qXj84Xy4sTS6tzEXGnl4sRCaaSxQ67Nga7UvhRLpYvTsbx6ebJSKFcmy2vrZ5dKq8uVsxeWZhcKZwsDvQkLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPalvLa+uDVWLKykidliPZFExO41Et1JLH5a64dHpT0S90tkXmheE1dq/XegVXxy8je/SA/a10hjcGeUGIkY6MvwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDI+yEAAP//d9IZ2Q==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) 1.300360655s ago: executing program 3 (id=459): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3014490, &(0x7f0000000100)={[{@nombcache}, {@usrjquota}, {@errors_remount}, {@block_validity}, {@noinit_itable}, {@mblk_io_submit}, {@grpquota}, {@barrier_val}, {@errors_remount}, {}]}, 0x45, 0x7de, &(0x7f0000000d00)="$eJzs3c9rHNcdAPDv7K5+2q1UKG1dKCwUWoOxVLmq3UKhKj2UQg2G9tRDbSGthaOV1mhXxhIisQmBQAgkIbfk4nN+XkKu+QHJJfk/go2TyCYOOQSF2R/SSt61V7Z217E/HxjrvZk3895Xb+btk2Y8CuCJlU//yUQciYiXkoix+vokIgaqqVzETK3cnc2NuXRJYmvrP18l1TK3Nzfmommf1KF65lcR8dFzEccyd9dbXltfnC0WCyu79l1bP35haXahsFBYPjk1PX3i1J9OnTy4WL/5fP3wjZf/+fu3Z7579pfvvPhxEjNxOI2vaieOg5KPfD2ugfRbWNWo7R8HXVnfvPd0B4UyEVtbtWSu2w1iH9JLM1vvlSMxFtl79c9IL1sGAHTLM5HOzNrItt0CAPyoJbXP/7/1ux0AQK80fg9we3NjrrH09zcSvXXz7xExXIu/cX+ztiVXv2c3XL0POno72XVnJImI8QOoPx8Rr7///zfTJfbcTwXopitXI+LceH7X+J+N6gg385DH/kPr1QvNmfyejcY/6J0P0vnPn1vN/zLb859oMf8ZanHtPoj7X/+Z6wdQTVvp/O+vTc+23WmKv248W8/9pDrnG0jOXygW0rHtpxFxNAaG0vxUrWzLJ2SO3vr+Vrv6m+d/X7/y1Btp/enXnRKZ67mh3fvMz1ZmHzbuhptXI36daxV/Ov4PVfs/aTP/PdNhHf/6y/OvtduWxp/G21jujr+7tq5F/K5l/yfbZdLUZGXp4mS51fOJk9XTYbJxUrTw7kyMtqs/n9vp/3RJ62/8LNALaf+P3jv+8aT5ec1yx4fevhY+uzb2YbtCzed/6/hbn/+DyX+r6cH6usuzlcrKVMRg8u+715/Y2beRb5RP4z/629bXf2P8a3H+/y89/rkOvxG5G1++9eDxd1ca//y++j9NZKOe2F5zj0QM31nMtqu/s/6f3rVPJ+NfB+3a39kMAAAAAAAAAAAAAAAAAAAAAAAAAA8hExGHI8lMbKczmYmJ2t/w/nmMZoqlcuXY+dLq8ny6rfr+00zjVZdjTe9Dnaq/D7+RP7En/8eI+FlEvDo0Us1PzJWK8/0OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqDrX5+/+pL4b2FM72o4UAQFcM+2AHgCdNksv1uwkAQK8Nd1wyHxEjXW0LANAbnX/+AwCPi/af/24MAMDj6j4//+/9bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwX2dOn06XrW83N+bS/PyltdXF0qXj84Xy4sTS6tzEXGnl4sRCaaSxQ67Nga7UvhRLpYvTsbx6ebJSKFcmy2vrZ5dKq8uVsxeWZhcKZwsDvQkLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPalvLa+uDVWLKykidliPZFExO41Et1JLH5a64dHpT0S90tkXmheE1dq/XegVXxy8je/SA/a10hjcGeUGIkY6MvwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDI+yEAAP//d9IZ2Q==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) 1.147791587s ago: executing program 2 (id=460): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x0, 0x0, 0x0, 0x120}, 0x48) 1.147522207s ago: executing program 2 (id=461): socket(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) 1.147391257s ago: executing program 2 (id=462): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ed000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="00000100000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000700)={0x2c, &(0x7f0000000400)=ANY=[@ANYBLOB="0009b5"], 0x0, 0x0, 0x0, 0x0}) 1.076081423s ago: executing program 3 (id=463): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.throttle.io_service_bytes\x00', 0x275a, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x3, &(0x7f00000000c0)=""/13, &(0x7f0000000240)=0xd) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x3, 0x6) bind$inet(r1, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x5) socket(0x0, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9}, 0x90) r4 = socket$inet_udp(0x2, 0x2, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r4, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0xb5, 0x40, 0x33, 0x40, 0x1a86, 0x7522, 0x3536, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe4, 0xd6, 0x24}}]}}]}}, 0x0) 880.820519ms ago: executing program 1 (id=464): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 653.027707ms ago: executing program 1 (id=470): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x8, &(0x7f00000002c0)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x3}, @initr0, @exit, @alu={0x7, 0x0, 0xb, 0x0, 0xa}]}, &(0x7f0000000000)='GPL\x00', 0xa}, 0x90) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x121408c, &(0x7f0000000480)={[{@dioread_nolock}, {@data_ordered}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@stripe={'stripe', 0x3d, 0x8}}, {@errors_remount}, {@dax}], [{@mask={'mask', 0x3d, '^MAY_APPEND'}}, {@measure}, {@smackfshat={'smackfshat', 0x3d, 'inode_readahead_blks'}}, {@obj_type={'obj_type', 0x3d, '\xe90A*\x9a\xa4\xff\'\x1b\xda\x1a\'q\x1c\xb3\xf7\x85\x9d\x98\x92(\x84\x9f\x11\xa0<_;=\xa9\f\xfdpYr\x8e\xe8\xc7\xe3!\x90-hC\xd3GK\xc0\x01\xceT\x9e\x1b]\xef^\x02\x86^\xac\x85l\xc7\x81a\xd7K\xf99\xf1\x92\xc9\x8f\xb9\x94\x00{\xe1zH\xb1\xd5\x92W\xc1\x90\x87E\xed\x9d'}}, {@dont_measure}, {@smackfsdef={'smackfsdef', 0x3d, 'max_dir_size_kb'}}]}, 0x6, 0x434, &(0x7f0000000d80)="$eJzs289vFFUcAPDvzLZFKNiK+IOCWkVj44+WFlQOXjSaeNDERA94rG0hlYUaWhMhjVZj8GhIvBuPJv4FnvRi1JOJV70bEmJ6AT2tmd2ZdrvdLW3ZdtH9fJKB92be5n2/O/N238zrBtC1hrN/koj9EfF7RAzUqmsbDNf+u7m8OPX38uJUEpXKW38l1XY3lheniqbF6/rzykgakX6WxJEm/c5funxuslyeuZjXxxbOvz82f+nys7PnJ8/OnJ25MHHq1MkT4y88P/FcW/LMYrox9NHc0cOvvXP1janTV9/9+dukyL8hjzYZ3ujgE5VKm7vrrAN15aSng4GwJaWIyE5Xb3X8D0QpVk/eQLz6aUeDA3ZUpVKp9Lc+vFQB/seS6HQEQGcUX/TZ/W+x7dLU445w/aXaDVCW9818qx3piTRv09twf9tOwxFxeumfr7ItduY5BADAGt9n859nms3/0ri/rt3d+drQYETcExEHI+LeiDgUEfdFVNs+EBEPbrH/xkWS9fOf9Nq2EtukbP73Yr62tXb+V8z+YrCU1w5U8+9NzsyWZ47n78lI9O7J6uMb9PHDK7990epY/fwv27L+i7lgHse1nj1rXzM9uTB5OznXu/5JxFBPs/yTlZWAJCIOR8TQNvuYfeqbo62O3Tr/DbRhnanydcSTtfO/FA35F5KN1yfH7oryzPGx4qpY75dfr7zZqv/byr8NsvO/r+n1v5L/YFK/Xju/9T6u/PF5y3ua7V7/fcnb1XJfvu/DyYWFi+MRfcnrtaDr90+svraoF+2z/EeONR//B2P1nTgSEdlF/FBEPBwRj+SxPxoRj0XEsQ3y/+nlx9/bfv47K8t/ekvnf7XQF417mhdK5378bk2ng1vJPzv/J6ulkXzPZj7/NhPX9q5mAAAA+O9JI2J/JOnoSjlNR0drfy9/KPal5bn5hafPzH1wYbr2G4HB6E2LJ10Ddc9Dx/Pb+qI+0VA/kT83/rK0t1ofnZorT3c6eehy/S3Gf+bPUqejA3ac32tB9zL+oXsZ/9C9jH/oXk3G/95OxAHsvmbf/x93IA5g9zWMf8t+0EXc/0P3Mv6hexn/0JXm98atfySvoLCuEOkdEYbCDhU6/ckEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHv8GAAD//5LX5s8=") sched_setscheduler(0x0, 0x1, 0x0) r2 = getpid() sched_setscheduler(r2, 0x0, &(0x7f0000000100)=0x5) ioctl$sock_proto_private(0xffffffffffffffff, 0x0, &(0x7f0000000000)="4be25934c3db55f0") socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_proto_private(0xffffffffffffffff, 0x8921, &(0x7f0000000000)) prctl$PR_SET_MM_AUXV(0x53564d41, 0xc, &(0x7f0000000000)='P', 0x1) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, 0x0, 0x0) connect$inet(r3, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, &(0x7f0000000040)=r0) 588.663772ms ago: executing program 1 (id=471): ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000380)={'\x00', 0x400}) ioctl$TUNSETSNDBUF(r3, 0x400454d4, &(0x7f0000000280)=0x200) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = syz_open_procfs(0x0, &(0x7f0000002180)='net/netstat\x00') read$FUSE(r4, &(0x7f00000000c0)={0x2020}, 0x2020) 512.924088ms ago: executing program 4 (id=476): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7060000000000008500000005000000bc0900000000000035090100000000009500000000000000b702000000000000db9af0fff1000000b5090000000000007b9af0ff00000000be8a00000000000007080000f8ffffffbf9400000000000007040000f0ffffffc70200000800000018260000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f1ff76000000bf9800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 500.248789ms ago: executing program 4 (id=477): r0 = socket$inet6(0xa, 0x3, 0x9) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x6, &(0x7f0000000540)={0x24, {{0x29, 0x0, 0x2000000, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x88) 458.074843ms ago: executing program 0 (id=478): bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{}], 0x8, 0x10, &(0x7f0000000140), &(0x7f0000000280), 0x8, 0x0, 0x8, 0x0, 0x0}}, 0x10) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x200000000000014f, 0x1000000, &(0x7f0000001680)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x19, 0x0, 0x8, 0x0, 0x0}}, 0x10) 457.679673ms ago: executing program 4 (id=479): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f00000009c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r2}, 0x10) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 437.238245ms ago: executing program 0 (id=480): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000080)='./bus\x00', 0x21081e, &(0x7f0000000380)={[{@usrquota}, {@nobarrier}, {@noauto_da_alloc}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f00000002c0)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @usage, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xe1]}, {0x10000, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f00000000c0)) 433.944575ms ago: executing program 4 (id=481): syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x8c11, &(0x7f0000000400), 0x0, 0x491, &(0x7f0000000480)="$eJzs3MtvG8UfAPDvbh5t+vglv1IeLQUMBRHxSNqURw9cQCBxQUKCQ5G4hCStSt0WNUGiVSUKQu0RVeLGAXEDib+AE1wQcEKCI9xRJYR6oXAyWu9u4rp26rhOXOLPR3I8Y4898/XsbGZnnAQwsCrZjyRiR0T8GhHjefb6ApX87trV83N/Xz0/l0St9tqfSb3cX1fPz5VFy9dtLzKTaUT6UdL0hrnFs+dOzFarC2eK/PTSyXemF8+ee/L4ydljC8cWTs0cPvzUoYPPPjPzdE/iHC/u9+15+Y3Lr8wdufzWD19d2pnHHU1xdC+9LleJSqvQ6x659cpuKzsb0slwHxvCmgxFRNZdI/XxPx5DsdJ54/HSh6u+eOsGNBBYN7Varbal/dMXarnYWgM2nyT63QKgP8pf9Nn1b3nboKnHbeGP5/MLoCzua8Utf2Z4+Wp+pOn6tpcqEXHkwj+fZbdoXocYXadKAYCB9k02/3mi1fwvjbsayv2v2EOZiIj/R8SuiLgjInZHxJ1jUS97d0Tcs8b6K035oWief6ZXugqsQ9n877lib+v6+V8x+xuNiaEitzNfKk+OHq8uHCg+k8kYqWT5g3nppu2e+k5YfPvizx+3q79x/pfdsvrrc8GxskR6ZbhpgW5+dmm2Z/F/ELF3uFX8yfJOQBbUnojY2+oNOpijHn/sy33tnmsbfyd6sM9U+zzi0bz/L0QRfx7SSlcmq+9PTm+N6sKB6fKouNGPP118tV39txR/D2T9v63l8b8c/0TSuF+7mD84toY6Lv52qe015c3jb338jyav19OjDT+ztpbtKh95b3Zp6czMymvLfP3+YB7/5P7W439XrHwS90ZEdhDfFxH3R8QDRdsfjIiHImL/KvF//8LDbzdkb9he73f/z+f9v6Wz/l97YujEd1+3q7+D/v/lzSI1Wdx3cv6rLpwpzw6rNrC7Tw0AAAD+W9KI2BFJOrWcTtOpqXzlcndsS6unF5ceP3r63VPz+XflJ2IkLVe68vXgkaRc/5xoyM805Q8V68afDI3V81Nzp6vz/Q4eBtz2NuM/8/tQv1sHrDt/rwWDy/iHwWX8w+Aajk9X+/4SsEm9f/MiIxvRDqAv0lYPdnBeADYB1/8wuIx/GFzGPwyu1ce/bwHCJrVY6/7v+qvlwmGbp9q+vPwnDV1V2lGiPGf1/p1vnvii+F+BG1ppB4lab98w0s4LJ/2OvatEuq6HaNeJ8thepypqRWKjz0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADr498AAAD//49uycI=") open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000600)='fd/4\x00') ioctl$FS_IOC_SETFLAGS(r0, 0x40106614, 0x0) 221.025592ms ago: executing program 0 (id=482): sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f00000001c0)={0x10003}) 180.745385ms ago: executing program 0 (id=483): socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0xffffffffffffffff, 0x9e}, 0xc) socket$igmp6(0xa, 0x3, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x8}, 0x48) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000700)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x61}, @printk={@i}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 163.987427ms ago: executing program 4 (id=484): syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000800)='./file2\x00', 0x404a, &(0x7f0000000140), 0x1, 0x76b, &(0x7f0000000fc0)="$eJzs3c1rHOUfAPDvzGaT9OX3SyqlWhEMeKj4smlq69upraJQi4iK54Z0W0q3TUkimNhD6tGDCAriSf0vCl568Sx4qHrVk0KRai8VZWX2JYnJbhLD7o52Ph+Y7fPMM83zfDNkvzP7LPMEUFgT2UsacTAiziQRY639SUSUG6WhiOPN4+7evjrz++2rM0nU62/8kjSOyfbFmv+T2dOqjEbENyeTuK+0sd/5xaWL07Vada5Vn1y4dGVyfnHpyQuXps9Xz1cvHzl6bOqZY88+ffS5XoVaOnDqiVcPvPfCzS/rr7/84tfHlpMssKFm49o4emUiJlZ+J2tlXb7U685yUmrFszbOZCjHAfGPpGvO4YEYi1Ksnryx+OrbXAcHAPRFvRRRBwAKJpH/AaBg2p8D3L19daa95fuJxGDdOhGNicqN8Q/F8ca/Y/VyROz+LVmdGZlozneN96D/iYi4fuetm9kWfZqH3MzytYh4oFP8jdnRGG/M4q6LvzVndLgH/U+sq/+X4j/eg/7zjh+AYrpxopnINua/tJXfOue/0Q65ayfyzn/dr/9W4y91iD+7/nttm318/sFD93drW3v9l21Z/+1rwUG4dS3iwaHu1z9Z/EmX+M9ss4/rP7073a0t7/jrX0Qc6nj/s/qNtmTz7ydOnrtQqx5uvnbs46PJU++vVJb/3pZ3/Nn5390l/q3O/5Vt9vHn/h9OdmvbOv705+HkzUZpuLXnnemFhbmpiOHk9Mb9RzYfS/uY9s/I4n/0kc3//jvFX954Krv67JVfP9l5/P2VxX92h+f/w2328cfsj6Pd2vKOHwAAAAAAAAAAAAAAAAAAAAAAAAAGIY2IvZGklZVymlYqzTW898futDY7v/D4udm3L5/N2iLGo5y2n3Q51qwnWX2q9Tz8dv3IuvpTEbEvIj4e2dWoV2Zma2fzDh4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWvasW///zkhz/X8A4B43mvcAAICBk/8BoHjkfwAoHvkfAIpn5/l/qKfjAAAGx/0/ABSP/A8AAAAAAAAAAAAAAAAAAAAAAAO17+Eb3ycRsfz8rsaWGW61lXMdGdBv6TaPe6zP4wAGrxQrbwKfnu54xMhgBwQMjAU8oLjc4wPJFu1dHxG+XOr9YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4F/q0EHr/0NRbXf9f+DeY/VOKC7r/0NxuccHrP8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABb29vYkrTSWgt8b6RppRLxv4gYj3Jy7kKtejgi/h8R342UR7L6VN6DBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAem19cujhdq1XnFBQUFFYKeb8zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOCtLvqd90gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI0/zi0sXpWq0618dC3jECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9NJfAQAA///W2i3P") mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000000)='./file0\x00', 0x1000004c) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1010d1, 0x0) mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) 97.102622ms ago: executing program 0 (id=485): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000007c0)=ANY=[@ANYBLOB="820000000200000071000040b41713f79c9757"]) 55.922805ms ago: executing program 0 (id=486): syz_open_procfs(0x0, &(0x7f0000000040)='projid_map\x00') r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0) r3 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd) keyctl$read(0xb, r3, &(0x7f0000000240)=""/112, 0x349b7f55) 0s ago: executing program 4 (id=487): socket$packet(0x11, 0x0, 0x300) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, 0x0, 0x0) ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r1, 0x5608, 0x1) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.219' (ED25519) to the list of known hosts. [ 21.339994][ T23] audit: type=1400 audit(1719998799.059:66): avc: denied { mounton } for pid=342 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.341446][ T342] cgroup1: Unknown subsys name 'net' [ 21.362536][ T23] audit: type=1400 audit(1719998799.059:67): avc: denied { mount } for pid=342 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.368284][ T342] cgroup1: Unknown subsys name 'net_prio' [ 21.389509][ T23] audit: type=1400 audit(1719998799.099:68): avc: denied { read } for pid=144 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 21.395419][ T342] cgroup1: Unknown subsys name 'devices' [ 21.422881][ T23] audit: type=1400 audit(1719998799.139:69): avc: denied { unmount } for pid=342 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.589212][ T342] cgroup1: Unknown subsys name 'hugetlb' [ 21.594814][ T342] cgroup1: Unknown subsys name 'rlimit' [ 21.757863][ T23] audit: type=1400 audit(1719998799.479:70): avc: denied { setattr } for pid=342 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=9287 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.780896][ T23] audit: type=1400 audit(1719998799.479:71): avc: denied { mounton } for pid=342 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 21.802660][ T344] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 21.805486][ T23] audit: type=1400 audit(1719998799.479:72): avc: denied { mount } for pid=342 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 21.836784][ T23] audit: type=1400 audit(1719998799.539:73): avc: denied { relabelto } for pid=344 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.861993][ T23] audit: type=1400 audit(1719998799.539:74): avc: denied { write } for pid=344 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.887415][ T23] audit: type=1400 audit(1719998799.559:75): avc: denied { read } for pid=342 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.887446][ T342] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.225612][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.232793][ T353] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.240198][ T353] device bridge_slave_0 entered promiscuous mode [ 22.250492][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.257416][ T353] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.264721][ T353] device bridge_slave_1 entered promiscuous mode [ 22.309127][ T354] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.316028][ T354] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.323371][ T354] device bridge_slave_0 entered promiscuous mode [ 22.338214][ T354] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.345034][ T354] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.352450][ T354] device bridge_slave_1 entered promiscuous mode [ 22.381462][ T350] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.388452][ T350] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.395795][ T350] device bridge_slave_0 entered promiscuous mode [ 22.413540][ T350] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.420390][ T350] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.427752][ T350] device bridge_slave_1 entered promiscuous mode [ 22.448649][ T355] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.455566][ T355] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.462854][ T355] device bridge_slave_0 entered promiscuous mode [ 22.472978][ T355] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.479833][ T355] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.487005][ T355] device bridge_slave_1 entered promiscuous mode [ 22.518727][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.525561][ T352] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.532935][ T352] device bridge_slave_0 entered promiscuous mode [ 22.561544][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.568416][ T352] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.575565][ T352] device bridge_slave_1 entered promiscuous mode [ 22.697607][ T354] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.704441][ T354] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.711773][ T354] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.718513][ T354] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.744820][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.751755][ T353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.758876][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.765635][ T353] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.789029][ T350] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.795862][ T350] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.803010][ T350] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.809764][ T350] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.838776][ T355] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.845606][ T355] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.852833][ T355] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.859595][ T355] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.875069][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.882006][ T352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.889125][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.895872][ T352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.929205][ T107] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.936258][ T107] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.943952][ T107] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.951254][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.958876][ T107] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.965795][ T107] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.973002][ T107] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.980119][ T107] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.987357][ T107] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.994281][ T107] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.001229][ T107] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.008685][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.015851][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.023161][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.030492][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.063099][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.071356][ T357] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.078199][ T357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.085578][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.094130][ T357] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.100972][ T357] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.108871][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.116593][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.124594][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.132536][ T357] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.139366][ T357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.146498][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.154464][ T357] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.161288][ T357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.168637][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.176570][ T357] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.183400][ T357] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.197002][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.204949][ T107] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.211788][ T107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.240612][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.248904][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.266255][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.274304][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.282252][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.290045][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.297390][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.305170][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.312963][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.320277][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.349288][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.359087][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.367322][ T357] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.374126][ T357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.381450][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.389513][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.397588][ T357] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.404395][ T357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.411871][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.420208][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.428191][ T357] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.435001][ T357] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.442216][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 23.450295][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.458283][ T357] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.465100][ T357] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.472295][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.480597][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.488797][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.496392][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.504116][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.512182][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.526216][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.534275][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.542268][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.550413][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.567267][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.575204][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.583468][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.591531][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.613827][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.622171][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.631196][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.639347][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.647021][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.654777][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.662680][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.670637][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.686387][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.694844][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.717603][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.725685][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.733887][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.742449][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.750758][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.758502][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.766134][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.774187][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.794120][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.802159][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.810546][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.818744][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.826920][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.834801][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.842886][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.868603][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.881353][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.889644][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.898224][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.906234][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.914313][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.948114][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.956155][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.966903][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.974719][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.982697][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.991161][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.026541][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.036285][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.058284][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.066593][ T385] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3'. [ 24.067303][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.086308][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.105258][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.156822][ T357] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 24.253938][ T402] EXT4-fs error (device loop2): ext4_free_blocks:4895: comm syz.2.12: Freeing blocks in system zone - Block = 11, count = 1 [ 24.271486][ T402] EXT4-fs error (device loop2): ext4_clear_blocks:858: inode #13: comm syz.2.12: attempt to clear invalid blocks 1024 len 1 [ 24.289956][ T402] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 24.307758][ T402] EXT4-fs error (device loop2): ext4_free_branches:1022: inode #13: comm syz.2.12: invalid indirect mapped block 1819239214 (level 0) [ 24.325834][ T402] EXT4-fs (loop2): 1 truncate cleaned up [ 24.336348][ T402] EXT4-fs (loop2): mounted filesystem without journal. Opts: abort,bsdgroups,nodelalloc,abort,noblock_validity,,errors=continue [ 24.357357][ T402] EXT4-fs error (device loop2): ext4_remount:5517: Abort forced by user [ 24.365701][ T402] EXT4-fs (loop2): Remounting filesystem read-only [ 24.856692][ T357] usb 5-1: Using ep0 maxpacket: 16 [ 24.976737][ T357] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 24.995192][ T357] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 25.035851][ T357] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 25.045540][ T357] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 25.055287][ T357] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 25.163210][ T425] syz.0.18 (425) used greatest stack depth: 22552 bytes left [ 25.312958][ T443] erofs: (device loop3): mounted with opts: , root inode @ nid 36. [ 25.366886][ T357] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 25.376563][ T357] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 25.384551][ T357] usb 5-1: Manufacturer: syz [ 25.393293][ T357] usb 5-1: config 0 descriptor?? [ 25.549538][ T455] F2FS-fs (loop2): invalid crc value [ 25.559406][ T455] F2FS-fs (loop2): Found nat_bits in checkpoint [ 25.584119][ T455] F2FS-fs (loop2): Cannot turn on quotas: -2 on 1 [ 25.591047][ T455] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 25.604867][ T455] F2FS-fs (loop2): switch extent_cache option is not allowed [ 25.615225][ T354] attempt to access beyond end of device [ 25.615225][ T354] loop2: rw=2049, want=45104, limit=40427 [ 25.855530][ T466] EXT4-fs: Warning: mounting with data=journal disables delayed allocation and O_DIRECT support! [ 25.868942][ T466] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 25.878797][ T466] EXT4-fs (loop3): Unsupported blocksize for fs encryption [ 26.011278][ T476] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 26.027200][ T476] EXT4-fs (loop2): Unsupported blocksize for fs encryption [ 26.096455][ T483] syz.3.37 (483) used greatest stack depth: 21400 bytes left [ 26.112499][ T485] [ 26.114797][ T485] ********************************************************** [ 26.123417][ T485] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 26.130822][ T485] ** ** [ 26.138423][ T485] ** trace_printk() being used. Allocating extra memory. ** [ 26.145656][ T485] ** ** [ 26.153112][ T485] ** This means that this is a DEBUG kernel and it is ** [ 26.160567][ T485] ** unsafe for production use. ** [ 26.168205][ T485] ** ** [ 26.187038][ T485] ** If you see this message and you are not debugging ** [ 26.213143][ T485] ** the kernel, report this immediately to your vendor! ** [ 26.240077][ T485] ** ** [ 26.251041][ T485] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 26.259047][ T485] ********************************************************** [ 26.899367][ T357] usb 5-1: USB disconnect, device number 2 [ 27.241521][ T23] kauditd_printk_skb: 72 callbacks suppressed [ 27.241529][ T23] audit: type=1400 audit(1719998804.959:148): avc: denied { mounton } for pid=493 comm="syz.1.42" path="/10/file0" dev="tmpfs" ino=12093 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 27.297243][ T513] erofs: (device loop1): mounted with opts: , root inode @ nid 36. [ 27.724371][ T531] mmap: syz.1.55 (531) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 27.789190][ T529] syz.2.49 (529) used greatest stack depth: 21048 bytes left [ 27.976419][ T23] audit: type=1400 audit(1719998805.679:149): avc: denied { getopt } for pid=539 comm="syz.2.59" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 27.998122][ T23] audit: type=1400 audit(1719998805.689:150): avc: denied { setopt } for pid=539 comm="syz.2.59" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 28.146672][ T386] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 28.310228][ T554] syz.3.64[554] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 28.310279][ T554] syz.3.64[554] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 28.326790][ T554] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 28.361084][ T554] syz.3.64[554] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 28.361137][ T554] syz.3.64[554] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 28.367464][ T23] audit: type=1400 audit(1719998806.039:151): avc: denied { ioctl } for pid=553 comm="syz.3.64" path="/dev/kvm" dev="devtmpfs" ino=116 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 28.433831][ T23] audit: type=1400 audit(1719998806.149:152): avc: denied { read } for pid=558 comm="syz.3.66" name="rtc0" dev="devtmpfs" ino=9292 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 28.456459][ T23] audit: type=1400 audit(1719998806.149:153): avc: denied { open } for pid=558 comm="syz.3.66" path="/dev/rtc0" dev="devtmpfs" ino=9292 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 28.456881][ T386] usb 5-1: Using ep0 maxpacket: 16 [ 28.499568][ T23] audit: type=1400 audit(1719998806.149:154): avc: denied { ioctl } for pid=558 comm="syz.3.66" path="/dev/rtc0" dev="devtmpfs" ino=9292 ioctlcmd=0x7003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 28.669791][ T560] erofs: (device loop0): mounted with opts: , root inode @ nid 36. [ 28.707281][ T386] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 28.725808][ T386] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 28.736365][ T386] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 28.746979][ T386] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.755801][ T386] usb 5-1: config 0 descriptor?? [ 28.785339][ T23] audit: type=1400 audit(1719998806.499:155): avc: denied { mount } for pid=572 comm="syz.2.72" name="/" dev="loop2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 28.807116][ T573] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 28.817625][ T573] FAT-fs (loop2): Filesystem has been set read-only [ 28.824137][ T573] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 28.834857][ T573] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 28.845104][ T573] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 28.855525][ T573] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 28.873723][ T573] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 28.884087][ T578] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 28.894345][ T573] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 28.904601][ T578] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 28.915770][ T573] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 29.238288][ T386] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0 [ 29.248841][ T386] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0 [ 29.259978][ T386] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0 [ 29.276270][ T386] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0 [ 29.288255][ T386] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0 [ 29.320151][ T386] cp2112 0003:10C4:EA90.0001: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.4-1/input0 [ 29.446869][ T386] cp2112 0003:10C4:EA90.0001: Part Number: 0x00 Device Version: 0x00 [ 29.659513][ T23] audit: type=1400 audit(1719998807.379:156): avc: denied { unmount } for pid=354 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 29.722140][ T592] netlink: 40 bytes leftover after parsing attributes in process `syz.2.77'. [ 29.768818][ T598] syz.2.80[598] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 29.768869][ T598] syz.2.80[598] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 29.863579][ T23] audit: type=1400 audit(1719998807.579:157): avc: denied { write } for pid=597 comm="syz.2.80" name="001" dev="devtmpfs" ino=9286 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 30.096427][ T357] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 30.116762][ T386] cp2112 0003:10C4:EA90.0001: error reading lock byte: -71 [ 30.118883][ T589] syz.0.76 (589) used greatest stack depth: 20920 bytes left [ 30.130043][ T386] usb 5-1: USB disconnect, device number 3 [ 30.456929][ T357] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.456943][ T357] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 30.456966][ T357] usb 2-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 30.456977][ T357] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.457792][ T357] usb 2-1: config 0 descriptor?? [ 31.642514][ T357] hid-multitouch 0003:1FD2:6007.0002: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.1-1/input0 [ 31.700892][ T625] erofs: (device loop3): mounted with opts: , root inode @ nid 36. [ 31.754192][ T357] usb 2-1: USB disconnect, device number 2 [ 32.847487][ T646] F2FS-fs (loop2): Unrecognized mount option "alloc_" or missing value [ 33.048105][ T668] netlink: 8 bytes leftover after parsing attributes in process `syz.4.100'. [ 33.311483][ T673] syz.1.102[673] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 33.311516][ T673] syz.1.102[673] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 33.326717][ T357] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 33.499971][ T675] F2FS-fs (loop1): Invalid log blocks per segment (4278190089) [ 33.507513][ T675] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 33.517693][ T675] F2FS-fs (loop1): invalid crc value [ 33.524250][ T675] F2FS-fs (loop1): Found nat_bits in checkpoint [ 33.548619][ T675] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 33.555515][ T675] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 33.586693][ T357] usb 5-1: Using ep0 maxpacket: 16 [ 33.706727][ T357] usb 5-1: config 0 has an invalid interface number: 2 but max is 0 [ 33.714607][ T357] usb 5-1: config 0 has 2 interfaces, different from the descriptor's value: 1 [ 33.723336][ T357] usb 5-1: config 0 has no interface number 1 [ 33.729272][ T357] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 33.742038][ T357] usb 5-1: config 0 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 33.871999][ T74] cfg80211: failed to load regulatory.db [ 33.916561][ T694] EXT4-fs (loop3): Ignoring removed orlov option [ 33.923200][ T694] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 33.938411][ T694] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=8803c118, mo2=0002] [ 33.946837][ T357] usb 5-1: New USB device found, idVendor=0582, idProduct=0004, bcdDevice=c9.b1 [ 33.947889][ T694] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,debug,noauto_da_alloc,nomblk_io_submit,,errors=continue [ 33.965888][ T357] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 34.096870][ T23] kauditd_printk_skb: 8 callbacks suppressed [ 34.096887][ T23] audit: type=1400 audit(1719998811.809:166): avc: denied { ioctl } for pid=688 comm="syz.0.107" path="socket:[14469]" dev="sockfs" ino=14469 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 34.158606][ T23] audit: type=1400 audit(1719998811.849:167): avc: denied { read } for pid=688 comm="syz.0.107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 34.163900][ T357] usb 5-1: Product: syz [ 34.181339][ T357] usb 5-1: Manufacturer: syz [ 34.185761][ T357] usb 5-1: SerialNumber: syz [ 34.191123][ T357] usb 5-1: config 0 descriptor?? [ 34.200457][ T23] audit: type=1400 audit(1719998811.919:168): avc: denied { write } for pid=688 comm="syz.0.107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 34.226689][ T356] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 34.238560][ T357] snd-usb-audio: probe of 5-1:0.0 failed with error -2 [ 34.246830][ T699] erofs: (device loop1): mounted with opts: , root inode @ nid 36. [ 34.248566][ T23] audit: type=1400 audit(1719998811.969:169): avc: denied { write } for pid=693 comm="syz.3.109" path="/25/file1/bus" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 34.258507][ T357] snd-usb-audio: probe of 5-1:0.2 failed with error -2 [ 34.289805][ T694] EXT4-fs error (device loop3): __ext4_new_inode:926: comm syz.3.109: reserved inode found cleared - inode=2 [ 34.294586][ T23] audit: type=1400 audit(1719998811.969:170): avc: denied { mounton } for pid=693 comm="syz.3.109" path="/25/file1/bus" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 34.308309][ T355] EXT4-fs error (device loop3): ext4_lookup:1814: inode #11: comm syz-executor: iget: bad extra_isize 7060 (inode size 256) [ 34.338289][ T23] audit: type=1400 audit(1719998811.969:171): avc: denied { map } for pid=693 comm="syz.3.109" path="/25/file1/bus" dev="devtmpfs" ino=9192 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 34.339824][ T355] EXT4-fs error (device loop3): ext4_lookup:1814: inode #11: comm syz-executor: iget: bad extra_isize 7060 (inode size 256) [ 34.439056][ T629] usb 5-1: USB disconnect, device number 4 [ 34.516836][ T703] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.523664][ T703] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.531195][ T703] device bridge_slave_0 entered promiscuous mode [ 34.539832][ T703] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.547586][ T703] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.554827][ T703] device bridge_slave_1 entered promiscuous mode [ 34.599986][ T703] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.606836][ T703] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.613900][ T703] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.616714][ T356] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 34.620726][ T703] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.631892][ T356] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 34.650379][ T356] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 34.660019][ T356] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 34.660075][ T629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.668806][ T356] usb 3-1: config 0 descriptor?? [ 34.692779][ T629] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.699946][ T629] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.733652][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 34.749083][ T74] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.755944][ T74] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.773302][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 34.784843][ T74] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.791717][ T74] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.800351][ T23] audit: type=1400 audit(1719998812.519:172): avc: denied { write } for pid=707 comm="syz.1.113" name="kvm" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 34.824005][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 34.833261][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 34.857001][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 34.873594][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 34.888744][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 34.901089][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 34.912458][ T357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 34.931796][ T23] audit: type=1400 audit(1719998812.649:173): avc: denied { mounton } for pid=703 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=11566 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 34.967077][ T9] device bridge_slave_1 left promiscuous mode [ 34.975006][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.982416][ T9] device bridge_slave_0 left promiscuous mode [ 34.994209][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.136686][ T374] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 35.239902][ T18] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 35.325117][ T356] hid-multitouch 0003:1FD2:6007.0003: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.2-1/input0 [ 35.667718][ T5] usb 3-1: USB disconnect, device number 2 [ 35.706751][ T374] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 35.716774][ T374] usb 2-1: New USB device found, idVendor=0403, idProduct=fc0d, bcdDevice=eb.03 [ 35.725616][ T374] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.734276][ T374] usb 2-1: config 0 descriptor?? [ 35.766758][ T18] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 35.777509][ T18] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 35.787768][ T374] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 35.788394][ T374] usb 2-1: Detected FT-X [ 35.796453][ T18] usb 1-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 35.808872][ T18] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.817582][ T18] usb 1-1: config 0 descriptor?? [ 36.026928][ T374] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 36.046704][ T374] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 36.066785][ T374] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71 [ 36.318391][ T18] hid-rmi 0003:06CB:81A7.0004: unknown main item tag 0x0 [ 36.345754][ T18] hid-rmi 0003:06CB:81A7.0004: unknown main item tag 0x0 [ 36.345847][ T374] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 36.361804][ T374] usb 2-1: USB disconnect, device number 3 [ 36.368001][ T374] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 36.378740][ T374] ftdi_sio 2-1:0.0: device disconnected [ 36.381115][ T18] hid-rmi 0003:06CB:81A7.0004: unknown main item tag 0x0 [ 36.404445][ T18] hid-rmi 0003:06CB:81A7.0004: unknown main item tag 0x0 [ 36.418653][ T18] hid-rmi 0003:06CB:81A7.0004: unknown main item tag 0x0 [ 36.436095][ T18] hid-rmi 0003:06CB:81A7.0004: hidraw0: USB HID v0.00 Device [HID 06cb:81a7] on usb-dummy_hcd.0-1/input0 [ 36.518580][ T18] usb 1-1: USB disconnect, device number 2 [ 36.975547][ T749] EXT4-fs (loop4): Ignoring removed orlov option [ 36.982025][ T749] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 36.998646][ T749] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=8803c118, mo2=0002] [ 37.007746][ T749] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,debug,noauto_da_alloc,nomblk_io_submit,,errors=continue [ 37.049098][ T749] EXT4-fs error (device loop4): __ext4_new_inode:926: comm syz.4.125: reserved inode found cleared - inode=2 [ 37.068978][ T350] EXT4-fs error (device loop4): ext4_lookup:1814: inode #11: comm syz-executor: iget: bad extra_isize 7060 (inode size 256) [ 37.084475][ T350] EXT4-fs error (device loop4): ext4_lookup:1814: inode #11: comm syz-executor: iget: bad extra_isize 7060 (inode size 256) [ 37.159338][ T350] syz-executor (350) used greatest stack depth: 20088 bytes left [ 37.289835][ T767] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.296874][ T767] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.304026][ T767] device bridge_slave_0 entered promiscuous mode [ 37.311447][ T767] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.318307][ T767] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.353286][ T767] device bridge_slave_1 entered promiscuous mode [ 37.674753][ T767] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.681617][ T767] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.688735][ T767] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.695472][ T767] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.866776][ T5] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 37.959422][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 37.969012][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.993425][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.027119][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.048945][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.055779][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.064807][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.072896][ T107] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.079965][ T107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.108982][ T629] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.117257][ T629] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.138871][ T793] EXT4-fs (loop3): Ignoring removed orlov option [ 38.147968][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 38.158117][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.166067][ T793] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 38.185268][ T629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 38.193316][ T629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.217547][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 38.225763][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 38.234494][ T793] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=8803c118, mo2=0002] [ 38.236717][ T5] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 38.242926][ T793] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,debug,noauto_da_alloc,nomblk_io_submit,,errors=continue [ 38.267096][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 38.286997][ T5] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 38.305190][ T793] EXT4-fs error (device loop3): __ext4_new_inode:926: comm syz.3.140: reserved inode found cleared - inode=2 [ 38.306579][ T5] usb 2-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 38.326331][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 38.337744][ T5] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.344043][ T703] EXT4-fs error (device loop3): ext4_lookup:1814: inode #11: comm syz-executor: iget: bad extra_isize 7060 (inode size 256) [ 38.346457][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 38.368866][ T5] usb 2-1: config 0 descriptor?? [ 38.374108][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 38.375645][ T703] EXT4-fs error (device loop3): ext4_lookup:1814: inode #11: comm syz-executor: iget: bad extra_isize 7060 (inode size 256) [ 38.395094][ T9] device bridge_slave_1 left promiscuous mode [ 38.401071][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.410251][ T9] device bridge_slave_0 left promiscuous mode [ 38.416772][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.568386][ T803] EXT4-fs (loop4): mounted filesystem without journal. Opts: noauto_da_alloc,max_dir_size_kb=0x0000000000000001,dioread_lock,norecovery,discard,lazytime,noload,usrquota,noauto_da_alloc,,errors=continue [ 38.735643][ T813] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.742629][ T813] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.750237][ T813] device bridge_slave_0 entered promiscuous mode [ 38.757116][ T813] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.763934][ T813] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.771263][ T813] device bridge_slave_1 entered promiscuous mode [ 38.840377][ T813] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.847234][ T813] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.854355][ T813] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.861129][ T813] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.871188][ T5] hid-multitouch 0003:1FD2:6007.0005: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.1-1/input0 [ 38.915252][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.925876][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.933427][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.944050][ T23] audit: type=1400 audit(1719998816.669:174): avc: denied { ioctl } for pid=824 comm="syz.2.150" path="socket:[15427]" dev="sockfs" ino=15427 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 38.976692][ T23] audit: type=1400 audit(1719998816.699:175): avc: denied { setopt } for pid=824 comm="syz.2.150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 39.000272][ T629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.016894][ T629] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.023729][ T629] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.046844][ T629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.054899][ T629] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.061759][ T629] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.081761][ T18] usb 2-1: USB disconnect, device number 4 [ 39.100355][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.116990][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.138326][ T629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.155092][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 39.163128][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.190697][ T629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 39.199128][ T629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.229539][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.247016][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.255273][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.277334][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.407625][ T9] device bridge_slave_1 left promiscuous mode [ 39.414494][ T830] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 39.423282][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.470384][ T9] device bridge_slave_0 left promiscuous mode [ 39.476342][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.575989][ T823] F2FS-fs (loop4): Test dummy encryption mode enabled [ 39.591833][ T823] F2FS-fs (loop4): invalid crc value [ 39.611434][ T846] netlink: 40 bytes leftover after parsing attributes in process `syz.3.155'. [ 39.628036][ T823] F2FS-fs (loop4): Found nat_bits in checkpoint [ 39.908787][ T823] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 39.986276][ T823] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 39.988276][ T853] EXT4-fs error (device loop3): mb_free_blocks:1458: group 0, inode 16: block 41:freeing already freed block (bit 41); block bitmap corrupt. [ 40.009058][ T853] EXT4-fs (loop3): Remounting filesystem read-only [ 40.018378][ T868] tipc: Started in network mode [ 40.022594][ T853] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 45 vs 56 free clusters [ 40.023039][ T868] tipc: Own node identity f7, cluster identity 4711 [ 40.115469][ T868] tipc: 32-bit node address hash set to f7 [ 40.138905][ T853] EXT4-fs (loop3): 1 orphan inode deleted [ 40.157852][ T7] __quota_error: 1 callbacks suppressed [ 40.157869][ T7] Quota error (device loop3): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync! [ 40.191679][ T853] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,sysvgroups,dioread_lock,resgid=0x0000000000000000,noauto_da_alloc,resgid=0x0000000000000000,barrier,init_itable=0x0000000000000005,usrquota, [ 40.240500][ T853] ext4 filesystem being mounted at /4/file1 supports timestamps until 2038 (0x7fffffff) [ 40.255599][ T23] audit: type=1400 audit(1719998817.969:177): avc: denied { relabelfrom } for pid=870 comm="syz.2.162" name="" dev="pipefs" ino=16693 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 40.281488][ T871] SELinux: Context system_u:object_r: is not valid (left unmapped). [ 40.307280][ T23] audit: type=1400 audit(1719998818.019:178): avc: denied { relabelto } for pid=870 comm="syz.2.162" name="" dev="pipefs" ino=16693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1 trawcon="system_u:object_r:" [ 40.628305][ T889] syz.3.168[889] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 40.628359][ T889] syz.3.168[889] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 40.641309][ T882] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 40.680344][ T882] EXT4-fs (loop0): couldn't mount RDWR because of unsupported optional features (10000) [ 40.821029][ T23] audit: type=1400 audit(1719998818.539:179): avc: denied { create } for pid=885 comm="syz.4.161" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 40.855242][ T23] audit: type=1400 audit(1719998818.539:180): avc: denied { create } for pid=885 comm="syz.4.161" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 40.894488][ T23] audit: type=1400 audit(1719998818.559:181): avc: denied { write } for pid=885 comm="syz.4.161" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 40.917684][ T23] audit: type=1400 audit(1719998818.639:182): avc: denied { execute } for pid=896 comm="syz.1.171" path="/26/file0/bus" dev="tmpfs" ino=15599 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 40.946761][ T378] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 41.014361][ T23] audit: type=1400 audit(1719998818.729:183): avc: denied { read } for pid=900 comm="syz.1.172" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=16838 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 41.105486][ T23] audit: type=1400 audit(1719998818.819:184): avc: denied { unmount } for pid=352 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 41.426723][ T378] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 41.437440][ T378] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 41.446995][ T378] usb 4-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 41.455830][ T378] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 41.468154][ T378] usb 4-1: config 0 descriptor?? [ 41.655630][ T23] audit: type=1400 audit(1719998819.369:185): avc: denied { create } for pid=915 comm="syz.4.178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 42.009362][ T378] hid-multitouch 0003:1FD2:6007.0006: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.3-1/input0 [ 42.200427][ T950] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.207343][ T950] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.212830][ T378] usb 4-1: USB disconnect, device number 2 [ 42.216081][ T950] device bridge_slave_0 entered promiscuous mode [ 42.226780][ T950] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.233663][ T950] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.240974][ T950] device bridge_slave_1 entered promiscuous mode [ 42.287630][ T950] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.294468][ T950] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.301621][ T950] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.308375][ T950] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.333612][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.345877][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.353515][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.375118][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.383777][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.390636][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.400544][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.408651][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.415477][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.422261][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 2. Dropping request. Check SNMP counters. [ 42.436166][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.444845][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.460596][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.477050][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.487134][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.501118][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.511595][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.787422][ T9] device bridge_slave_1 left promiscuous mode [ 42.793449][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.800949][ T9] device bridge_slave_0 left promiscuous mode [ 42.807027][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.236166][ T23] kauditd_printk_skb: 2 callbacks suppressed [ 46.236175][ T23] audit: type=1400 audit(1719998823.949:188): avc: denied { write } for pid=1008 comm="syz.0.207" name="sockstat6" dev="proc" ino=4026532497 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 49.093992][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 2. Dropping request. Check SNMP counters. [ 50.582752][ T179] tipc: Left network mode [ 50.582918][ T354] syz-executor (354) used greatest stack depth: 19576 bytes left [ 50.790760][ T1078] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.814499][ T1078] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.933758][ T1078] device bridge_slave_0 entered promiscuous mode [ 50.979567][ T1078] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.108891][ T1078] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.121197][ T1078] device bridge_slave_1 entered promiscuous mode [ 52.471082][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.553916][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.573716][ T378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.583037][ T378] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.591919][ T378] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.598768][ T378] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.606800][ T378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.615976][ T378] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.626489][ T378] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.633339][ T378] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.666033][ T1097] xt_hashlimit: overflow, try lower: 0/0 [ 52.706945][ T629] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.725777][ T629] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.754514][ T23] audit: type=1400 audit(1719998830.379:189): avc: denied { setopt } for pid=1094 comm="syz.4.230" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 52.779170][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.818119][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 52.836440][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 52.854681][ T179] device bridge_slave_1 left promiscuous mode [ 52.861988][ T179] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.870859][ T179] device bridge_slave_0 left promiscuous mode [ 52.876939][ T179] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.035885][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 53.050983][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 53.065847][ T386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 53.380726][ T1103] F2FS-fs (loop1): invalid crc value [ 53.472925][ T1103] F2FS-fs (loop1): SIT is corrupted node# 5 vs 7 [ 53.480208][ T1103] F2FS-fs (loop1): Failed to initialize F2FS segment manager (-117) [ 53.950087][ T1142] EXT4-fs (loop0): Unsupported blocksize for fs encryption [ 54.111318][ T23] audit: type=1400 audit(1719998831.829:190): avc: denied { read write } for pid=1144 comm="syz.1.246" name="uinput" dev="devtmpfs" ino=9291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 54.155196][ T23] audit: type=1400 audit(1719998831.829:191): avc: denied { open } for pid=1144 comm="syz.1.246" path="/dev/uinput" dev="devtmpfs" ino=9291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 54.210632][ T23] audit: type=1326 audit(1719998831.909:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1149 comm="syz.1.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e551b1b99 code=0x7ffc0000 [ 54.304149][ T1147] EXT4-fs (loop0): corrupt root inode, run e2fsck [ 54.317563][ T1147] EXT4-fs (loop0): mount failed [ 54.343881][ T23] audit: type=1326 audit(1719998831.909:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1149 comm="syz.1.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f1e551b1b99 code=0x7ffc0000 [ 54.369424][ T23] audit: type=1326 audit(1719998831.909:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1149 comm="syz.1.247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e551b1b99 code=0x7ffc0000 [ 54.399151][ T23] audit: type=1400 audit(1719998831.919:195): avc: denied { name_bind } for pid=1151 comm="syz.1.248" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 54.422040][ T23] audit: type=1400 audit(1719998832.109:196): avc: denied { ioctl } for pid=1165 comm="syz.4.253" path="socket:[18827]" dev="sockfs" ino=18827 ioctlcmd=0x48f0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 54.489154][ T23] audit: type=1400 audit(1719998832.209:197): avc: denied { setopt } for pid=1173 comm="syz.1.257" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 54.866934][ T23] audit: type=1400 audit(1719998832.579:198): avc: denied { setopt } for pid=1191 comm="syz.1.265" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 55.394932][ T1172] F2FS-fs (loop4): invalid crc value [ 55.419310][ T1172] F2FS-fs (loop4): SIT is corrupted node# 5 vs 7 [ 55.427536][ T1172] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-117) [ 55.756962][ T1228] netlink: 'syz.2.276': attribute type 4 has an invalid length. [ 55.802269][ T1228] netlink: 'syz.2.276': attribute type 4 has an invalid length. [ 55.816171][ T1228] syz.2.276 (1228) used greatest stack depth: 19448 bytes left [ 55.891338][ T1246] netlink: 8 bytes leftover after parsing attributes in process `syz.4.285'. [ 55.927419][ T1240] netlink: 8 bytes leftover after parsing attributes in process `syz.3.282'. [ 56.206328][ T1267] netlink: 8 bytes leftover after parsing attributes in process `syz.3.292'. [ 56.216870][ T1256] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 56.229339][ T1256] ext4 filesystem being mounted at /27/file0 supports timestamps until 2038 (0x7fffffff) [ 56.258943][ T1256] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 56.291078][ T1256] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 6 with max blocks 1 with error 28 [ 56.314449][ T1256] EXT4-fs (loop4): This should not happen!! Data will be lost [ 56.314449][ T1256] [ 56.340462][ T1256] EXT4-fs (loop4): Total free blocks count 0 [ 56.351441][ T1256] EXT4-fs (loop4): Free/Dirty block details [ 56.361424][ T1256] EXT4-fs (loop4): free_blocks=65280 [ 56.371944][ T1256] EXT4-fs (loop4): dirty_blocks=1 [ 56.380949][ T1256] EXT4-fs (loop4): Block reservation details [ 56.392978][ T1256] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 56.404364][ T1278] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 6 with error 28 [ 56.429726][ T1278] EXT4-fs (loop4): This should not happen!! Data will be lost [ 56.429726][ T1278] [ 56.758721][ T1280] F2FS-fs (loop3): invalid crc value [ 56.788239][ T1280] F2FS-fs (loop3): SIT is corrupted node# 5 vs 7 [ 56.788249][ T1280] F2FS-fs (loop3): Failed to initialize F2FS segment manager (-117) [ 56.847973][ T1312] EXT4-fs (loop4): Ignoring removed nobh option [ 56.870290][ T1312] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled [ 56.879985][ T1312] EXT4-fs (loop4): Unsupported blocksize for fs encryption [ 56.889585][ T1319] netlink: 8 bytes leftover after parsing attributes in process `syz.2.312'. [ 57.031073][ T1322] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.038586][ T1322] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.046060][ T1322] device bridge_slave_0 entered promiscuous mode [ 57.056491][ T1322] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.063567][ T1322] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.072094][ T1322] device bridge_slave_1 entered promiscuous mode [ 57.198315][ T1322] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.205193][ T1322] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.212316][ T1322] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.219076][ T1322] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.521907][ T1337] SELinux: failed to load policy [ 57.544210][ T1339] netlink: 12 bytes leftover after parsing attributes in process `syz.3.319'. [ 57.567312][ T386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.576471][ T386] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.591928][ T386] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.615678][ T386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.627122][ T386] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.633979][ T386] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.642232][ T386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.650724][ T386] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.657606][ T386] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.678059][ T1343] netlink: 8 bytes leftover after parsing attributes in process `syz.1.322'. [ 57.680684][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.685156][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.702397][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 57.710551][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 57.784802][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.814880][ T378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.832928][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.864757][ T179] device bridge_slave_1 left promiscuous mode [ 57.870920][ T23] kauditd_printk_skb: 14 callbacks suppressed [ 57.870929][ T23] audit: type=1400 audit(1719998835.589:213): avc: denied { mount } for pid=1322 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 57.893419][ T179] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.908839][ T179] device bridge_slave_0 left promiscuous mode [ 57.914847][ T179] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.960857][ T23] audit: type=1400 audit(1719998835.679:214): avc: denied { create } for pid=1377 comm="syz.1.338" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 58.300031][ T23] audit: type=1400 audit(1719998836.019:215): avc: denied { create } for pid=1413 comm="syz.1.352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 58.460482][ T23] audit: type=1400 audit(1719998836.039:216): avc: denied { setopt } for pid=1413 comm="syz.1.352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 59.780247][ T1564] syz.3.422[1564] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 59.780296][ T1564] syz.3.422[1564] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 60.128086][ T1621] 9pnet: Insufficient options for proto=fd [ 60.479493][ T1644] Zero length message leads to an empty skb [ 60.560554][ T1648] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 60.567813][ T1650] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 60.578723][ T1650] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,block_validity,noinit_itable,mblk_io_submit,grpquota,barrier=0x0000000000000000,errors=remount-ro,bsddf, [ 60.578768][ T1648] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,block_validity,noinit_itable,mblk_io_submit,grpquota,barrier=0x0000000000000000,errors=remount-ro,bsddf, [ 60.658019][ T23] audit: type=1400 audit(1719998838.379:217): avc: denied { map } for pid=1649 comm="syz.3.459" path="/55/file1/cgroup.controllers" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 60.689911][ T1650] EXT4-fs error (device loop3): ext4_validate_block_bitmap:418: comm syz.3.459: bg 0: block 234: padding at end of block bitmap is not set [ 60.704542][ T1650] EXT4-fs (loop3): Remounting filesystem read-only [ 60.820852][ T1648] EXT4-fs error (device loop1): ext4_validate_block_bitmap:418: comm syz.1.458: bg 0: block 234: padding at end of block bitmap is not set [ 60.840207][ T1648] EXT4-fs (loop1): Remounting filesystem read-only [ 60.845502][ T23] audit: type=1400 audit(1719998838.559:218): avc: denied { bind } for pid=1667 comm="syz.3.463" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 60.866869][ T23] audit: type=1400 audit(1719998838.579:219): avc: denied { node_bind } for pid=1667 comm="syz.3.463" saddr=172.20.20.170 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 60.867961][ T390] EXT4-fs (loop1): ext4_writepages: jbd2_start: 13312 pages, ino 18; err -30 [ 60.891817][ T23] audit: type=1400 audit(1719998838.589:220): avc: denied { read } for pid=1667 comm="syz.3.463" name="msr" dev="devtmpfs" ino=9168 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 60.919813][ T23] audit: type=1400 audit(1719998838.589:221): avc: denied { open } for pid=1667 comm="syz.3.463" path="/dev/cpu/0/msr" dev="devtmpfs" ino=9168 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 60.946022][ T13] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 61.159834][ T1683] EXT4-fs (loop1): dax option not supported [ 61.231163][ T23] audit: type=1400 audit(1719998838.949:222): avc: denied { ioctl } for pid=1682 comm="syz.1.470" path="/dev/fuse" dev="devtmpfs" ino=9170 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 61.298500][ T107] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 61.346723][ T13] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 61.356338][ T13] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.372098][ T13] usb 3-1: config 0 descriptor?? [ 61.408546][ T1707] EXT4-fs (loop0): mounted filesystem without journal. Opts: usrquota,nobarrier,noauto_da_alloc,,errors=continue [ 61.420776][ T1707] ext4 filesystem being mounted at /19/bus supports timestamps until 2038 (0x7fffffff) [ 61.552002][ T1710] EXT4-fs (loop4): Unsupported blocksize for fs encryption [ 61.697215][ T1720] ====================================================== [ 61.697215][ T1720] WARNING: the mand mount option is being deprecated and [ 61.697215][ T1720] will be removed in v5.15! [ 61.697215][ T1720] ====================================================== [ 61.743879][ T1720] EXT4-fs (loop4): Unsupported blocksize for fs encryption [ 61.829834][ T767] ------------[ cut here ]------------ [ 61.835118][ T767] WARNING: CPU: 1 PID: 767 at fs/inode.c:302 drop_nlink+0xbb/0x100 [ 61.842822][ T767] Modules linked in: [ 61.846667][ T767] CPU: 1 PID: 767 Comm: syz-executor Not tainted 5.4.276-syzkaller-00021-g58de09405d1e #0 [ 61.856369][ T767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 61.866281][ T767] RIP: 0010:drop_nlink+0xbb/0x100 [ 61.871125][ T767] Code: 49 8b 1e 48 8d bb d0 04 00 00 be 08 00 00 00 e8 7b 9a f2 ff f0 48 ff 83 d0 04 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 d5 e1 c2 ff <0f> 0b eb 89 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c [ 61.890565][ T767] RSP: 0018:ffff8881de11fc68 EFLAGS: 00010293 [ 61.896463][ T767] RAX: ffffffff81a1572b RBX: 1ffff1103cf90815 RCX: ffff8881e05baf40 [ 61.896729][ T107] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 61.904284][ T767] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 61.904289][ T767] RBP: 0000000000000000 R08: ffffffff81a156af R09: 0000000000000003 [ 61.904294][ T767] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881e7c840a8 [ 61.904299][ T767] R13: dffffc0000000000 R14: ffff8881e7c84060 R15: dffffc0000000000 [ 61.904306][ T767] FS: 0000555557195500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 61.904320][ T767] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 61.913225][ T107] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 61.920940][ T767] CR2: 00007f5c7eb1c0a0 CR3: 00000001de9fd000 CR4: 00000000003406a0 [ 61.920947][ T767] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 61.920952][ T767] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 61.920954][ T767] Call Trace: [ 61.920976][ T767] ? __warn+0x162/0x250 [ 61.929923][ T107] usb 4-1: Product: syz [ 61.936577][ T767] ? report_bug+0x3a1/0x4e0 [ 61.944598][ T107] usb 4-1: Manufacturer: syz [ 61.953147][ T767] ? drop_nlink+0xbb/0x100 [ 61.953155][ T767] ? drop_nlink+0xbb/0x100 [ 61.953163][ T767] ? do_invalid_op+0x6e/0x110 [ 61.953171][ T767] ? invalid_op+0x1e/0x30 [ 61.953184][ T767] ? drop_nlink+0x3f/0x100 [ 61.959926][ T107] usb 4-1: SerialNumber: syz [ 61.967381][ T767] ? drop_nlink+0xbb/0x100 [ 61.967389][ T767] ? drop_nlink+0xbb/0x100 [ 61.967396][ T767] ? drop_nlink+0xbb/0x100 [ 61.967411][ T767] shmem_rmdir+0x54/0x80 [ 61.976296][ T107] usb 4-1: config 0 descriptor?? [ 61.983006][ T767] vfs_rmdir+0x285/0x3c0 [ 61.983016][ T767] incfs_kill_sb+0x105/0x200 [ 61.983025][ T767] deactivate_locked_super+0xa8/0x110 [ 61.983032][ T767] deactivate_super+0x1e2/0x2a0 [ 61.983045][ T767] ? vfs_submount+0xb0/0xb0 [ 62.080912][ T767] ? deactivate_locked_super+0x110/0x110 [ 62.086372][ T767] ? fast_dput+0x7a/0x280 [ 62.090537][ T767] cleanup_mnt+0x44e/0x500 [ 62.094791][ T767] task_work_run+0x140/0x170 [ 62.099216][ T767] exit_to_usermode_loop+0x190/0x1a0 [ 62.104337][ T767] prepare_exit_to_usermode+0x199/0x200 [ 62.109721][ T767] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 62.115447][ T767] RIP: 0033:0x7f5c7e992ec7 [ 62.119696][ T767] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 62.139143][ T767] RSP: 002b:00007fff1c7f8408 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 62.147384][ T767] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f5c7e992ec7 [ 62.155195][ T767] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff1c7f84c0 [ 62.163011][ T767] RBP: 00007fff1c7f84c0 R08: 0000000000000000 R09: 0000000000000000 [ 62.170820][ T767] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff1c7f9590 [ 62.178632][ T767] R13: 00007f5c7e9ff515 R14: 000000000000f0d5 R15: 0000000000000006 [ 62.186445][ T767] ---[ end trace b1e843c46cb71306 ]--- [ 62.194864][ T767] ================================================================== [ 62.202748][ T767] BUG: KASAN: null-ptr-deref in ihold+0x1b/0x50 [ 62.208818][ T767] Write of size 4 at addr 0000000000000160 by task syz-executor/767 [ 62.216619][ T767] [ 62.218796][ T767] CPU: 0 PID: 767 Comm: syz-executor Tainted: G W 5.4.276-syzkaller-00021-g58de09405d1e #0 SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 62.229909][ T767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 62.239806][ T767] Call Trace: [ 62.242942][ T767] dump_stack+0x1d8/0x241 [ 62.247117][ T767] ? panic+0x89d/0x89d [ 62.251009][ T767] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 62.256652][ T767] ? _raw_spin_trylock_bh+0x190/0x190 [ 62.261858][ T767] ? shmem_destroy_inode+0x5/0x10 [ 62.266715][ T767] ? ihold+0x1b/0x50 [ 62.270437][ T767] __kasan_report+0xe9/0x120 [ 62.274866][ T767] ? ihold+0x1b/0x50 [ 62.278598][ T767] kasan_report+0x30/0x60 [ 62.282762][ T767] check_memory_region+0x272/0x280 [ 62.287710][ T767] ihold+0x1b/0x50 [ 62.291268][ T767] vfs_rmdir+0x1e0/0x3c0 [ 62.295350][ T767] incfs_kill_sb+0x105/0x200 [ 62.299776][ T767] deactivate_locked_super+0xa8/0x110 [ 62.304983][ T767] deactivate_super+0x1e2/0x2a0 [ 62.309668][ T767] ? vfs_submount+0xb0/0xb0 [ 62.314009][ T767] ? deactivate_locked_super+0x110/0x110 [ 62.319485][ T767] ? fast_dput+0x7a/0x280 [ 62.323642][ T767] cleanup_mnt+0x44e/0x500 [ 62.327895][ T767] task_work_run+0x140/0x170 [ 62.332324][ T767] exit_to_usermode_loop+0x190/0x1a0 [ 62.337450][ T767] prepare_exit_to_usermode+0x199/0x200 [ 62.342826][ T767] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 62.348552][ T767] RIP: 0033:0x7f5c7e992ec7 [ 62.352803][ T767] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 62.372245][ T767] RSP: 002b:00007fff1c7f8408 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 62.380490][ T767] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f5c7e992ec7 [ 62.388302][ T767] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff1c7f84c0 [ 62.396115][ T767] RBP: 00007fff1c7f84c0 R08: 0000000000000000 R09: 0000000000000000 [ 62.403923][ T767] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff1c7f9590 [ 62.411737][ T767] R13: 00007f5c7e9ff515 R14: 000000000000f0d5 R15: 0000000000000006 [ 62.419570][ T767] ================================================================== [ 62.427443][ T767] Disabling lock debugging due to kernel taint [ 62.438356][ T767] BUG: kernel NULL pointer dereference, address: 0000000000000160 [ 62.445966][ T767] #PF: supervisor write access in kernel mode [ 62.451862][ T767] #PF: error_code(0x0002) - not-present page [ 62.457678][ T767] PGD 1da13d067 P4D 1da13d067 PUD 0 [ 62.462800][ T767] Oops: 0002 [#1] PREEMPT SMP KASAN [ 62.467834][ T767] CPU: 0 PID: 767 Comm: syz-executor Tainted: G B W 5.4.276-syzkaller-00021-g58de09405d1e #0 [ 62.478943][ T767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 62.488844][ T767] RIP: 0010:ihold+0x20/0x50 [ 62.493179][ T767] Code: 0f 1f 84 00 00 00 00 00 66 90 55 53 48 89 fb e8 36 da c2 ff 48 8d bb 60 01 00 00 be 04 00 00 00 e8 b5 92 f2 ff bd 01 00 00 00 0f c1 ab 60 01 00 00 ff c5 bf 02 00 00 00 89 ee e8 fa dc c2 ff [ 62.512620][ T767] RSP: 0018:ffff8881de11fca0 EFLAGS: 00010246 [ 62.518521][ T767] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881e05baf40 [ 62.526333][ T767] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000ffffffff [ 62.534143][ T767] RBP: 0000000000000001 R08: ffffffff813ae585 R09: 0000000000000003 [ 62.541963][ T767] R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000000 [ 62.549766][ T767] R13: dffffc0000000000 R14: ffff8881d9431530 R15: 0000000000000000 [ 62.557579][ T767] FS: 0000555557195500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 62.566343][ T767] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 62.572766][ T767] CR2: 0000000000000160 CR3: 00000001de9fd000 CR4: 00000000003406b0 [ 62.580582][ T767] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 62.588392][ T767] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 62.596206][ T767] Call Trace: [ 62.599337][ T767] ? __die+0xb4/0x100 [ 62.603149][ T767] ? no_context+0xbda/0xe50 [ 62.607575][ T767] ? schedule_preempt_disabled+0x20/0x20 [ 62.613041][ T767] ? is_prefetch+0x4b0/0x4b0 [ 62.617469][ T767] ? ihold+0x1b/0x50 [ 62.621199][ T767] ? __do_page_fault+0xa7d/0xbb0 [ 62.625973][ T767] ? __bad_area_nosemaphore+0xc0/0x460 [ 62.631268][ T767] ? page_fault+0x2f/0x40 [ 62.635435][ T767] ? check_panic_on_warn+0x55/0xa0 [ 62.640382][ T767] ? ihold+0x20/0x50 [ 62.644112][ T767] vfs_rmdir+0x1e0/0x3c0 [ 62.648289][ T767] incfs_kill_sb+0x105/0x200 [ 62.652711][ T767] deactivate_locked_super+0xa8/0x110 [ 62.657915][ T767] deactivate_super+0x1e2/0x2a0 [ 62.662601][ T767] ? vfs_submount+0xb0/0xb0 [ 62.666942][ T767] ? deactivate_locked_super+0x110/0x110 [ 62.672412][ T767] ? fast_dput+0x7a/0x280 [ 62.676576][ T767] cleanup_mnt+0x44e/0x500 [ 62.680828][ T767] task_work_run+0x140/0x170 [ 62.685255][ T767] exit_to_usermode_loop+0x190/0x1a0 [ 62.690377][ T767] prepare_exit_to_usermode+0x199/0x200 [ 62.695756][ T767] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 62.701485][ T767] RIP: 0033:0x7f5c7e992ec7 [ 62.705737][ T767] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 62.725178][ T767] RSP: 002b:00007fff1c7f8408 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 62.733423][ T767] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f5c7e992ec7 [ 62.741235][ T767] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff1c7f84c0 [ 62.749044][ T767] RBP: 00007fff1c7f84c0 R08: 0000000000000000 R09: 0000000000000000 [ 62.756855][ T767] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff1c7f9590 [ 62.764667][ T767] R13: 00007f5c7e9ff515 R14: 000000000000f0d5 R15: 0000000000000006 [ 62.772480][ T767] Modules linked in: [ 62.776332][ T767] CR2: 0000000000000160 [ 62.780333][ T767] ---[ end trace b1e843c46cb71307 ]--- [ 62.785622][ T767] RIP: 0010:ihold+0x20/0x50 [ 62.789947][ T767] Code: 0f 1f 84 00 00 00 00 00 66 90 55 53 48 89 fb e8 36 da c2 ff 48 8d bb 60 01 00 00 be 04 00 00 00 e8 b5 92 f2 ff bd 01 00 00 00 0f c1 ab 60 01 00 00 ff c5 bf 02 00 00 00 89 ee e8 fa dc c2 ff [ 62.809388][ T767] RSP: 0018:ffff8881de11fca0 EFLAGS: 00010246 [ 62.815288][ T767] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881e05baf40 [ 62.823104][ T767] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00000000ffffffff [ 62.831027][ T767] RBP: 0000000000000001 R08: ffffffff813ae585 R09: 0000000000000003 [ 62.838835][ T767] R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000000 [ 62.846656][ T767] R13: dffffc0000000000 R14: ffff8881d9431530 R15: 0000000000000000 [ 62.854467][ T767] FS: 0000555557195500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 62.863228][ T767] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 62.869649][ T767] CR2: 0000000000000160 CR3: 00000001de9fd000 CR4: 00000000003406b0 [ 62.877462][ T767] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 62.885271][ T767] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 62.893083][ T767] Kernel panic - not syncing: Fatal exception [ 62.899296][ T767] Kernel Offset: disabled [ 62.903413][ T767] Rebooting in 86400 seconds..