last executing test programs: 8.588388099s ago: executing program 0 (id=1085): socket$netlink(0x10, 0x3, 0x0) r0 = epoll_create1(0x0) syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01) copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) syz_btf_id_by_name$bpf_lsm(&(0x7f0000000280)='bpf_lsm_xfrm_state_alloc\x00') bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000000)) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x37, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0xa0) bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000001c0)='sched_switch\x00', r3}, 0x10) read$watch_queue(0xffffffffffffffff, &(0x7f0000001d40)=""/4095, 0xfff) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4}) 6.155227253s ago: executing program 0 (id=1092): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r1, &(0x7f00000000c0)=""/55, 0x37) getdents(r1, &(0x7f0000000300)=""/194, 0xc2) (fail_nth: 8) 6.085764194s ago: executing program 0 (id=1094): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x18) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) 6.008336565s ago: executing program 0 (id=1096): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000dc0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x419, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x10, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x3}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x0, 0xf7}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000800000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) close(r3) syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00'], 0x0, 0x0, 0x0}, 0x0) 4.129318922s ago: executing program 1 (id=1104): mincore(&(0x7f0000f0c000/0x3000)=nil, 0x3000, 0x0) timerfd_gettime(0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) rt_tgsigqueueinfo(r0, r0, 0x1e, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f00000002c0)={0x1f, 0xffff, 0x4}, 0x6) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc) openat$null(0xffffffffffffff9c, 0x0, 0x6401, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r4) sendmsg$TIPC_CMD_GET_NODES(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)={0x1c, r5, 0x1, 0xa6, 0x0, {{}, {0x0, 0x6}}}, 0x1c}}, 0x0) 3.669613468s ago: executing program 0 (id=1108): r0 = socket$packet(0x11, 0x3, 0x300) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f0000000880)={[{@errors_remount}, {@bsdgroups}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5e}}, {@debug}, {@bsdgroups}, {@oldalloc}, {@nojournal_checksum}]}, 0x2, 0x44a, &(0x7f0000000400)="$eJzs281vFOUfAPDvzLbl9+OtFfEFRK0SY+NLSwsqBy8aTTxgNNEDHuu2EMJCDa2JECLVGLyYGBI9G48m/gXevBj1ZOJV74aEKBfQU83MzsDuslsobHcr+/kkA8+z82yf57vPPDPPzLMbwMAaz/5JIrZGxG8RMVrPNhcYr/939fLZ6t+Xz1aTWFl5688kL3fl8tlqWbR835YiM5FGpJ8kRSXNFk+fOT5bq82fKvJTSyfem1o8febZYydmj84fnT85c/Dggf3TLzw/81xX4sziurL7w4U9u15758Lr1cMX3v3p26y9W4v9jXF0y3gW+F8rudZ9T3S7sj7b1pBOhvrYENakEhFZdw3n4380KnG980bj1Y/72jhgXWXXpk2ddy+vAHexJPrdAqA/ygt9dv9bbj2aemwIl16q3wBlcV8ttvqeoUiLMsMt97fdNB4Rh5f/+SrbYp2eQwAANPqs+uWheKbd/C+N+xvKbS/WUMYi4p6I2BER90bEzoi4LyIv+0BEPLjG+luXhm6c/6QXbyuwW5TN/14s1raa53/l7C/GKkVuWx7/cHLkWG1+X/GZTMTwpiw/vUod37/y6+ed9jXO/7Itq7+cCxbtuDjU8oBubnZpNp+UdsGljyJ2D7WLP7m2EpBExK6I2L22P729TBx76ps9nQrdPP5VdGGdaeXriCfr/b8cLfGXktXXJ6f+F7X5fVPlUXGjn385/2an+u8o/i7I+n9z8/HfWmQsaVyvXVx7Hed//7TjPc3tHv8jydv5+WikeO2D2aWlU9MRI8mhPN/0+sz195b5snwW/8Te9uN/R/GeLP6HIiI7iB+OiEci4tGi7Y9FxOMRsXeV+H98ufO+jdD/c23Pf9eO/5b+X3uicvyH7zrVf2v9fyBPTRSv5Oe/m7jVBt7JZwcAAAD/FWn+HfgknbyWTtPJyfp3+HfG5rS2sLj09JGF90/O1b8rPxbDafmka7Theeh0slz8xXp+pnhWXO7fXzw3/qLy/zw/WV2ozfU5dhh0WzqM/8wflX63Dlh37dbRZkb60BCg51rHf9qcPfdGLxsD9JTfa8Pgusn4T3vVDqD3XP9hcLUb/+da8tYC4O7k+g+Dy/iHwWX8w+Ay/mEg3cnv+iUGORHphmiGxDol+n1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6I5/AwAA///K8u7c") r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$EXT4_IOC_GETFSUUID(r2, 0x8008662c, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) getpgid(0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000700), &(0x7f00000000c0), 0xff, r1}, 0x38) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r3}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) fcntl$lock(r4, 0x26, &(0x7f0000000000)) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001500)=ANY=[@ANYBLOB="180000000040000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000198500000071000000850000005000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r6, &(0x7f0000000280)="54fb0831bea4d4185b5f5ee3f5e10d1cbde7454763182ce809582ca8cc32539233589c035b1a2a498f28153d541f1ae26063d1182e7174024783eb7709f4a3d0c29ad56d0f76ce69557800"/90, &(0x7f00000005c0)=""/154}, 0x20) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x800400, &(0x7f00000014c0), 0x1, 0x793, &(0x7f0000001700)="$eJzs3c1rXFUbAPDnTpKmb9r3TV4QbF0FBA2UTkyNrYKLigsRLBR0bTtMpqFmkimZSWlCoBYR3AhaXAi66dqPunPrx1b/Bd2ISEvVtFhxISN3PjqTZiadtvloze8Htz3n3jM595l77zln5h7mBrBjjab/ZCL2R8R7ScRwY30SEQO1VH/E0Xq5myvL+XRJolp99bekVubGynI+2l6T2tPI7IuIb96OOJBZW295cWkmVywW5hv58crsmfHy4tLB07O56cJ0Ye7wxOTkoSPPHBncuFj/+H5p79X3X3ry86N/vfXo5Xe/TeJo7G1sa49jo4zGaOM9GUjfwlVe3OjKtlmy3TvAPUkvzb76VR77Yzj6aqne9F4SAHiQnI+IKgCwwyT6fwDYYZrfA9xYWc6nS/X89n4fsdWuvRARu+vxN+9v1rf0N+7Z7a7dBx26kay635FExMgG1D8aER9/+fqn6RKbdB8SoJM3L0TEyZHRZvvfan+SNXMW6nqfkPFUD2VGb8tr/2DrfJWOf55tjf9a11/m1vgnOox/Bjtcu/diNGJXe37t9Z+5sgHVdJWO/54faM1tu9kWf8NIXyP339qYbyA5dbpYSNu2/0XEWAwMpvmJdeoYu/739VUr+lrJ9vHf7xff+CStP/2/VSJzpf+2JncqV8ndb9xN1y5EPNbfKf7k1vFPuox/j/dYx8vPvfNRt21p/Gm8zWV1/Js/q6x6KeKJ6Bx/U7Le/MTD47XTYbx5UnTwxU8fDnWrv/34p0taf/OzwFZIj//Q+vGPJO3zNct3X8d3l4a/7rbtzvF3Pv93Ja/V0s3G41yuUpmfiNiVvLJ2/aHWa5v5Zvk0/rHHO1//653/6WfCkz3G33/118/uPf7NlcY/dVfH/+4Tl2/O9HWrv7fjP1lLjTXW9NL+9bqD9/PeAQAAAAAAAAAAAAAAAAAAAAAAAECvMhGxN5JM9lY6k8lm68/wfiSGMsVSuXLgVGlhbipqz8oeiYFM86cuh9t+D3Wi8Xv4zfyh2/JPR8T/I+KDwf/U8tl8qTi13cEDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMOeLs//T/0yuN17BwBsmt13LHG9sCU7AgBsmTv3/wDAv43+HwB2Hv0/AOw8+n8A2Hn0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGyy48eOpUv1z5XlfJqfOru4MFM6e3CqUJ7Jzi7ks/nS/JnsdKk0XSxk86XZtpf+0OnvFUulM5Mxt3BuvFIoV8bLi0snZksLc5UTp2dz04UThYEtiwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeldeXJrJFYuFeYmHJVEdrh+6B2V/Nj/x88Ef961X5qLTeOMT290yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwc/gkAAP//skMoxA==") mount$incfs(&(0x7f0000000300)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f0000000280), 0x0, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) r8 = openat$incfs(r7, &(0x7f0000000180)='.pending_reads\x00', 0x10b441, 0x0) ioctl$INCFS_IOC_CREATE_FILE(r8, 0xc058671e, &(0x7f00000009c0)={{}, {0xffffffffffffffff}, 0x4f, 0x0, 0x0, 0x0, &(0x7f0000000480)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0, 0x0, 0x0}) openat(r7, &(0x7f0000000380)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x80001, 0xb6) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, @void, @value}, 0x94) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r9}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x4, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) syz_usb_connect(0x0, 0x24, &(0x7f0000000e80)=ANY=[@ANYBLOB="120100006fb68440e11d02c1087d01020301090212000100000000090408000043"], 0x0) sendto$packet(r0, &(0x7f00000000c0)="3f033608260812002c001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c152bfdf9435e3ffe46", 0xe90c, 0xa0c4, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) 3.53796258s ago: executing program 2 (id=1110): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) socket$igmp6(0xa, 0x3, 0x2) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x1f, 0xf, &(0x7f00000000c0)=@ringbuf={{0x18, 0x6}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x2a}, {0x7, 0x0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0xb5}}}, &(0x7f0000000940)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) connect$tipc(0xffffffffffffffff, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0) 2.872938849s ago: executing program 1 (id=1114): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) r4 = socket(0x8000000010, 0x2, 0x0) write(r4, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9463cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc) 2.80007943s ago: executing program 4 (id=1115): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r0, &(0x7f00000003c0)={&(0x7f0000000180), 0x10, &(0x7f0000000380)=[{&(0x7f0000000480)="c3e972bd85a6d84136d6dd55048d3593a74f338ce6772ab9a6f64041c2f6fbbecdc08ebcd3192b6a53662dae7c8e9c665e80a5d0925f728dcac30c29793992e588952653d414cb8ccdabc38767fee819ec5af0c5ee936880fe8549b4ed347779cab4ffd4e0b62c53a1c01db28f2b3f91c34211c9353bc1dece61511917c2245fd66cb8dffeacb4d46d627c97b498bf1ff6b313bfbc9765457c831771d5eec7997ec242e4505f01c1bb3e069b2e630f42a2be86598a61", 0x64}, {&(0x7f0000000300)='V', 0x1}, {&(0x7f0000001600)="3eed50d0125719a810f88e3f47186fe4dae74182dfd109a2587c4797410c9b8e39bd3d9aa144d5908647c30c8db69b5c17084c9b1bfbb8680737c4f88abcdbc7d294d72ab1b344270915df9ddf5635644c351c22b29d948ac4106bce7107570beed63077cfbc98ef71699eae65d37724d995b553e7a3ade619b522313ab382caf879feb48942878e605ee3ee2872794e3abe22a3f025068b628a5d92468092a5cc649bbbd978b5772e537939432a502122235ced312dafd108c9ffeb0b38cc16da9418ca01d485a6afb5827da4df6e1121ec307de14bb32b6a977608e4576a998182dd93d592ff43e55bfdbbce23ecd501e43b3e93ef8d9d01711dff54c301e299d3801a3cffe6c9883fbd0e47124dc02569f62d48b878fcb58ce99fcffcd2a5166eff3ad93cf1d137274993d86a3b3730d63ded759f6ca88fa449e5575b15321e5a58a1f888eed7466db4976ce35f6d2efb5ad05d99a66482dc607cb5acb24d326803bd337519cc98103f59c63b5962cd72e4497d1b00817d6e09de70270a09b493c2226617b1c9ef9d506be00d6e07f14633a966f04ecca90fb8d2b963ad6f3817935bd6534fa3da1c5dc468789cbf1192f3c0bff3777f1edd2ada5d35f88f12f29e952c44445ce623509d66811c80a9e0f13ad85aba37d86ff0da4dda601d9e8acb264233bc939fb056316612cff687d5c44157be05bcc88b333ff2a40041d98f1acfe6e2231a84e09bd7a54a0442cf87ce3ee8fd8da39da1862862ae40fc3cb3055c8b70e62f243850707341f51426bb3e71c7a4fffefab060db786000618b05eb087a424a2f30f6a232ff44b605f70ceec0a8f70e37907f6e0bbba21e9d5b7ecb6d287742b75c101ba79525918c3473eae38f3c177249dfa8816661c9921f0b0c858d53ab87c8407b97950c842111002edd1d1e80b801b495da28bcd5409bc971e55dab1857e188ac9728efc8f9a4543945f86ade13b445eacecbbf848a96410ac37c57e3e9e8bc8b8fadd559d225c7468639da2b5d1208558b51e94c14faa7947a7c60e81a96bb5d194cc7289adbc02ebb4b49be1f1efc429db2f9b79b5a22919dba0c35341042c5776942c52365367c4bfc95b42be383cca7107161ded7e851d0126da33d581f1e2b08d0c061e86d31e7a83f9b51c79b4034c7deda7697034e1404c6e8e459f76c2efe64350146c7437ef808e04ca14df5f6f500264fd977272bbf8fc096774e8eb61d0963430751ac1425a073f84346b0eba368cba7fa34adc420800d4f99927280eba199f9695cf88124fafc3a2b1226d2f2ab3ea27c69a127650cf5c725b54c02bd8729033cf699ce7f030f9a3442056244da3cfb61a8126dba11377624f39eb009242152fd7b8b88de7dd86057f29bfcb7b7df0e65e7e9ac9eeaa41afa62743698bff03d5b2d51fb6bca2d92294e8e177cfa3661b26f1c040e9bed983b7bc0aa154eb9c92e4ee25091318c53113a1c23ac62d2d71504cba99041f29a4f332133292cf20abec9222a2acca57cac48fa6c0668ee5eecb494741a64d33b011dcca74696d4614c5b45a5d20983b1708d365ed3ffa60f9161972a611c22642c3c259b41f943f6d7a8b60f284d325e38fe76f0645e069ff70cae38850ccf973193b6232c987df26239a574691f7f07fffa6deae1eb0324fe546573c36f2a2c31cd442517a9b036ae6a2a491e7343864693c107a5dc2585820863c146c1ba6caa4fea9b87d567716f4c8ca1a9d2848055cd750512d3b7415d090019dc8a04a1a1d28931093cd8f00e94c407ca1fa2a5ce903d9df26e008c07cd13afa783220e1bd5e6b60645f3dbb6ecb4156fedafa2dd25498c6a99d94f0b38125ea7741b75109dcac9f80635f79f5c8a0483bb9f05a3a5bf721c7541edb252449f8b13e63c370a6146332f03ca1f1b6fe0bed984f13744bb7fa0fe322e83ddf9ffb2083e94f33604a0a199220c450dad94bf154805e7f9e4350ca2d81adf2978c87dcc8a8a7d56297ec124bfef0d28f35777205e973272c87e01070f14f5b14daa3b5104d9ff6b296c4f16ed49eb42d35e7ba3bccb7a26c33a263df88aadd596e9d9de0abbd4d449df11081f2cd62e1d8962b9b9feb25a3b8e03537d61a61c11ac22b7211d12c84e60a6abcc219e558b2513d8c530b3c7a57cdc47de545aafbb2a13c0e6c75b1b92fa241c713c83a09c92b2b61d565120372a9143415583c9596f27a663d4967cd653b08cebd6cb96c1f0dc80d57267ac9a8281d7149bde880828ee27d69a6818db58320db29d1b044eaf6ab8a5108bc522de406990b5393b1f7e7bab71bf6cf8eed1cd59c7607d662e8b313f5c4fce0f59b1027371381011b63dd5b2b09739082c0d62ffad96e30153a395234937d377c32fe7af82aca3a19d0ebc4a5c5fb5ff190f14d5695c703b571fb4bf03756635cafc6cf6267eab836c347a9d07e8089fc105346934cf3364e5be370b3c42b94bc5ae3d17a817398566a2953251eb91697d67278145df9a4b917bcca1bf211780b22f4caacfcb7604c84f943d05f6fdf8edbd258d7d8dbf84f9d99e57472c5b1c2337d749a1f345e662e2536d23c7a63bbbbf00f8b5b0a2106a0342ab27b9a10b82e82668cd49e0cbb09d7be0217645f1dda3be59c8232fa290d34791cda52aa5b5cec6339ab96a2eb3f5328cc7c0e6717c2824344547a2ed518f6b2b4e4fe5b684596aa6a9d3988fc5d5ff4cb46cec99d951b8386b10949a163af974b7543df97b4882a4ed60e927a1deb67c5f814235bef65fea79a2c712815be7403c93a3707fb90d4604ec3a6a3b0928f253f6ab6bd56c958e026c8c58172c4ac2a3efe2ecd5cea70c8313f9ac2d638bc296ba99e2ca86d2fd06b5402cdcddc3f3c9845d5ae77f6f36963b91e8f6cdccd17abe8d40ed02463af4bb0e496344f350097f1cc13313fa1e172b63556ed2b8a8121c01a5fb343ff7767821626fc49b0d6bd522e1c9bf137d5a5bccb4bc8dbb64c83a82ef6c2894f3896c9f6bf0c3764011d53eeb6db9ea9dae22d3ebcca4942d5828c0bca0d9ea37701d5a06c066ac4fe318e11e9c0d6c658ac810fb5d7836cfffe4ccbb0934e5567d74695980a156d4bf1c18861c5a29ccd349999dc20562d00e1f6c1851ae563541086438d60b975c8ceb466414ff60efa0b2dee790fd0659ffa98b92414c13d5a6825368f56c4984412205041cd8e006c7127d4395ecdffb5addf80ef938ce54a367154c4fc286d5f969325c12b13655a9a956dd3b98281f537e837669fc55d8930676e807aa8cd046e0f4583d59f86cb99f3f7a7ddde1fb39111fdec7677d2fee4b8f4814a5def5ebcc67c653384ce80eaffd880405f7edf8fd3ea049f040595df4a75e2f892e7a85e0ba351fb8d263bfff7168bb85017b360fcd2ba89346682a6ea7ccc46afbdb5ab444e3f477238b2ab503bde914d3cf1789539cde9c0621152cd97bff9f235d88a1ef4ea4309db3a05d401af7fb82784b050ef529dab4f1f003eb29710a962f7538c521e617e2f0efac36182d09985e1d725cc38c3833a53742a02f76fb2854a9e45f0febacf3bda83f11183ef5b9fef02ebcdf56d4104b175bad937d8f61964f97d673577cdcbbb48d8eb62b063ee6563b9ff053719baff871bcd83822d865b2f7ef023076425ac5cd71b1f2309de0c6f14cc9c4d3e8fad945f756a7c8a084ea1bfdf5ac6e740043e7f7bdaca06774b084ae314c2636529d4fdcd965c7f8c07156572620b827d694efdc9d2bfc5aa9391220a83765f2c71fcd48d4acaed60afb53d1013fa3b15e948ec4159f7d130ef85b594018346e99034c18738285223ea53a6b1d5cf11a607de2e19608ba03ec970a915b773824261f3fc931dd6d3b934d89f07baf14776314c3eeb8cd0537ef5736f565fbd14e520d4ab2f77ed9597b76ff91f8d1f99ebd6e473efda7accb273975a06944d1037032129992b994ca791a09b4d83980a1e494b0f97098df5f6fb6bbb02722adb11dc319c565c2c363cbd19d9fb3efb4613b62d6584cd53f7bd80e3e89304f444ce9dd1835661e3bb4de02ccf568a2a5daaf0d56898d4286c3fb62e22af62d7ac318685834467f337561dde2e0c1e2827cdffcf42c17728ee64b3ff4ccc0227590badd0bd7e448b8cca0892d6a5e0130d2ac665f47c6b28daa101c1b319869bdd39fa924d6d9ba7d72feda5f21ac78641c7d4801d41c7879721b3be4dab40d9c4a78552440101f373489cc5240b0144a9ce32691a784b6dfe971a21bb5980ff67da2d1bb90b223c9e192a39c1aeadd1f5c790811079c0b51a97105c99b6f95d71bb3ea47c33d9dcb0a53c929c44499e184a3cd722c908d3b0d157e28ffdeb2ed7192e780d96a7a2f0fd5a87bdc973e049da0caf931f26f5a21813e2e602ceb2259997e0205ce48fd9424bd6d4d75dd4301f429ee30745cd839a40dbeab4c3db2f0f10bbaea071ca41d1392385681730a3678a5f60f604dbe19cb9d7dd234337e327451b8cc65394af399432ef7fc3765d055874ebdca14e5999292d6f72f31e92bacf25db5ef8f5212952c1910de06ddbe1687a0e1837922f2228289916ed3aeb7b9cc24da3ae47139e371930afa6d3573df6732c26c0c7ae06d9cedfa77160711bcb06e6553338deae4c5731cf53cc154113096d02f3036d7d9edfcdc331e4bb860c5208489212e904eab70e7f860b0379895cbdecbf7a0b7a25e5b853c7dbe08a4e296a30afec8cf5a9f6ea4aef32a508655d539a770b21e660c9ee1d7688c56abeb7cf1afccc8d59780cf26312589e0c8e1bc00ad7b1325cd9a5dd69246e0b33407c381ea09265154aec297e4ccdf9785a1042a83e77c13d4ce4360782f2428f9916b5cd123b089eb683d30c1e895b9944aa905a1a5b52301d8cc5e4741834ead6ebdb5dc05c9c49c5e883e99d40b9838037beaf876534d747856103e59caf6266fbbe760b6ef83d004634b74f14f8eb4aef93c4cc9cbbd78d83d532c70feef51ea3f170b25d81a6a9b074bfca7e9b3771bf83517e0dd9d0600f70b86b20f61fe36076f8bada334b2390fa954973bc901619a3cfd039349cb328625f495ab288dbdd6dbfd022c2a83f59e0b998619a12e35891b5ae9e83a71765507b4a571cd2241e5885c705244c1022688bef7c5065fbcf219fc01753adb611b3fbc09403dcb10a4f99d788667eff75fa27074ca8481a633530e26163ccf7dada049d23e717e067b6fa5b2f652bc50abda9e7ccdc5f2f3c35ecc2c4431c819c9691be4422e379750774e9f39dae06f26423c8a4278789c9f3111b43f6dd25b0ad47c4cc5fda3f3ed82079c9366e0adced883488f429c1d7e1b351fd0bb204dd7977ef224c4df6d7a5f7697bc6500a7d03a8a914154779fa7092bf1be6bad4092367ce5d295a5d5d0e7c469f372ca2011d612637025e89f178ae9ada0c5b73bcb7d7c034ff595263cd4216e3c76ba5f3d81932a088a90bf8043e877e299c670ef1622a098d5519d9adc4ee7d4cd00e5934a4375fa83fdb81214b892482b31bdde59a70aaf25cb7f417c3a2a91c4e54b48149f6c41d9d396ee6ff13e3028c64a7c9b1f2e7c6e67184a3d52d6f570db3d225c947423c4c6533f22df57d15c5e5a3183422bd378b06fe4732a9401dcb19840fb8fa5c50a0ff497fef362c507753e46b8881d3e767f3b1d893a3805941c94f2efa05ce34b9ea81d716984af6834230d4707a87089d40779503ee6a9bb245d7d997f14acb80e89731c042bbbbe3dcd05177b0ee0eec23455830ef5b65aca357f2b0b887e0b9821c0", 0x1000}, {&(0x7f0000000340)="b768eb20304f2fdc5a9694a4867840d93170ca1a86406f", 0xfffffec0}], 0x4, 0x0, 0x0, 0x8010}, 0x0) r2 = dup2(r1, r0) setsockopt$sock_attach_bpf(r1, 0x1, 0x21, &(0x7f0000000040), 0x4) write$P9_RVERSION(r2, 0x0, 0x0) sendmmsg(r0, &(0x7f0000004b00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x5, 0x200040d1) sendmsg$tipc(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000740)="1619a35e12e2ec8bd8b64446aec4567b55efc0229334cbd7e5df05b3597a77e18f9718bc24e1d9a5b6dc03379b405685321f453de34440f4d985f76362ba07f87f2839199d8e392a014509d8431d0f1b8c66b3788b8b932c7535e0bf73c24b79f083729e25dc996f6617ae7e47712290d310367833b96f18df84bfbc4b53098ac05e5709dbf706ce3e51239a140361eed44ac1257828d1597b236478bb4ac2", 0x9f}, {&(0x7f0000002bc0)="170c132fb6ca0ff8824444e94be2b67024edc7408a3af1f7090bb87c547f02522326957272ff5b1719be4dae4d497add7a576d7d8cbb0470259c06a976af559b9da29b16474c826cf832b13ef05cf3027047af3d63d22cffa130f8b97813ffa14bc9fffa968712fc25061c6fc35446ec3d6d478fcb1414778806044ae60f387502e20f8e6a3e26bc8c8915809f434aba500d79cf699e74cc8eed0da983f2356e783e5d9e7100313e88918c1104b643482239bb16e8fb2f8342a250bf81181adef934a0a0e2bc320288f9cc13fe11ea4cf1c227ae2149a311ec514e1149a4cf86a7cac0836748cc313a41ec4ced70a0494c3bdc5d5640faafaa1b9e146d62d601dd71a2e05671d8095156e24b4e83e09729c17a06e70152549e915ea85aed821ed8406c5f1790dccbbd300c488eaf885af38fba8471e3f96863b4e21d1fe52cd09b33f4d508c78fb1d46ea26f6cc5a8a79099ccfa6bcc1a7d6c86448789abe0ca5675dd9f6a6eb47140fbe1fa4e0a02d14e28c86a105cab0e587ff8bf7effa95ead4f3b071c21de68be55a2b372865def1d157b609b65dd315fc739b8072bc3d2d6d5c10fd01fabbadb0cbad27325bfc66b410e1f8a1360a0b5ff3b11b11bcfe7a6341ca8a2c1b174caf166a73ad607db008d686c77c89b38b6e27443f58da8020915a30053d725a6488792a4967cc314c38a0f017840cec3959dfbf3456d99da63eac9168757850488ee39ad2ff9c9897a68fc360ccba6b8c9c5192ec53e0653364e9d14764d1900d3e60281382dfeb8970bf9dc78f7149b88088316d24f0ddf64ce87c052af351d0378b8440bf430edf6145cc62f83ebf32990b965df72f2bfb4a4c883c57bc49cc1b0708f693f1b05b71db567da5c66be7df8783679515d26f7e39b3a696c74c4cca62e4508f8dd23b61bcdc8c220910305c4ff1963c821fa92b92bc3ad1dd1d56411052a14fa2e331a861225e1fc1e4debd3c633e673c70a906b3ba5a79c1086a6d26fff65f7070c54eec4e8bdb6383a7ace3c4db6734b09bd0f1bd2ab9e8428c2cc6314874048f91082e50d9ec8a4b39455311597cceb3c5321298101aa7e565522ae00aa89b5bb141e00b211b7dac8a6d9adbac54ad8c2be1b08dff33fce2fb295d8183faf8bf8165dfdbf5d195e055222f84c2508b4a583578f602444294edd7455718773995a1a412bdd004d5fdf38a18c25a7e1f60d5f99f4b337088d3c4a0cdb07e8c00a1b802fabb08417d0632d2058ca7cec5ef445247dcdf7b62723ef894107e501ac50b5b2670c1e63d4d879afc34e2b35c97957aaf1d59051d16572a8346cde0b70b2945eb3978fc89b3d5ca8998fd5f5c584a8f7267d93966e5f49cdcd153ee845153258d54c0152aa68059e92edff0e55b55c90f6e00a9b1ff68f1d82aed31462691f3970b73889cfe4effb846a3f4a121fced291b52c4a8380c04e28a53b5693567d6140b494614a34559133601b79715cf031c7a273c32ba5b90c80e790cd25d850278780a78f78851126d9cea6e7b2940eba5e519682c0a78de4c68fc9e91d7730935807a1f308beebd9689ade204dfc44e457b3358651e7cd714ebc1f706b70765cd0017fdec05701633ba146ef13406a1e4322fd9d18a34a30a191f87ba5f5003f00f5c40b52b02c72a01357f3e1101f3c72b9bc5380d75031f3cf425b23c08eb37021597b45fbf62c0d14ded0cb24575ce1781353645ceecc3703cef1fb7ca25e5e00d9fa55eb58c10347669b0f3cf9ce933fb87517770e34e49ae6dc320bd12959b8009b9f24bb8f37e577f50ff5224afd1dd4095e33f6f52599646d7d2ca5e1f773b24b976e5486820e18036023c2b907e850a5e7f007c59099572386c64ab41a8458abfda673f65a375bdc", 0x53e}], 0x2, 0x0, 0x0, 0x1}, 0x4004000) (fail_nth: 8) 2.715381372s ago: executing program 4 (id=1116): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0xb}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xd, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000140)='ext4_request_inode\x00', r3, 0x0, 0x2c0}, 0x17) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$PPPIOCSMRU(0xffffffffffffffff, 0x40047452, 0x0) fsopen(&(0x7f0000000100)='configfs\x00', 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5c00000010000305000000000000ffff00000000", @ANYRES32=0x0, @ANYRES32=r4], 0x5c}}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002c40)={0x2020}, 0x2020) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x101240, 0x0) ioctl$TUNSETTXFILTER(r6, 0x400454ca, &(0x7f0000000100)=ANY=[@ANYBLOB="2e42000c371303ed6a33f2ff8689b3f60e"]) ioctl$TUNSETTXFILTER(r6, 0x400454d1, &(0x7f0000000080)={0x0, 0x4, [@remote, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xb}, @remote, @remote]}) 2.628774083s ago: executing program 2 (id=1117): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c25000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x18) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) 2.605284984s ago: executing program 2 (id=1118): pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') chdir(&(0x7f0000000040)='./file0\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 2.541278324s ago: executing program 2 (id=1119): socket$netlink(0x10, 0x3, 0x0) r0 = epoll_create1(0x0) syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01) copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) syz_btf_id_by_name$bpf_lsm(&(0x7f0000000280)='bpf_lsm_xfrm_state_alloc\x00') bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) fcntl$dupfd(r0, 0x2, 0xffffffffffffffff) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000000)) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x37, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0xa0) bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000001c0)='sched_switch\x00', r3}, 0x10) read$watch_queue(0xffffffffffffffff, &(0x7f0000001d40)=""/4095, 0xfff) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4}) 2.11443378s ago: executing program 1 (id=1120): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x4000, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @void, @value}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008bd6000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000080)='task_rename\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000080)='task_rename\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x10, 0x4, 0x8, 0x7, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000940)={{r4}, &(0x7f00000008c0), &(0x7f0000000900)=r3}, 0x20) (fail_nth: 5) 1.887729143s ago: executing program 3 (id=1121): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYRESOCT, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000002d01000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r1}, 0x10) r2 = socket(0x10, 0x3, 0x0) write(r2, &(0x7f0000000000)="fc0000001a000700ab092500090007000aab0700a90100001d60369321000100ff0500000005d0000000000000039815fa2c1ec28656aaa79bb94b46fe000000bc0003000500000014000027000089fee1434f1e596534d07302ade0bbc91a3e3280772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a46d284a710af333ae4f5566f91cf190201800015b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb00d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48a99c03f080548deac270e33429fd3000175e63fb8d38a8700"/252, 0xfc) r3 = getpid() fcntl$getflags(0xffffffffffffffff, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000000, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r7}, 0x18) io_pgetevents(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000001c0)='kvm_dirty_ring_push\x00', r8}, 0x18) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LIST_IFACE(r9, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x800) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) 1.841266074s ago: executing program 1 (id=1122): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000020000000c"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000066000000"], 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') chdir(&(0x7f00000000c0)='./bus\x00') mkdir(&(0x7f0000000240)='./bus\x00', 0x0) 1.840817254s ago: executing program 3 (id=1123): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) accept$packet(r1, 0x0, &(0x7f0000000080)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 1.827868054s ago: executing program 1 (id=1124): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) socket$igmp6(0xa, 0x3, 0x2) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYBLOB='6\x00\x00\x00\x00\x00', @ANYRES32], 0x20) socket$inet6_udp(0xa, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x1f, 0xf, &(0x7f00000000c0)=@ringbuf={{0x18, 0x6}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x2a}, {0x7, 0x0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0xb5}}}, &(0x7f0000000940)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r5 = socket(0x1e, 0x1, 0x0) connect$tipc(r5, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) r6 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r6, &(0x7f0000000080)=[{&(0x7f0000000180)="580000001400192340834b80040d8c561e067f0202ff000000020000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000c0c100000000000000003a0", 0x58}], 0x1) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0) 1.818259614s ago: executing program 3 (id=1125): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002080)={0x2020, 0x0, 0x0, 0x0}, 0x2020) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000280)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}], [{@mask={'mask', 0x3d, '^MAY_WRITE'}}, {@func={'func', 0x3d, 'FIRMWARE_CHECK'}}, {@euid_eq={'euid', 0x3d, r0}}, {@smackfstransmute={'smackfstransmute', 0x3d, '['}}, {@euid_lt={'euid<', r0}}, {@measure}]}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x11a) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r4}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r3}, 0x10) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r5, &(0x7f0000000180), 0x40010) mknodat(r1, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x0) chdir(&(0x7f00000003c0)='./bus\x00') renameat2(r6, &(0x7f00000001c0)='./file0\x00', r6, &(0x7f0000000200)='./bus/file0\x00', 0x0) link(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./bus\x00') r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r7, &(0x7f0000000f80)=""/4096, 0x1000) 1.784484385s ago: executing program 4 (id=1126): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x7fdf, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfe}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x1) ioctl$UI_SET_KEYBIT(r3, 0x40045565, 0xee) r4 = dup2(r2, r1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r4}, 0x10) setfsgid(0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000004000000020000100000000e020600000000000000000000000000020100020000402e00"], 0x0, 0x38, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="480000001c00110c0000006a00000f0007000000", @ANYRESOCT=r5, @ANYBLOB="80020e8000"/20], 0x48}}, 0x0) 1.693226976s ago: executing program 3 (id=1127): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r0, &(0x7f0000000080), &(0x7f0000000280)=@tcp6, 0x1}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000100)={0xfffffffffffffd70, 0xfffffffffffffffe}, 0x18) epoll_pwait(r3, &(0x7f0000000000)=[{}, {}], 0x2, 0x7, &(0x7f0000000200)={[0x2]}, 0x8) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x3) syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a9646", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) 1.692911807s ago: executing program 3 (id=1128): r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r6, 0x1, 0x9, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x641, 0x0) flock(0xffffffffffffffff, 0x5) unshare(0x10000) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, 0x0) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) (fail_nth: 8) 1.686714876s ago: executing program 2 (id=1129): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c25000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x18) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) 1.686407776s ago: executing program 4 (id=1130): socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x402) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) socket$inet(0x2, 0x2, 0x0) ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010005000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) r6 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r6, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) close(r6) timerfd_create(0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3400000015"], 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x4000080) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=@framed={{0x72, 0xa, 0x0, 0xfe00, 0x0, 0x71, 0x10, 0x1f}}, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) 243.952917ms ago: executing program 1 (id=1131): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYBLOB='6\x00\x00\x00\x00\x00', @ANYRES32], 0x20) socket$inet6_udp(0xa, 0x2, 0x0) socket(0x1e, 0x1, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0) 189.205998ms ago: executing program 3 (id=1132): syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000197c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000940)={r3, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prctl$PR_SET_SECUREBITS(0x1c, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 188.446667ms ago: executing program 0 (id=1133): r0 = socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setgroups(0xfffffffffffffc2a, 0x0) connect$unix(r2, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000009c0)=[{{&(0x7f0000000380)=@l2tp={0x2, 0x0, @broadcast}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000640)=""/153, 0x99}], 0x1, &(0x7f0000000740)=""/113, 0x71}, 0x26000000}, {{&(0x7f00000007c0)=@generic, 0x80, &(0x7f00000008c0)=[{&(0x7f00000026c0)=""/4096, 0x1000}, {&(0x7f0000000840)=""/10, 0xa}, {&(0x7f0000000880)=""/22, 0x16}], 0x3, &(0x7f0000000900)=""/155, 0x9b}, 0xfffffff4}], 0x2, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYRES64=r0, @ANYRES16=r1, @ANYRESDEC=r0], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000a40)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @void, @value}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xb, 0xc, &(0x7f00000036c0)=ANY=[@ANYRESDEC=r1, @ANYBLOB="e3fc7c80aa62bc913a0c06ef67ebd4fe2fbca9e9b8635db6b491369d14e5bba7d16309e8db5cc9c0ae9460b01aa77f41447b6105471e45ddd26a01229cc37e15af72dde6729a52b7be592f3ff97b9230cf5c949e70b5185d299b5411ca89a56ebd33a0cb366222071d58d441593486d60566e9c234e54c9424b6e3f1a116947c8efc85a2e7ab8782d9ed5933cef5a033af4f452b18ffc9aa2eb794e34475c801066f0e60bf030fbedef06c760bd8e4a634751e1f74070e63ee81a5ad5a8c215037a9df46a5bd402bc73bb7c08e88f9e7c283639bdc200b7640501665260ed4948969a03bab6962e1831bf8111fd0c4f779735eb627da8fa5d29a2a28ebaff697eace79808113bdf5cb1a80f456c4afe7c2a051c1c065df61e3b3e46a44d38c2fd47d25aa4bf8057a169d77d0b6da443f4976b1edb8e17fd9a90224fa62830e5ccfe6b68226f9da40b28b855f31a4ab02db9939ed0e1398823703130c0f663e8581c06069ece5901c711411592a2441afbc6c068bd0c1017a664b9e1f38c34f8aeee8174508cd8c018795f1cde6e877918c68493400c04f5764ab69f93f3b76ab9dcd654d4f5f9ac39d5f5940a253b79b5dc96820460f64a3c0616fdf26b6b82af1f92bd61514f1757565fce383138da51c10aaf960d0f444f08e93804882ea5fdefbf367c2aba7595341e4be522dcc445e2e7743ba8863f3d6cca47320c6af34b5b57a6ee2c9e873520c7172f44c72e8098f32114da48de6be1dc207fcd3fe73de06ed6b42085e92080d9a95a5cc3d6001034dad41a1bd637910eedc9f7c923002d34205f4333c66387a8d179049750137ca06d7c6d8148b07cf4a3418c6968eff5719e450caa4d38e3df27af7e3656d422baa18cd4a9c44aea8b2253ee6cc1213c555e1e89a81af0ec7fbb9c7b804930550ee5f644dab5f6c88b88e9165fe26036a4ebcce53770eb193eb6374d26b4608316bd50267bcc35ef27024c948c175cefe949f82681781fc94a2c913ac8cbe90dbbb60bb62a8152c58579efa178f1ca2a1b291a5e852cd314ac26175e9b599ae24260b668c56d611e82529331a2ed3b36d8e3747c94741e44343af4b056ce3a9d3d4ee76f12cd7f4f7baccff169da991e8d6d7ce8ecf552276dd508ff6bac0f741a2ca8c4e7f9ee21f72c0a37961c6c9a13ef917a482417f71210dac63740ca4618a69e083d90e0162a378c686e15fcfb04a88ea83cde0a587c3a1f8c7ad582e5019da492f2c888672a8364d84133aeb67d5f610d2c4b2e12578680083261589c5b20dc268732bb132c25e3dd514d47abcd314593e8d5deaf1e7ea333c67dac03d585dcf67d5af11c5a0facab257ec07689b58bb93842ed8704b9b490bf87ee2d48a646083e27dcc9bb3db8d63377ba7a821c32e47632fab1e263d8671a91c85ebd5b352f540b6799b43019dec9452671371756b014ff3356b29c77cebb58c9c1c8ed546ac6d07a35322696504305ddcd5a9ea026866a23cf1db3edf8cbcb9b93ce236a7c3d2c0e3b5f626d37a5599bbeaa8657634a8d2e0c7ddc4ee70bdc0f541e5f9817a98590e23e542d35b9729c11ed06c33c9f72b1b73d498c5386feaee01c2982c786a8bfd688ec074f63a8c5e1cbc5be2a8c1349520084d038be4143e38151797ce363dc2cf0118e493b328e8cbcaa641fecfaba53f4952a8b2d74c9e819399ec6dc9952d3525ffb0c9cb6631d921a827743b64ec043f98de2f209a18b18168a258d732d68a968a81151e0b4337b672fee233f144c8547b9491f63dcb95088511daa6d0b764acb7a28598ad87d3a7a407c903f14a64ffb7d308329d84d3e974dd28c4ade6a68ff2103e60848a30bb103d5e2d6a9c461c3615f1c3c1399835644cab7e93fa938fd6556fa95e5a6ccd881ef991040ba6176b10891403bde2f60ff1cc0ababb06f011df1c43712e83782dc2c8bc7c9c51d331483f3f41fd960d475e60a0ec23d53fd3ae62e101d3c5d99126fcce8c01dbb91eb62fb732cd00e748aa6146a45308e1abc76451aeb67c312cbb190fb5afe4ddae7b59a058897335aa2a1b0dd10d49b80fd98911a7fde9097e1dba4d6f1cf1d61ec75e21fab74ab46ad754fcc2d7953a8d1cf16a0b02eda7923b660ab9574ef2960da72aa7d0f54479db710de52407279150a86671f99eaa61c49f3791c29f4fe0f40a5f58eadf31770cdc7915b7ea5fc96a2bf53906202ba50761569d1d3142d8fe08bc425914951c9420dbfa055021a9994c6d6a695a5b63acb0da2ab221d11648ff8b2e4930201f7d5eb00aa04ea7b458a5dc7b172f57611041c04025e4ce6dfc95a9df8ebc59bfd930d05fcfbeba3935789d1b16a68110afc502dcddff131f606a1b9b3db6fb8154f9bdb142f7028c990bc8721c76655d7d5334276b31cdcf1b852546f09b76b3a753721dd99427b00a138262775ae0687321472844e2e17d48497300a9bf8136f687454bd8abb14b1502ea801773a69712998892e2dfe33e180106a84418053e6171a4cd885966d72ac1d013739b9c8678aa1cb3256d59cf4428f404f28c3896cf8e3465c7e89f00a9bf7091320b8858eb48416619f6823ef98bc60deb8789cdfddf942c27b3bcc4ee1c14ff790f8793fec81120c359cbb53b9089380072df6d3d5381928e5fd8739be0ac1202f1d527e98150fa6f9f067bbc8a42614e00a43589d5eea6e6b4d7deab5d1933104acd961d069a6da5ecf5d02bf939d6b44b0bcdbb2d58fd706dd5698e09c876080b3e1a7be6fdc85759631216ad0f86541286572a870def2d5c42acec5ff753ca68c8387c64d00e6eacc56ff0495480f984a13ec8130e6afe84b58fe02a4a47c68251a832c414472691ca687acc34b780febc51f9593ddc9bc48baaa26ab0bd257644c157702653b26608e230ca1a5a86a845c6a1857b2afcdd7d335856cff2edfc0b56511dfd51579e06665ecbb928dce77560ace70a18fb54839f306397c8fb921ac4340898ec7b1a4aca6b19c3e4f5be8862050bad3628eaeb1c5ea20182d7aad4a40c75e54332de3fcd7dfb3996f23368e204629607e4cf6871a7b1c448827aa5ab97e0720cd8288dd5e668a07247a56761b7f9009fbdc7968e1d9864a3310fafb87e96570a1e41831e68193812a7292bbc792bf19d17ff0dbbb8f22826b6ac749698eac832d3fbc93f41953e860f2328a2694dc39fcd29e5fbe88d656a277a945003caf0ec6a11a415fafcc587fdc103a6a1ef76563e291d6373433e502ee65b39a52d81a90d6894a630c8b0a0589b29ec15ca8e00e8d91612f6b32c91b46710b9e8e8adc00cde5bc67ccc5778b16e3202dd9668d6fd09e91b69484bd09c837e88f9357aecf7de929ca0370bdbe000d07b36d8d52046e2f2748b3c2d37809245000c22bed2a481ba2f4453a6f40f1041a33241dbad2cd1dee88cee8d6ca27a8c532a45c8b0fe670e61fd6dbfafd00b47a38a2b0d9ac095ec7bf1fa681a81ce396529c91ac4f9897cd21ea6d06415107ded0cff28e669f7b51fff152c3b037c50153dca26613c1e7bca46fa5477265ae2fd6c8791aee7aada759d5bc94fd0dcba45a804ba698bc2f910f5216419b63248507d5bc86059407b331fc273ce923bdc7e8c9eb8ceafa23c341183ca9363b43e85c1b21cae0550158005271b7b0921d4a550e5d9fdacae49065c4a33251556a5d9ccf653ab45c16e3bf0c7131dfb031665c7f2dd8f67c87164e89d00ccce58d577e2371215b18289350650f4305125c128ec5d2c87864ec5233ea696b4dfc558e685884cbbb021b51286144593f11b6692c03092334b32383cb34617695318da393b345dc40582063ec59436ba42ead07cab221788b50b5f5895b5df5dd90a303f71d7ff42aee5a5db742029a80ee9b58963f2435bc4a9c4331b38ac1e6e6c5e5478d4d10b31a58f237c0b43d6f1cc0679dddf946ad7757fc0dd3ecd10f5373d713fa9a37730225116a95ac4952966ebc6e6d566e6a2dd5ee44d58d51af7bef755aa7d3ccfcebd5ef42639a98140d74bd67089e5f0aacf90571644ad2a9f31c43df21484a72792aa3194c1b55ba0aaa6a8a3bde3bebdead76838b64e10deffa9b8553d481cb9852ce5a726ee2eb32a927aa463e11f7d4529b9fdb7f14dcb7b12d6f37a5d14619d61bbd66b374b1bef7f41cf334959990be832dfdd8df702231d43282906903c344ea184ff17b3edd1a0d46eb52155a3981ea775d07017ba1366075480435e6ba880eb95c2ec5ff01e0b3d612faaa3c46815ea2e1a1539b84f8de7cb3e9f6f2da2915121a8a44e99fbbf889a4085d0723f078d913bbb13e1396f91a5ea7a54ffc4f071bb45584fdf2e9d673a596d9d00adf470bd79bedaa6a653f8c60fbbd0de57fc5df97993d89648d3351fd0df79ed4a88a4ef7ab1d0dc22d5b75d0238cc9b84442db2df947e0759776c41ad7d106a21a39f52f9db6c8ee8fa24046c1e3cfe391df72bab84e14cbb7e36560d0cf8bff5b93d6872ba51e3f1af532cc112e77092c62fe11932fa6e9f2163bccc7809c3aaa4be060a914ca1c0c94c3823de8f1b0846d8f9f2fa88fa1989e43606b96d58ad98363f85cbe50bc248820c81cad2d72cce25f86900c23d7c3c52648108caac31cbbe912c76cb25490491c6aeeb5ac5797b9bfe74ae06541ee24d175d71eaa265df45973812f7667434fbbdf8058a52787ecc21c8f5fdfeb2b51bb3bc732f605f1d86269ba331590f6e0e3f3a9b1c83a6886890e722cdc35b30b6ea0a6a7f79a28a1896a5980244f59d4b0af1db101e7d6d04af3250a29ce29cb297f26c10411b45226b7ff089b645cbb616e524ad32bb374cf9178e04d279afe1f96a52c01a5c1d6a4f00c57c9f431028b493dddbb51de9e07611f3fb292ec720dd12b2bcb601e9dd748f43d12b32dd147741739f9c6ddc3980bc6531f748686d091be19c79f3707f8e4803d988a4d1de227e2372f28493405d2db37e109e3cede6eda0481801e6ccdce9b6cc3d50532fcdc19669680eeca12ac87891bba48ad4c410078565adac5a788b6bb02a71620a771eeeae1ff1076445aeecffc90748a3b0de4da822711ff39c92dfb01064b90a9bf71bdfd7e04bb34813fb934f654dcf3ee9dd60849890b783a621da1d5043fbf5897997220bf4acc03af431fd047e378c8fc14e4f250afe406a4632db0c73419d11476cd4328c0068c4cfcfb853ac060f8483255a272bf5c6b8f235ab257176f1b53b301817ba17e3e3d95cc4737930f9930ccb253dc1d85b27e2cf1dfee6252215df4e41fb2f9cbd080e4a2ba39f1ec1f451ddc03f0c2e325b28f319f16c6cd92858dfd596ea9c2a132a4f9406db28ec2e76e267acc1fcb3187f9770c0f269aff8d411dbde30c8e50ee4256c5eb30ffc45cb59140ccdf3acbb15195284f1c3f7a39f228dac85a64d731466cab3569811308b465cb82847e91094f8c1128a54247bb025d4f196175d9d541d2d4cb61d8ba4c2c810a29fdcdfbfdf21dc54f6147d2943a2da00348e2b31ac75f8ff9e5a5967741cfd01518be5d2325ba532003b2f911a14c6cdf22cc6366844e5912827fe1040a7ccf2b8b39c0cf529df2662eb40aba006cce390bcdde885b691dbdc5c805c35b5d3a32f50bd7ce61e5161be8321d5a32b489242710bacca7fb2bab07d178e252169861e9a1bad91c490f759b604e6a28499f88b0646c160fa6dc9d366d72be8723cf2003a9def8fca92a52f8fbbc9092cff518c380ea613a8c637e0cf7c61b48a12c5bca45729e0105849732a506fe567c6f0454daf12ec0c", @ANYRES16=r1, @ANYRES16, @ANYRES16=r5], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) r7 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r7, 0x6, 0x210000000013, 0x0, 0x0) connect$inet(r7, &(0x7f0000000140)={0x2, 0x4c22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x2, 0x7ffc1ffb}]}) ioctl$KDGKBTYPE(r8, 0x4b33, &(0x7f00000001c0)) ioprio_get$pid(0x1, 0x0) mlockall(0x7) io_setup(0x400, &(0x7f0000000080)) openat2(0xffffffffffffffff, 0x0, &(0x7f0000000140)={0x301000, 0x0, 0x9}, 0x18) syz_mount_image$ext4(&(0x7f00000000c0)='ext3\x00', &(0x7f0000000180)='./file0\x00', 0x20445f, &(0x7f00000004c0)={[{@grpjquota_path={'grpjquota', 0x3d, './bus'}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@stripe}, {@noblock_validity}, {@dax_never}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==") r9 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x4e0401, 0x0) write$UHID_INPUT(r9, &(0x7f0000001680)={0x8, {"404dffadc4e9408df3f8f585e095795464af64475f3636f936bdb0a113a881399110c878eab1823d7b1904a44d03cc4dcb877b9d4214e488c84518bcf3af73be81548639a7fca7bbcafd9add64d484c1e25471199e4436187221aaac3e3563b2c93fb952ba555d027473b14f39d04c841cb990cd7eda2a3aac425807493eb56edda29c7dfb62c3393aca1ae68f26e6c7ba036e40ccef9093eaf268209e0a8a66ee8c29676d01be63c0e09d5b958ab5145ab9ebeefa54e017cb85cb4a527fcd52d43e0af8646aaea3f6871aba02be6f5f73e86d8b285f6e745d6a233785e937ade66e170e90b4e7a4876fc5a570f8981e97bcbb523d4339efb3c633b01451e164201c36234e419cef6c5c7196db0916c6edaf1444c049a852de0d354c2cdab9774f3ac60d05beb2734bef9a5465b0e8fb302e0299cfa968dd14c8476123b127129206c46d7ee905e0ea1da8f69efa6bae027d67993d5fb1e9dd78a875feb640cdc99606fa9058e68a22ed8de5491659f401ad1ab557b73ad7b14a5f7e5dfc90f1a19fff9f675d2a55c7a88179a33984b0d214f2c73ce30246223c083a0e458c495b93237c9ecef39d7a43883594da98eab64f02691b7380cbf5d0873e9f76062648c317c7894febe2de534b34f5686a1c390be43d5d54b9998ba183e6c4bc6094b7ee14904ab1644d441491414713a6f2de58ee0beac4196aa43af90708112f44c174f10610093b1d7c56bff57a08447afe41d13791af66289a9ec572529f19d07da0d88a7c31c4c1e42e160ffa6546ea8675041a0fd6f3b9cee126cefc357e492199381a99156ac877186d4ce48121996331bb038ddab0ee008e26071317c8abfc012b2c837eeda4e1d2fe880a770aa57d2dde6630c6511d47d28ea18ecb4feb05ca260467d9f5b6f0b6eead8229495c781c3d42b44ce6f29bdf65742817f70504594e9ac3e49fcd44bd196d0e93066f9eccadc2c0d4e666bf24f0c66af88d622970a2bcbf7976f43ea620c10eebfa22dfd89096a2b4899824365b9572abd747bfd689e09f208df463a688120cab841a97252fe07fdb454e40ad342f4cd179957f08bf5c0ca828da4a42968e91bd2689fead63ec5af12106a347a01174475b18b9093a36a240535db0b459c730c1fe8db9eb2b00e9eba5222b08659bf831122c599d8394cff67b7a28948797c69513ff05ddec755ed2041d8eaac9819ec6e541b69a55094429ca1d4a712401112adeb55b1146eb762cd0cbb1171e2b62c4ee5ae0443ae324e33a9c0ce226f45177c60000000001000000097f3818125eaa3bdc633d8abb2cb92cd01044d6036f94c5f9836cf28bf974cd7c46ec3218244f61d006a5c63e1aa65e09534d0a39dcc3ec8e0f4425f974f951283e9e257dbd9fdd9cc2de78f8f4cc0a5141a5afffcef75ba95bb19dc5c4a267b0316be0965899f5dfaebba1cdaf7379c091c8e2c80ae5bc30e48171dbcf8c731daad280360498e46e4d1675ec3b46d3ff59ee7c967adf6494249e46978b5cd9deff339a1e839156b67cce7b76b24d39ea36bc4aacae9e24f18448a86d59e8601fb5219b8fa9f6dad573f7e4fc7f99ef81744ea04389e240e48387d1e6b9ab5264bc0fe477a12bfb5c55349bc31c3bedb5fac8261990a9af74cfe45f4aba189d097e33b023e9b9c0e8195122fc0a18982e22ec85fd937f439f0e1f401795dda82d5f364ce91b3740c2fbae98750ae719af4e44753d902ff5defde40bf7056cc4a6dbe2ee98052baef25836488cd369af42de2d4ba7a707fc56b9ff212c44dabfa531a61ad816c5fd6003a94c61a96370ac6d4ad9ef2a5e0994ac5b7d61a196d938e5828e4cc09747e6a0863e30554581b1c4ca938f22ffbbc347ddac18a1c5dff735b483ee415127236aad7ee6b718503d858745a7ca07aceddcabaffb51f79c79976bec967e2833a4f944a4b51682c2ab614cb02c4dcf7fd983d7e33eeda0a093c8145f158be5fbfaedbdbe74270c08021816d714399fb8b547813484aec25d19be60641f4aa3d5081252792e403593c69d05ca77b8fcb8c5c606c781cf0f3627d9ec6d23c379c1fa39632884415ffaf29f84385d14faed9cd341990fa1dab2cac66d70d8017e89d52338c730db3f08d08902d64010ccabc8fabc2bf75c8b732e7bf73fa952e3e35f9343ba4de670abcfea07aa8a6cdcbe80ccf53546d676dfb698a063fd3e8b2e0f39739a9808009f2d86efbc6b0fad26572ac580b229a66dc050e948512f009b7da2bfd5a0e5ab16209de5b351e69cfb82d5087243881fc981a8651e9d41c0e75aa97d785e6ecbb82e427933f67b3b5818256b1f74418a9f6d7ee283b4c5313ecceff8c41e85c0a0f98144aadaf4f0791f98345549d001eb0835b3345ba68f563583c2f7e6d1e7ac94d6080d12be6f955a50bbc0d317a15549e73894736d93d12cbcaa02461abf91aa757a30f706045e45810b4ae12f93c4b70183fbd9890f5643d06e04b64a8f90ac93ed860081b1f358ba83828249784887043a25c0f9d0b5c5191cb93610f4b9961b00f5d3299683f27ed35b502a8e9e0a0636f1c5c2ad9eb92f656b3f2def262efb0eddf32d346a2cf3456a9f04cda77a0f7588c197be9f7e8d7352531cd9e94ced9b91f0582b56547cc3eb197ba45147c7b8bdca17e4fdfe2c21691ba6f9cb36cc825548fc4a5493b627df19f447049db0d0c5f48ec321f89f649c74bac33c64371272a6b380f485aa9b1165e464b8d6ae0533ec2c1b13e4cd161a0c62213e708f7b5aff62527c32e032be49de6e6143ffc29f8b3bf2138f9ef570d656da4db7969765e143ed6c5503a0e9f0e7ba5259bfd58fbbdc01fe4b03408072ee3895dccdd998347942c49dc405f2b379a8a94e0df70dd1a457b906ab34b1c3b7dd3ee67bcbe09e8846461b93828824b84ceb90bc55a7589cb025803d8e3e9405bfaf4971fbc8740d1adfbaec9c6be7df72b6098d65bb7646de0d9d307ce6b5988d4287993ab96aaede8f0864442d45e4d33c8be9983610d28a26743b4f71422aa6d665caf46267409286af64d62f8094d32b598d0650bfe81a93748a8d6c3cd5a2b41b4bbe2017c61b28838c4e8063a1a64efd96457f3cf611fb8556bb62571a89289ee9ed3f5aa32b2ba3e7d6ae199bbf4aac26c759912c14969ca3bd33b91ac6940b39fabe6ab261f547cc99194c2a1381ba5b4ec7bf6fb187b4d49e6aaf83ab5621967f588a5073d940cb9002343ec3cf774860bbebc49b263c7f561a0acb403ab20ac16c07c9650c27261e21421f728ede5326ce27b848d8f1900db2802abcab3012c89f89873074dc82c08a171d1515f31adf007fbf9caa8c4dda226c6890650fc411e73dbfbf2795a16ba2a6ae694308a0b6f4f07aa39826236539016e7a572e0abdf3873a6028307b71403605d7449094305fa2942fb8b4aa72b423adc83e584dd271efc4b5c10e84ff162ed3944232a9be1073339f04757127df70bccdfda37a5a3199b79a62424c0e792c6efe8626cb0b565b009cf76270692bf615e613de634d8f73867418334c74822847dee88daa9d963324769d5a7fde0cc0ffab070764f75f2da3d4695d63d9d256db9ebf3beead9a64ec72b249d046eb0197904001577b1e04c932fc6a3c41f5a645bd54c951ff32435da3b2c3bdbe8403860cdee3e1f310bf0e739b32b1669c6e5d2cbbf63352481177bfc650a95b59be905fdab3b71fd2b3f86746f89944e7f411c0496cbaf8c2abf59dfe0d21701d816360ffbed481557d37c1be2ca8ac89f24d5a0a1384b215903760e065bfb90545f6b521b68b5da56dbd74e9a5501659939564d2cbbd0848b7ced253f28b6ab4afbb161bdb6d6228bf52c3a768ba9f6cc344f959e63bb16a0323de0f9e91be51a3d34463511b2e7397ee864c5b39a0eabfca413fa1e4b30c788d1ae9a2c0b9b057cbfbf9334bcab45c4f4df929a8ff42ae664ea89e4de434553e9e59bf19c531ede0033da9282e073d901816991f7e5f87c1e13d66b1b00c4b185fcfa02770fa106ddac98dc41069e5a453ea7e5dd70aaf1608c63a31a9b27f7095286fd01b15201ab34d52768cdc9985510091e1ac9097825fd62214730b974e1fa4c54fb34eb2344b73542e26008b1001c4242c43b33cf4f13e53e5a2a80ec50fb34f3a5a2cb4aef88b1cdc233c9dc0ab3c63264ad1235a0ca83c968bdc640a6701367f7382c223fb7396dda5460877f667f55d2e116318fe1ebc926253a362ebe9cbcef4a0db3e9b2863a42e38a5634b0f8a0fd1f5567b18d4f7817bd007c6a73bf7cdeec3978708998c7356a3d12e4e286da2d7e784ec0d2ea3f25c3ee8fc53c26b508870fe7b63f222f87f7decf0a0e1a6ce93f29feb662a08b47f8a08da877b86034a74756dd5bfa0b3412393c031931b14aa9942ef5567732b5b438e5b41ae695d69970a5a1e102b3190d65553daf38b49a372f1bfd9ef3cff10f1c90c379ad0d8ccae2728c2612e9d3378d4ca4b89e107445994708914c453616a5e2fc3c582e3b0463949d2d52046f562b781614164b5d6c989e06aefbe6e2435b35d86fce6bf7f08628234bf605b683fd5cb50609a7a666793836d672e8e9f503ba6750389667ab074c318bdf23de7df8a642017917757e6ee3648afac16b9bf6f0544b1ce441517eb0c9dce5f5526e88e7cb04c8c0d278158fb59d45695bc0e71a38141b4d85686a39a07e99b051a1b91aba4bc7c0abd4bb5f8d44a2dd46382a0caff3e73651f37c6e34fb745372716788f26e3b527ed0a3fb6ac76a454c0b9b1ada9d454d4c502643de988b33edfb893db556a56699f17fe5902bc5d0f66e614f4ad990d517a9152f4fc83176a074e82e222d1ba4e38536f08662912dfaa7e913499ebb0520255c66e3916d9d4bd460eb21941225aee605d41100c07caf975d24caad0127fcbf7e33d2ebc664b4bbeba055d18dd924f178bc15957d3d367008df57015af4ec9199cdef6c195558e2b603db6a466026ba295e6f5a59a187051eca30b95e6c1648cd052567f1a42a8d718153872f7b4d965eb328af2f67de7cbff8fe9a5536fefb1fbdcc585670b779ee2e9b99ea2b8c37cfd59be7d7d956f8a70aa9989512038ee5c0c09e6ecd98a4e455a76b3deb84739c1072fdd1fca1db0a3ea8591474f39eafaf791e800d617762bbc49ee726b8c7a0f7dc8b4e79ec0bbdeda9d93624b25b5dc8c52d6b5d55468a0431a7db81f053897f41028095ea9d505c3adc045c806dc54033d3fc2c8b5005aeb44441bd5ad4134184ba24f60839f8cf1f8ba7b513b3e98a14fc9ac40351ab6f1bcb6bc2c6abb763c15caf2a02ef0a941773f4d2388f4064c3ccad97e511cf4a85d8925f3ba15f6bfed5a2402ed7de1135200773c23b298f79d7706db7c2628b52cecffd680d3b00506b306172868562177bba7b61535cd2a0756425618623267226d13bb9d7e514c176bfa6b95dd18935e7db65fab0163dde4239e9427e6e25798cfd201cc4ea81b7b0e2a9da8cf645c458250ad189c5fa996ac8e6b562ad7254380eb1ca6cf9308693569418aefcdb15fe3f55b0792952a0f7458a31aca782a909668ac78f9185f2d1cd6f448b987d809fdcc70653c5fad6d9f4eec13d0c20f03646dbb6d5a9d0eb4eae9961c8ac55c50812da488ec21ecab26f7b9b6ed3ea4f051bd38ae4aa47eb54377464e87954743b0b24044d5c3c5bef7ecc35a7d28fdb07fa57736679e85dd7063c42fa31e4a6fcbc33ccc8fd23dcd9f746525476b417194108443edab00", 0x1039}}, 0x1006) mkdir(&(0x7f0000000040)='./bus\x00', 0x0) 178.103298ms ago: executing program 2 (id=1134): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='page_pool_state_release\x00', r1}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x11, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 98.113499ms ago: executing program 4 (id=1135): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000020000000c"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000066000000"], 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') chdir(&(0x7f00000000c0)='./bus\x00') mkdir(&(0x7f0000000240)='./bus\x00', 0x0) 0s ago: executing program 4 (id=1136): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) accept$packet(r1, 0x0, &(0x7f0000000080)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) kernel console output (not intermixed with test programs): PID: 2797 Comm: syz.4.706 Not tainted 6.1.138-syzkaller-00046-gdb710ea87c32 #0 [ 204.233220][ T28] audit: type=1400 audit(1748677474.852:610): avc: denied { bind } for pid=2799 comm="syz.0.707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 204.239389][ T2797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 204.239404][ T2797] Call Trace: [ 204.239410][ T2797] [ 204.239419][ T2797] __dump_stack+0x21/0x24 [ 204.279040][ T2797] dump_stack_lvl+0xee/0x150 [ 204.283643][ T2797] ? __cfi_dump_stack_lvl+0x8/0x8 [ 204.288677][ T2797] ? 0xffffffffa000097c [ 204.292869][ T2797] dump_stack+0x15/0x24 [ 204.297049][ T2797] should_fail_ex+0x3d4/0x520 [ 204.301733][ T2797] should_fail_alloc_page+0x61/0x90 [ 204.306931][ T2797] prepare_alloc_pages+0x148/0x5f0 [ 204.312051][ T2797] ? __alloc_pages_bulk+0x9c0/0x9c0 [ 204.317251][ T2797] __alloc_pages+0x115/0x3a0 [ 204.321926][ T2797] ? __cfi___alloc_pages+0x10/0x10 [ 204.327036][ T2797] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 204.332626][ T2797] ? copy_page_from_iter+0x235/0x2b0 [ 204.337911][ T2797] pipe_write+0x592/0x1950 [ 204.342334][ T2797] ? __cfi_pipe_write+0x10/0x10 [ 204.347209][ T2797] ? selinux_file_permission+0x3ef/0x510 [ 204.352888][ T2797] ? fsnotify_perm+0x67/0x5b0 [ 204.357669][ T2797] ? security_file_permission+0x8a/0xb0 [ 204.363216][ T2797] vfs_write+0x5db/0xca0 [ 204.367460][ T2797] ? slab_free_freelist_hook+0xc2/0x190 [ 204.373115][ T2797] ? __cfi_vfs_write+0x10/0x10 [ 204.377882][ T2797] ? __fget_files+0x2d5/0x330 [ 204.382565][ T2797] ? __fdget_pos+0x1f2/0x380 [ 204.387158][ T2797] ? ksys_write+0x71/0x240 [ 204.391579][ T2797] ksys_write+0x140/0x240 [ 204.395924][ T2797] ? __cfi_ksys_write+0x10/0x10 [ 204.400785][ T2797] ? debug_smp_processor_id+0x17/0x20 [ 204.406156][ T2797] __x64_sys_write+0x7b/0x90 [ 204.410779][ T2797] x64_sys_call+0x27b/0x9a0 [ 204.415283][ T2797] do_syscall_64+0x4c/0xa0 [ 204.419731][ T2797] ? clear_bhb_loop+0x15/0x70 [ 204.424403][ T2797] ? clear_bhb_loop+0x15/0x70 [ 204.429169][ T2797] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 204.435069][ T2797] RIP: 0033:0x7f3634f8e969 [ 204.439479][ T2797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 204.459089][ T2797] RSP: 002b:00007f3635e12038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 204.467507][ T2797] RAX: ffffffffffffffda RBX: 00007f36351b5fa0 RCX: 00007f3634f8e969 [ 204.475478][ T2797] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000000 [ 204.483447][ T2797] RBP: 00007f3635e12090 R08: 0000000000000000 R09: 0000000000000000 [ 204.491422][ T2797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 204.499406][ T2797] R13: 0000000000000000 R14: 00007f36351b5fa0 R15: 00007fff1357b488 [ 204.507392][ T2797] [ 204.511144][ T39] usb 3-1: device descriptor read/64, error -71 [ 204.517577][ T28] audit: type=1400 audit(1748677474.852:611): avc: denied { name_bind } for pid=2799 comm="syz.0.707" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 204.521196][ T2792] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 204.539348][ T28] audit: type=1400 audit(1748677474.852:612): avc: denied { node_bind } for pid=2799 comm="syz.0.707" saddr=ff02::1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 204.731006][ T2792] EXT4-fs error (device loop3): ext4_lookup:1858: comm syz.3.703: inode #15: comm syz.3.703: iget: illegal inode # [ 204.871677][ T39] usb 3-1: device descriptor read/64, error -71 [ 204.898373][ T283] EXT4-fs (loop3): unmounting filesystem. [ 205.046708][ T39] usb usb3-port1: attempt power cycle [ 205.069850][ T2812] loop3: detected capacity change from 0 to 1024 [ 205.092093][ T2814] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 205.102005][ T2812] EXT4-fs error (device loop3): __ext4_fill_super:5377: inode #2: comm syz.3.710: casefold flag without casefold feature [ 205.118663][ T2812] EXT4-fs (loop3): get root inode failed [ 205.124754][ T2812] EXT4-fs (loop3): mount failed [ 205.478328][ T2824] netlink: 4 bytes leftover after parsing attributes in process `syz.3.710'. [ 206.361752][ T39] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 207.850502][ T39] usb 3-1: device not accepting address 10, error -71 [ 209.484738][ T2852] loop3: detected capacity change from 0 to 256 [ 209.491556][ T2852] FAT-fs (loop3): Unrecognized mount option "iochars}=ascii" or missing value [ 209.501216][ T2854] syz.4.722[2854] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 209.501304][ T2854] syz.4.722[2854] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 209.571219][ T2857] loop1: detected capacity change from 0 to 128 [ 209.598958][ T2854] device dummy0 entered promiscuous mode [ 209.620972][ T2857] FAT-fs (loop1): Directory bread(block 32) failed [ 209.633634][ T2857] FAT-fs (loop1): Directory bread(block 33) failed [ 209.640360][ T2857] FAT-fs (loop1): Directory bread(block 34) failed [ 209.647236][ T2857] FAT-fs (loop1): Directory bread(block 35) failed [ 209.657609][ T2854] device dummy0 left promiscuous mode [ 209.663655][ T2857] FAT-fs (loop1): Directory bread(block 36) failed [ 209.671353][ T2857] FAT-fs (loop1): Directory bread(block 37) failed [ 209.679082][ T2857] FAT-fs (loop1): Directory bread(block 38) failed [ 209.713446][ T2857] FAT-fs (loop1): Directory bread(block 39) failed [ 209.720030][ T2857] FAT-fs (loop1): Directory bread(block 40) failed [ 209.745188][ T2857] FAT-fs (loop1): Directory bread(block 41) failed [ 209.757596][ T2861] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 209.925502][ T2865] loop1: detected capacity change from 0 to 1024 [ 209.975535][ T2865] EXT4-fs error (device loop1): __ext4_fill_super:5377: inode #2: comm syz.1.726: casefold flag without casefold feature [ 209.996127][ T2865] EXT4-fs (loop1): get root inode failed [ 210.008461][ T2865] EXT4-fs (loop1): mount failed [ 210.858019][ T28] audit: type=1326 audit(1748677481.482:613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2877 comm="syz.0.730" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faebeb8e969 code=0x0 [ 210.974182][ T28] audit: type=1326 audit(1748677481.602:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2877 comm="syz.0.730" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7faebeb8e969 code=0x0 [ 212.208798][ T2887] loop2: detected capacity change from 0 to 512 [ 212.323917][ T2887] EXT4-fs error (device loop2): ext4_do_update_inode:5255: inode #3: comm syz.2.732: corrupted inode contents [ 212.335962][ T2887] EXT4-fs error (device loop2): ext4_dirty_inode:6120: inode #3: comm syz.2.732: mark_inode_dirty error [ 212.348225][ T2887] EXT4-fs error (device loop2): ext4_do_update_inode:5255: inode #3: comm syz.2.732: corrupted inode contents [ 212.360368][ T2887] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #3: comm syz.2.732: mark_inode_dirty error [ 212.372099][ T2887] Quota error (device loop2): write_blk: dquota write failed [ 212.379760][ T2887] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 212.389948][ T2887] EXT4-fs error (device loop2): ext4_acquire_dquot:6789: comm syz.2.732: Failed to acquire dquot type 0 [ 212.402661][ T2887] EXT4-fs (loop2): 1 orphan inode deleted [ 212.408473][ T2887] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 212.417901][ T2887] ext4 filesystem being mounted at /157/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 212.753075][ T2893] EXT4-fs error (device loop2): ext4_lookup:1862: inode #2: comm syz.2.732: deleted inode referenced: 16 [ 212.772887][ T2893] EXT4-fs error (device loop2): ext4_lookup:1862: inode #2: comm syz.2.732: deleted inode referenced: 16 [ 212.801970][ T2893] overlayfs: failed to resolve './file2': -117 [ 213.311159][ T2769] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 213.475418][ T2905] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 215.126404][ T2901] random: crng reseeded on system resumption [ 215.223726][ T2909] netlink: 60 bytes leftover after parsing attributes in process `syz.3.737'. [ 215.554593][ T2916] FAULT_INJECTION: forcing a failure. [ 215.554593][ T2916] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 215.587348][ T2916] CPU: 0 PID: 2916 Comm: syz.0.739 Not tainted 6.1.138-syzkaller-00046-gdb710ea87c32 #0 [ 215.597099][ T2916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 215.607169][ T2916] Call Trace: [ 215.610457][ T2916] [ 215.613395][ T2916] __dump_stack+0x21/0x24 [ 215.617748][ T2916] dump_stack_lvl+0xee/0x150 [ 215.622357][ T2916] ? __cfi_dump_stack_lvl+0x8/0x8 [ 215.627403][ T2916] dump_stack+0x15/0x24 [ 215.632009][ T2916] should_fail_ex+0x3d4/0x520 [ 215.636706][ T2916] should_fail_alloc_page+0x61/0x90 [ 215.641935][ T2916] prepare_alloc_pages+0x148/0x5f0 [ 215.647088][ T2916] ? __alloc_pages_bulk+0x9c0/0x9c0 [ 215.652318][ T2916] ? map_create+0x49c/0xd80 [ 215.656864][ T2916] ? __x64_sys_bpf+0x7c/0x90 [ 215.661489][ T2916] ? x64_sys_call+0x488/0x9a0 [ 215.666207][ T2916] ? do_syscall_64+0x4c/0xa0 [ 215.670831][ T2916] __alloc_pages+0x115/0x3a0 [ 215.675452][ T2916] ? __cfi___alloc_pages+0x10/0x10 [ 215.680588][ T2916] ? __cfi__raw_spin_lock+0x10/0x10 [ 215.685814][ T2916] __get_free_pages+0xe/0x30 [ 215.690431][ T2916] kasan_populate_vmalloc_pte+0x29/0x120 [ 215.696099][ T2916] __apply_to_page_range+0x8c1/0xc00 [ 215.701409][ T2916] ? __cfi_kasan_populate_vmalloc_pte+0x10/0x10 [ 215.707695][ T2916] ? __cfi_kasan_populate_vmalloc_pte+0x10/0x10 [ 215.714058][ T2916] apply_to_page_range+0x3b/0x50 [ 215.719017][ T2916] kasan_populate_vmalloc+0x60/0x70 [ 215.724237][ T2916] alloc_vmap_area+0x173e/0x1870 [ 215.729292][ T2916] ? vm_map_ram+0x930/0x930 [ 215.733917][ T2916] ? __kasan_kmalloc+0x95/0xb0 [ 215.738709][ T2916] ? kmalloc_node_trace+0x3d/0xb0 [ 215.743771][ T2916] __get_vm_area_node+0x160/0x360 [ 215.748831][ T2916] __vmalloc_node_range+0x326/0x13d0 [ 215.754335][ T2916] ? prealloc_init+0x146/0x8f0 [ 215.759214][ T2916] ? pcpu_memcg_post_alloc_hook+0x177/0x270 [ 215.765138][ T2916] ? __bitmap_weight+0xb3/0x100 [ 215.770089][ T2916] ? __cfi___vmalloc_node_range+0x10/0x10 [ 215.775819][ T2916] ? __alloc_percpu_gfp+0x25/0x30 [ 215.780836][ T2916] ? pcpu_alloc+0x1108/0x16b0 [ 215.785521][ T2916] bpf_map_area_alloc+0xd7/0xe0 [ 215.790406][ T2916] ? prealloc_init+0x146/0x8f0 [ 215.795212][ T2916] prealloc_init+0x146/0x8f0 [ 215.799835][ T2916] htab_map_alloc+0xb24/0xfd0 [ 215.804536][ T2916] map_create+0x49c/0xd80 [ 215.808905][ T2916] __sys_bpf+0x30b/0x780 [ 215.813190][ T2916] ? bpf_link_show_fdinfo+0x320/0x320 [ 215.818775][ T2916] ? __cfi_ksys_write+0x10/0x10 [ 215.823655][ T2916] ? debug_smp_processor_id+0x17/0x20 [ 215.829054][ T2916] __x64_sys_bpf+0x7c/0x90 [ 215.833497][ T2916] x64_sys_call+0x488/0x9a0 [ 215.838281][ T2916] do_syscall_64+0x4c/0xa0 [ 215.842719][ T2916] ? clear_bhb_loop+0x15/0x70 [ 215.847410][ T2916] ? clear_bhb_loop+0x15/0x70 [ 215.852107][ T2916] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 215.858025][ T2916] RIP: 0033:0x7faebeb8e969 [ 215.862456][ T2916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 215.882073][ T2916] RSP: 002b:00007faebf9cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 215.890507][ T2916] RAX: ffffffffffffffda RBX: 00007faebedb5fa0 RCX: 00007faebeb8e969 [ 215.898499][ T2916] RDX: 0000000000000050 RSI: 0000200000000840 RDI: 0000000000000000 [ 215.906573][ T2916] RBP: 00007faebf9cf090 R08: 0000000000000000 R09: 0000000000000000 [ 215.914571][ T2916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 215.922569][ T2916] R13: 0000000000000000 R14: 00007faebedb5fa0 R15: 00007fff3002a398 [ 215.930561][ T2916] [ 216.273132][ T28] audit: type=1400 audit(1748677486.902:615): avc: denied { bind } for pid=2914 comm="syz.1.740" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 216.502501][ T286] EXT4-fs (loop2): unmounting filesystem. [ 216.508881][ T2925] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 216.527561][ T2925] EXT4-fs error (device loop2): ext4_release_dquot:6825: comm kworker/u4:8: Failed to release dquot type 1 [ 216.620820][ T2936] loop2: detected capacity change from 0 to 1024 [ 216.703301][ T2936] EXT4-fs error (device loop2): __ext4_fill_super:5377: inode #2: comm syz.2.744: casefold flag without casefold feature [ 216.716411][ T2936] EXT4-fs (loop2): get root inode failed [ 216.729560][ T2936] EXT4-fs (loop2): mount failed [ 216.919688][ T2943] random: crng reseeded on system resumption [ 217.181521][ T303] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 217.575285][ T2947] netlink: 4 bytes leftover after parsing attributes in process `syz.2.744'. [ 218.083345][ T2954] random: crng reseeded on system resumption [ 218.569607][ T303] usb 5-1: device descriptor read/all, error -71 [ 218.734515][ T39] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 218.961853][ T39] usb 3-1: Using ep0 maxpacket: 8 [ 218.969001][ T39] usb 3-1: config 1 has an invalid interface number: 128 but max is 1 [ 219.048707][ T39] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 219.067846][ T39] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 219.085693][ T39] usb 3-1: config 1 has no interface number 0 [ 219.101695][ T39] usb 3-1: config 1 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 219.114020][ T39] usb 3-1: config 1 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 219.132138][ T39] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 219.165263][ T39] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.237971][ T39] usb 3-1: Product: syz [ 219.252764][ T39] usb 3-1: Manufacturer: syz [ 219.259487][ T39] usb 3-1: SerialNumber: syz [ 219.358778][ T2978] FAULT_INJECTION: forcing a failure. [ 219.358778][ T2978] name failslab, interval 1, probability 0, space 0, times 0 [ 219.371501][ T2978] CPU: 0 PID: 2978 Comm: syz.0.754 Not tainted 6.1.138-syzkaller-00046-gdb710ea87c32 #0 [ 219.381226][ T2978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 219.391289][ T2978] Call Trace: [ 219.394572][ T2978] [ 219.397507][ T2978] __dump_stack+0x21/0x24 [ 219.401858][ T2978] dump_stack_lvl+0xee/0x150 [ 219.406462][ T2978] ? __cfi_dump_stack_lvl+0x8/0x8 [ 219.411505][ T2978] dump_stack+0x15/0x24 [ 219.415673][ T2978] should_fail_ex+0x3d4/0x520 [ 219.420360][ T2978] __should_failslab+0xac/0xf0 [ 219.425135][ T2978] ? rtm_new_nexthop+0x1a69/0x6150 [ 219.430265][ T2978] should_failslab+0x9/0x20 [ 219.434789][ T2978] __kmem_cache_alloc_node+0x3d/0x2c0 [ 219.440173][ T2978] ? kasan_save_alloc_info+0x25/0x30 [ 219.445481][ T2978] ? rtm_new_nexthop+0x1a69/0x6150 [ 219.450621][ T2978] kmalloc_trace+0x29/0xb0 [ 219.455065][ T2978] rtm_new_nexthop+0x1a69/0x6150 [ 219.460036][ T2978] ? irqentry_exit+0x37/0x40 [ 219.464634][ T2978] ? sysvec_call_function_single+0x61/0xc0 [ 219.470453][ T2978] ? asm_sysvec_call_function_single+0x1b/0x20 [ 219.476617][ T2978] ? __cfi_rtm_new_nexthop+0x10/0x10 [ 219.481921][ T2978] ? avc_has_perm_noaudit+0x251/0x460 [ 219.487311][ T2978] ? avc_has_perm_noaudit+0x35e/0x460 [ 219.492712][ T2978] ? memcpy+0x56/0x70 [ 219.496722][ T2978] ? avc_has_perm_noaudit+0x2f4/0x460 [ 219.502119][ T2978] ? __cfi_avc_has_perm_noaudit+0x10/0x10 [ 219.507865][ T2978] ? selinux_capable+0x29c/0x380 [ 219.512842][ T2978] ? __cfi_selinux_capable+0x10/0x10 [ 219.518147][ T2978] ? cap_capable+0x1aa/0x230 [ 219.522754][ T2978] ? ns_capable+0x8c/0xf0 [ 219.527089][ T2978] ? netlink_net_capable+0x125/0x160 [ 219.532393][ T2978] ? __cfi_rtm_new_nexthop+0x10/0x10 [ 219.537698][ T2978] rtnetlink_rcv_msg+0x9f4/0xcf0 [ 219.542647][ T2978] ? 0xffffffffa00009e4 [ 219.546808][ T2978] ? __cfi_rtnetlink_rcv_msg+0x10/0x10 [ 219.552277][ T2978] ? __kernel_text_address+0xd/0x30 [ 219.557486][ T2978] ? unwind_get_return_address+0x4d/0x90 [ 219.563127][ T2978] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 219.569293][ T2978] ? memcpy+0x56/0x70 [ 219.573291][ T2978] ? avc_has_perm_noaudit+0x2f4/0x460 [ 219.578680][ T2978] ? __cfi_avc_has_perm_noaudit+0x10/0x10 [ 219.584435][ T2978] ? slab_post_alloc_hook+0x4f/0x2d0 [ 219.589738][ T2978] ? avc_has_perm+0x158/0x240 [ 219.594424][ T2978] ? ____sys_sendmsg+0x5a9/0x990 [ 219.599378][ T2978] ? ___sys_sendmsg+0x21c/0x290 [ 219.604245][ T2978] ? __cfi_avc_has_perm+0x10/0x10 [ 219.609288][ T2978] ? selinux_nlmsg_lookup+0x416/0x4c0 [ 219.614683][ T2978] netlink_rcv_skb+0x1f2/0x440 [ 219.619463][ T2978] ? __cfi_rtnetlink_rcv_msg+0x10/0x10 [ 219.624941][ T2978] ? __cfi_netlink_rcv_skb+0x10/0x10 [ 219.630260][ T2978] ? __netlink_lookup+0x387/0x3b0 [ 219.635316][ T2978] rtnetlink_rcv+0x1c/0x20 [ 219.639749][ T2978] netlink_unicast+0x8b1/0xa30 [ 219.644527][ T2978] netlink_sendmsg+0x8aa/0xbc0 [ 219.649306][ T2978] ? irqentry_exit+0x37/0x40 [ 219.653912][ T2978] ? __cfi_netlink_sendmsg+0x10/0x10 [ 219.659219][ T2978] ? security_socket_sendmsg+0x93/0xb0 [ 219.664694][ T2978] ? __cfi_netlink_sendmsg+0x10/0x10 [ 219.670012][ T2978] ____sys_sendmsg+0x5a9/0x990 [ 219.674797][ T2978] ? __sys_sendmsg_sock+0x40/0x40 [ 219.679841][ T2978] ? import_iovec+0x7c/0xb0 [ 219.684360][ T2978] ___sys_sendmsg+0x21c/0x290 [ 219.689059][ T2978] ? __sys_sendmsg+0x270/0x270 [ 219.693860][ T2978] ? __kasan_record_aux_stack+0xb6/0xc0 [ 219.699429][ T2978] ? __kasan_check_write+0x14/0x20 [ 219.704554][ T2978] ? proc_fail_nth_write+0x17a/0x1f0 [ 219.709868][ T2978] ? vfs_write+0x9d6/0xca0 [ 219.714310][ T2978] ? __fdget+0x19c/0x220 [ 219.718573][ T2978] __x64_sys_sendmsg+0x1f0/0x2c0 [ 219.723531][ T2978] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 219.729012][ T2978] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 219.735093][ T2978] x64_sys_call+0x171/0x9a0 [ 219.739781][ T2978] do_syscall_64+0x4c/0xa0 [ 219.744245][ T2978] ? clear_bhb_loop+0x15/0x70 [ 219.748942][ T2978] ? clear_bhb_loop+0x15/0x70 [ 219.753627][ T2978] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 219.759553][ T2978] RIP: 0033:0x7faebeb8e969 [ 219.763973][ T2978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 219.783940][ T2978] RSP: 002b:00007faebf98d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 219.792452][ T2978] RAX: ffffffffffffffda RBX: 00007faebedb6160 RCX: 00007faebeb8e969 [ 219.800428][ T2978] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 000000000000000a [ 219.808576][ T2978] RBP: 00007faebf98d090 R08: 0000000000000000 R09: 0000000000000000 [ 219.816554][ T2978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 219.824530][ T2978] R13: 0000000000000000 R14: 00007faebedb6160 R15: 00007fff3002a398 [ 219.832515][ T2978] [ 220.146796][ T2978] device batadv_slave_0 entered promiscuous mode [ 220.546926][ T2986] random: crng reseeded on system resumption [ 222.466748][ T39] cdc_wdm 3-1:1.128: skipping garbage [ 222.561230][ T2994] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 222.764505][ T39] cdc_wdm 3-1:1.128: cdc-wdm0: USB WDM device [ 222.782942][ T39] usb 3-1: USB disconnect, device number 12 [ 223.124217][ T3003] loop2: detected capacity change from 0 to 16 [ 223.150737][ T3005] FAULT_INJECTION: forcing a failure. [ 223.150737][ T3005] name failslab, interval 1, probability 0, space 0, times 0 [ 223.155123][ T3003] erofs: (device loop2): z_erofs_load_lz4_config: invalid lz4 cfgs, size=4 [ 223.177016][ T3005] CPU: 0 PID: 3005 Comm: syz.4.763 Not tainted 6.1.138-syzkaller-00046-gdb710ea87c32 #0 [ 223.186785][ T3005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 223.196847][ T3005] Call Trace: [ 223.200167][ T3005] [ 223.203096][ T3005] __dump_stack+0x21/0x24 [ 223.207439][ T3005] dump_stack_lvl+0xee/0x150 [ 223.212040][ T3005] ? __cfi_dump_stack_lvl+0x8/0x8 [ 223.217071][ T3005] dump_stack+0x15/0x24 [ 223.221226][ T3005] should_fail_ex+0x3d4/0x520 [ 223.225905][ T3005] ? security_file_alloc+0x33/0x130 [ 223.231099][ T3005] __should_failslab+0xac/0xf0 [ 223.235861][ T3005] should_failslab+0x9/0x20 [ 223.240366][ T3005] kmem_cache_alloc+0x3b/0x330 [ 223.245142][ T3005] ? __alloc_file+0x28/0x2a0 [ 223.249731][ T3005] security_file_alloc+0x33/0x130 [ 223.254752][ T3005] __alloc_file+0xb5/0x2a0 [ 223.259193][ T3005] alloc_empty_file+0x97/0x180 [ 223.263955][ T3005] alloc_file+0x59/0x640 [ 223.268205][ T3005] alloc_file_pseudo+0x17a/0x1f0 [ 223.273164][ T3005] ? __cfi_alloc_file_pseudo+0x10/0x10 [ 223.278651][ T3005] ? _raw_spin_unlock+0x4c/0x70 [ 223.283523][ T3005] ? alloc_fd+0x4e6/0x590 [ 223.287861][ T3005] sock_alloc_file+0xba/0x270 [ 223.292543][ T3005] __sys_socket+0x135/0x1a0 [ 223.297047][ T3005] __x64_sys_socket+0x7a/0x90 [ 223.301723][ T3005] x64_sys_call+0x449/0x9a0 [ 223.306228][ T3005] do_syscall_64+0x4c/0xa0 [ 223.310644][ T3005] ? clear_bhb_loop+0x15/0x70 [ 223.315318][ T3005] ? clear_bhb_loop+0x15/0x70 [ 223.320013][ T3005] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 223.325918][ T3005] RIP: 0033:0x7f3634f8e969 [ 223.330331][ T3005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 223.349933][ T3005] RSP: 002b:00007f3635e12038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 223.358343][ T3005] RAX: ffffffffffffffda RBX: 00007f36351b5fa0 RCX: 00007f3634f8e969 [ 223.366312][ T3005] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 223.374275][ T3005] RBP: 00007f3635e12090 R08: 0000000000000000 R09: 0000000000000000 [ 223.382242][ T3005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 223.390208][ T3005] R13: 0000000000000000 R14: 00007f36351b5fa0 R15: 00007fff1357b488 [ 223.398264][ T3005] [ 223.432547][ T2769] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 223.553626][ T3012] FAULT_INJECTION: forcing a failure. [ 223.553626][ T3012] name failslab, interval 1, probability 0, space 0, times 0 [ 223.578463][ T3012] CPU: 1 PID: 3012 Comm: syz.0.766 Not tainted 6.1.138-syzkaller-00046-gdb710ea87c32 #0 [ 223.580984][ T3014] loop4: detected capacity change from 0 to 512 [ 223.588221][ T3012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 223.588235][ T3012] Call Trace: [ 223.588242][ T3012] [ 223.588249][ T3012] __dump_stack+0x21/0x24 [ 223.588281][ T3012] dump_stack_lvl+0xee/0x150 [ 223.588308][ T3012] ? __cfi_dump_stack_lvl+0x8/0x8 [ 223.601701][ T1259] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 223.604585][ T3012] ? __kasan_check_read+0x11/0x20 [ 223.637228][ T3012] dump_stack+0x15/0x24 [ 223.641407][ T3012] should_fail_ex+0x3d4/0x520 [ 223.646096][ T3012] ? skb_clone+0x1f5/0x380 [ 223.650535][ T3012] __should_failslab+0xac/0xf0 [ 223.652171][ T3014] ext4: Unknown parameter 'uid<00000000000000000000' [ 223.655312][ T3012] should_failslab+0x9/0x20 [ 223.666463][ T3012] kmem_cache_alloc+0x3b/0x330 [ 223.671236][ T3012] skb_clone+0x1f5/0x380 [ 223.675488][ T3012] bpf_clone_redirect+0xa7/0x3c0 [ 223.680425][ T3012] ? __kasan_check_write+0x14/0x20 [ 223.685537][ T3012] ? __switch_to+0x51f/0xe30 [ 223.690124][ T3012] bpf_prog_6893982b85ceadf7+0x56/0x5b [ 223.695578][ T3012] ? __cfi___switch_to+0x10/0x10 [ 223.700604][ T3012] ? _raw_spin_unlock+0x4c/0x70 [ 223.705461][ T3012] ? finish_task_switch+0x16b/0x7b0 [ 223.710668][ T3012] ? __switch_to_asm+0x3a/0x60 [ 223.715435][ T3012] ? __schedule+0xb8f/0x14e0 [ 223.720029][ T3012] ? ktime_get+0x141/0x170 [ 223.724446][ T3012] bpf_test_run+0x349/0x8d0 [ 223.728945][ T3012] ? __kasan_check_read+0x11/0x20 [ 223.733976][ T3012] ? convert___skb_to_skb+0x5b0/0x5b0 [ 223.739352][ T3012] ? convert___skb_to_skb+0x40/0x5b0 [ 223.744634][ T3012] bpf_prog_test_run_skb+0xaec/0x1290 [ 223.750011][ T3012] ? __cfi_bpf_prog_test_run_skb+0x10/0x10 [ 223.755814][ T3012] bpf_prog_test_run+0x3e3/0x630 [ 223.760749][ T3012] ? bpf_prog_query+0x270/0x270 [ 223.765591][ T3012] ? selinux_bpf+0xce/0xf0 [ 223.770007][ T3012] ? security_bpf+0x93/0xb0 [ 223.774514][ T3012] __sys_bpf+0x56d/0x780 [ 223.778757][ T3012] ? __kasan_check_read+0x11/0x20 [ 223.783899][ T3012] ? bpf_link_show_fdinfo+0x320/0x320 [ 223.789278][ T3012] ? sysvec_reschedule_ipi+0x78/0x80 [ 223.794821][ T3012] ? asm_sysvec_reschedule_ipi+0x1b/0x20 [ 223.800466][ T3012] __x64_sys_bpf+0x7c/0x90 [ 223.804885][ T3012] x64_sys_call+0x488/0x9a0 [ 223.809388][ T3012] do_syscall_64+0x4c/0xa0 [ 223.813809][ T3012] ? clear_bhb_loop+0x15/0x70 [ 223.818483][ T3012] ? clear_bhb_loop+0x15/0x70 [ 223.823156][ T3012] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 223.829054][ T3012] RIP: 0033:0x7faebeb8e969 [ 223.833464][ T3012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 223.853066][ T3012] RSP: 002b:00007faebf9cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 223.861563][ T3012] RAX: ffffffffffffffda RBX: 00007faebedb5fa0 RCX: 00007faebeb8e969 [ 223.869533][ T3012] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a [ 223.877507][ T3012] RBP: 00007faebf9cf090 R08: 0000000000000000 R09: 0000000000000000 [ 223.885479][ T3012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 223.893460][ T3012] R13: 0000000000000000 R14: 00007faebedb5fa0 R15: 00007fff3002a398 [ 223.901483][ T3012] [ 224.002930][ T1259] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 224.027991][ T1259] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 224.414001][ T1259] usb 2-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 224.423468][ T1259] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.433236][ T1259] usb 2-1: config 0 descriptor?? [ 224.461255][ T3026] loop0: detected capacity change from 0 to 256 [ 224.560298][ T3026] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 224.682963][ T3031] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 224.836629][ T3036] random: crng reseeded on system resumption [ 225.478199][ T3050] netlink: 60 bytes leftover after parsing attributes in process `syz.4.777'. [ 225.522977][ T1259] hid-led: probe of 0003:27B8:01ED.0009 failed with error -71 [ 225.541392][ T1259] usb 2-1: USB disconnect, device number 14 [ 226.616156][ T3058] 9pnet_fd: Insufficient options for proto=fd [ 226.624326][ T3058] syz.2.780[3058] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 226.624428][ T3058] syz.2.780[3058] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 226.636832][ T28] audit: type=1400 audit(1748677497.242:616): avc: denied { read } for pid=3057 comm="syz.2.780" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 226.643819][ T3058] fuse: Unknown parameter '00000000000000000009' [ 227.613285][ T3058] syz.2.780[3058] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 227.613391][ T3058] syz.2.780[3058] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 227.658202][ T28] audit: type=1400 audit(1748677498.282:617): avc: denied { create } for pid=3067 comm="syz.4.784" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 227.661344][ T3066] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 227.698022][ T3069] syz.2.780[3069] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 227.698131][ T3069] syz.2.780[3069] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 227.742920][ T3068] loop4: detected capacity change from 0 to 128 [ 227.748030][ T3064] mmap: syz.3.782 (3064) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 227.765765][ T28] audit: type=1400 audit(1748677498.372:618): avc: denied { ioctl } for pid=3063 comm="syz.3.782" path="socket:[24380]" dev="sockfs" ino=24380 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 227.798218][ T28] audit: type=1326 audit(1748677498.412:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3063 comm="syz.3.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0593d8e969 code=0x7ffc0000 [ 227.832606][ T2769] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 227.861690][ T28] audit: type=1326 audit(1748677498.412:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3063 comm="syz.3.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=36 compat=0 ip=0x7f0593d8e969 code=0x7ffc0000 [ 227.921184][ T28] audit: type=1326 audit(1748677498.412:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3063 comm="syz.3.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0593d8e969 code=0x7ffc0000 [ 228.472656][ T3077] fuse: Bad value for 'fd' [ 228.488807][ T3068] SELinux: ebitmap: truncated map [ 228.498912][ T28] audit: type=1326 audit(1748677498.412:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3063 comm="syz.3.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0593d8e969 code=0x7ffc0000 [ 228.499500][ T3068] SELinux: failed to load policy [ 228.527267][ T28] audit: type=1326 audit(1748677498.412:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3063 comm="syz.3.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0593d8e969 code=0x7ffc0000 [ 228.552073][ T28] audit: type=1326 audit(1748677498.412:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3063 comm="syz.3.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0593d8e969 code=0x7ffc0000 [ 228.576075][ T28] audit: type=1326 audit(1748677498.412:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3063 comm="syz.3.782" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0593d8e969 code=0x7ffc0000 [ 228.576142][ T3068] SELinux: policydb magic number 0x2e202123 does not match expected magic number 0xf97cff8c [ 228.609639][ T3068] SELinux: failed to load policy [ 228.621762][ T1259] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 228.811715][ T1259] usb 3-1: Using ep0 maxpacket: 32 [ 228.830977][ T1259] usb 3-1: config 64 has an invalid interface number: 129 but max is 1 [ 228.839502][ T1259] usb 3-1: config 64 contains an unexpected descriptor of type 0x1, skipping [ 228.848589][ T1259] usb 3-1: config 64 has an invalid interface number: 226 but max is 1 [ 228.857155][ T1259] usb 3-1: config 64 contains an unexpected descriptor of type 0x1, skipping [ 228.870575][ T1259] usb 3-1: config 64 contains an unexpected descriptor of type 0x2, skipping [ 228.891721][ T39] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 229.091739][ T39] usb 4-1: Using ep0 maxpacket: 8 [ 229.101132][ T39] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 229.155686][ T39] usb 4-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 229.165596][ T1259] usb 3-1: config 64 has an invalid descriptor of length 0, skipping remainder of the config [ 229.175839][ T1259] usb 3-1: config 64 has no interface number 0 [ 229.182056][ T1259] usb 3-1: config 64 has no interface number 1 [ 229.182221][ T39] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.188237][ T1259] usb 3-1: config 64 interface 129 altsetting 7 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 229.188276][ T1259] usb 3-1: config 64 interface 129 altsetting 7 has an invalid endpoint with address 0x0, skipping [ 229.211435][ T39] usb 4-1: Product: syz [ 229.222749][ T39] usb 4-1: Manufacturer: syz [ 229.227449][ T39] usb 4-1: SerialNumber: syz [ 229.231672][ T1259] usb 3-1: config 64 interface 129 altsetting 7 has a duplicate endpoint with address 0xE, skipping [ 229.242987][ T1259] usb 3-1: config 64 interface 129 altsetting 7 has a duplicate endpoint with address 0x4, skipping [ 229.246597][ T39] usb 4-1: config 0 descriptor?? [ 229.254041][ T1259] usb 3-1: config 64 interface 129 altsetting 7 has an invalid endpoint with address 0xFD, skipping [ 229.269717][ T1259] usb 3-1: config 64 interface 129 altsetting 7 endpoint 0x9 has invalid maxpacket 1024, setting to 64 [ 229.280966][ T1259] usb 3-1: config 64 interface 129 altsetting 7 has 8 endpoint descriptors, different from the interface descriptor's value: 7 [ 229.294301][ T1259] usb 3-1: config 64 interface 226 altsetting 9 has an invalid endpoint with address 0x64, skipping [ 229.305256][ T1259] usb 3-1: config 64 interface 226 altsetting 9 has a duplicate endpoint with address 0xB, skipping [ 229.316211][ T1259] usb 3-1: config 64 interface 226 altsetting 9 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 229.327432][ T1259] usb 3-1: config 64 interface 226 altsetting 9 has an invalid endpoint with address 0x80, skipping [ 229.338405][ T1259] usb 3-1: config 64 interface 226 altsetting 9 endpoint 0x8 has invalid maxpacket 512, setting to 64 [ 229.349533][ T1259] usb 3-1: config 64 interface 226 altsetting 9 has an invalid endpoint with address 0x80, skipping [ 229.360471][ T1259] usb 3-1: config 64 interface 226 altsetting 9 has a duplicate endpoint with address 0xE, skipping [ 229.371646][ T1259] usb 3-1: config 64 interface 226 altsetting 9 has a duplicate endpoint with address 0xF, skipping [ 229.382591][ T1259] usb 3-1: config 64 interface 129 has no altsetting 0 [ 229.389476][ T1259] usb 3-1: config 64 interface 226 has no altsetting 0 [ 229.398177][ T1259] usb 3-1: New USB device found, idVendor=1199, idProduct=9091, bcdDevice=9e.25 [ 229.407504][ T1259] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.415665][ T1259] usb 3-1: Product: syz [ 229.419908][ T1259] usb 3-1: Manufacturer: syz [ 229.424805][ T1259] usb 3-1: SerialNumber: syz [ 229.507277][ T287] usb 4-1: USB disconnect, device number 7 [ 229.636296][ T3094] netlink: 60 bytes leftover after parsing attributes in process `syz.4.792'. [ 229.664722][ T1259] usb 3-1: USB disconnect, device number 13 [ 231.007767][ T3106] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 231.271944][ T3119] FAULT_INJECTION: forcing a failure. [ 231.271944][ T3119] name failslab, interval 1, probability 0, space 0, times 0 [ 231.311752][ T39] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 231.346927][ T3119] CPU: 1 PID: 3119 Comm: syz.0.801 Not tainted 6.1.138-syzkaller-00046-gdb710ea87c32 #0 [ 231.356694][ T3119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 231.366758][ T3119] Call Trace: [ 231.370044][ T3119] [ 231.373077][ T3119] __dump_stack+0x21/0x24 [ 231.377425][ T3119] dump_stack_lvl+0xee/0x150 [ 231.382033][ T3119] ? __cfi_dump_stack_lvl+0x8/0x8 [ 231.387089][ T3119] ? dump_stack_lvl+0xd/0x150 [ 231.391781][ T3119] dump_stack+0x15/0x24 [ 231.395955][ T3119] should_fail_ex+0x3d4/0x520 [ 231.400662][ T3119] __should_failslab+0xac/0xf0 [ 231.405451][ T3119] should_failslab+0x9/0x20 [ 231.406498][ T3121] loop3: detected capacity change from 0 to 1024 [ 231.409985][ T3119] kmem_cache_alloc_node+0x42/0x340 [ 231.410013][ T3119] ? __alloc_skb+0xdf/0x7e0 [ 231.426027][ T3119] __alloc_skb+0xdf/0x7e0 [ 231.430404][ T3119] netlink_ack+0x372/0x1100 [ 231.434942][ T3119] ? genl_rcv_msg+0x278/0x770 [ 231.436792][ T3121] EXT4-fs error (device loop3): __ext4_fill_super:5377: inode #2: comm syz.3.802: casefold flag without casefold feature [ 231.439658][ T3119] ? __cfi_genl_rcv_msg+0x10/0x10 [ 231.452582][ T3121] EXT4-fs (loop3): get root inode failed [ 231.457256][ T3119] ? __cfi_netlink_ack+0x10/0x10 [ 231.463282][ T3121] EXT4-fs (loop3): mount failed [ 231.467815][ T3119] ? selinux_nlmsg_lookup+0x33c/0x4c0 [ 231.478022][ T3119] netlink_rcv_skb+0x277/0x440 [ 231.482811][ T3119] ? __cfi_genl_rcv_msg+0x10/0x10 [ 231.487938][ T3119] ? __cfi_netlink_rcv_skb+0x10/0x10 [ 231.493235][ T3119] ? down_read+0xa0/0xf0 [ 231.497478][ T3119] ? __cfi_down_read+0x10/0x10 [ 231.502246][ T3119] ? netlink_unicast+0x502/0xa30 [ 231.507188][ T3119] genl_rcv+0x28/0x40 [ 231.511179][ T3119] netlink_unicast+0x8b1/0xa30 [ 231.515951][ T3119] netlink_sendmsg+0x8aa/0xbc0 [ 231.520713][ T3119] ? sysvec_reschedule_ipi+0x78/0x80 [ 231.525997][ T3119] ? __cfi_netlink_sendmsg+0x10/0x10 [ 231.531286][ T3119] ? ____sys_sendmsg+0x61/0x990 [ 231.536145][ T3119] ? security_socket_sendmsg+0x93/0xb0 [ 231.541608][ T3119] ? __cfi_netlink_sendmsg+0x10/0x10 [ 231.546907][ T3119] ____sys_sendmsg+0x5a9/0x990 [ 231.551676][ T3119] ? __sys_sendmsg_sock+0x40/0x40 [ 231.556708][ T3119] ? import_iovec+0x7c/0xb0 [ 231.561216][ T3119] ___sys_sendmsg+0x21c/0x290 [ 231.565899][ T3119] ? __sys_sendmsg+0x270/0x270 [ 231.570672][ T3119] ? __cfi___switch_to+0x10/0x10 [ 231.575616][ T3119] ? __fdget+0x19c/0x220 [ 231.579898][ T3119] __x64_sys_sendmsg+0x1f0/0x2c0 [ 231.584856][ T3119] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 231.590363][ T3119] ? __bpf_trace_sys_enter+0x62/0x70 [ 231.595648][ T3119] ? trace_sys_enter+0x3d/0x50 [ 231.600411][ T3119] x64_sys_call+0x171/0x9a0 [ 231.604921][ T3119] do_syscall_64+0x4c/0xa0 [ 231.609340][ T3119] ? clear_bhb_loop+0x15/0x70 [ 231.614016][ T3119] ? clear_bhb_loop+0x15/0x70 [ 231.618694][ T3119] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 231.624631][ T3119] RIP: 0033:0x7faebeb8e969 [ 231.629071][ T3119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.648679][ T3119] RSP: 002b:00007faebf9cf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 231.657106][ T3119] RAX: ffffffffffffffda RBX: 00007faebedb5fa0 RCX: 00007faebeb8e969 [ 231.665076][ T3119] RDX: 0000000000005040 RSI: 00002000000001c0 RDI: 0000000000000004 [ 231.673048][ T3119] RBP: 00007faebf9cf090 R08: 0000000000000000 R09: 0000000000000000 [ 231.681019][ T3119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 231.688992][ T3119] R13: 0000000000000000 R14: 00007faebedb5fa0 R15: 00007fff3002a398 [ 231.696972][ T3119] [ 231.853011][ T39] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 231.863612][ T39] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 232.376288][ T39] usb 2-1: config 1 interface 1 altsetting 1 has an invalid endpoint with address 0xB7, skipping [ 232.387404][ T39] usb 2-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 232.415795][ T39] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 232.436548][ T39] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.437765][ T3131] netlink: 4 bytes leftover after parsing attributes in process `syz.3.802'. [ 232.451855][ T39] usb 2-1: Product: syz [ 232.473302][ T39] usb 2-1: Manufacturer: syz [ 232.495196][ T39] usb 2-1: SerialNumber: syz [ 232.613074][ T3139] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 232.663481][ T3143] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 232.743301][ T39] cdc_ncm 2-1:1.0: bind() failure [ 232.749613][ T39] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 232.765118][ T39] cdc_ncm 2-1:1.1: bind() failure [ 232.789073][ T39] usb 2-1: USB disconnect, device number 15 [ 232.930351][ T2777] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 233.065697][ T3169] random: crng reseeded on system resumption [ 233.503671][ T2777] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 233.539500][ T2777] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 233.601530][ T2777] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 234.230265][ T2777] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 234.687241][ T2777] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.767542][ T2777] usb 3-1: config 0 descriptor?? [ 234.769084][ T3177] loop1: detected capacity change from 0 to 1024 [ 234.833689][ T3177] EXT4-fs error (device loop1): __ext4_fill_super:5377: inode #2: comm syz.1.817: casefold flag without casefold feature [ 234.858433][ T3177] EXT4-fs (loop1): get root inode failed [ 234.865606][ T3177] EXT4-fs (loop1): mount failed [ 234.984122][ T3141] x_tables: duplicate underflow at hook 4 [ 235.474231][ T3141] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 235.492282][ T3185] netlink: 4 bytes leftover after parsing attributes in process `syz.1.817'. [ 235.564606][ T3141] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 235.631562][ T2777] usbhid 3-1:0.0: can't add hid device: -71 [ 235.638984][ T2777] usbhid: probe of 3-1:0.0 failed with error -71 [ 235.649361][ T2777] usb 3-1: USB disconnect, device number 14 [ 235.681729][ T3190] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 235.768511][ T3197] netlink: 60 bytes leftover after parsing attributes in process `syz.4.819'. [ 235.815581][ T3199] FAULT_INJECTION: forcing a failure. [ 235.815581][ T3199] name failslab, interval 1, probability 0, space 0, times 0 [ 235.848586][ T3199] CPU: 0 PID: 3199 Comm: syz.0.824 Not tainted 6.1.138-syzkaller-00046-gdb710ea87c32 #0 [ 235.858359][ T3199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 235.868445][ T3199] Call Trace: [ 235.871740][ T3199] [ 235.874679][ T3199] __dump_stack+0x21/0x24 [ 235.879033][ T3199] dump_stack_lvl+0xee/0x150 [ 235.883646][ T3199] ? __cfi_dump_stack_lvl+0x8/0x8 [ 235.888693][ T3199] ? avc_has_perm_noaudit+0x2f4/0x460 [ 235.894089][ T3199] dump_stack+0x15/0x24 [ 235.898270][ T3199] should_fail_ex+0x3d4/0x520 [ 235.902970][ T3199] __should_failslab+0xac/0xf0 [ 235.907756][ T3199] ? alloc_fs_context+0x64/0x7b0 [ 235.912712][ T3199] should_failslab+0x9/0x20 [ 235.917245][ T3199] __kmem_cache_alloc_node+0x3d/0x2c0 [ 235.922641][ T3199] ? selinux_capable+0x29c/0x380 [ 235.927606][ T3199] ? alloc_fs_context+0x64/0x7b0 [ 235.932569][ T3199] kmalloc_trace+0x29/0xb0 [ 235.937016][ T3199] alloc_fs_context+0x64/0x7b0 [ 235.941811][ T3199] ? _raw_read_unlock+0x25/0x40 [ 235.946695][ T3199] fs_context_for_mount+0x22/0x30 [ 235.951752][ T3199] do_new_mount+0x122/0xa20 [ 235.956274][ T3199] path_mount+0x675/0x1010 [ 235.960737][ T3199] ? user_path_at_empty+0x161/0x1c0 [ 235.965949][ T3199] __se_sys_mount+0x318/0x380 [ 235.970643][ T3199] ? __x64_sys_mount+0xd0/0xd0 [ 235.975421][ T3199] ? __cfi_ksys_write+0x10/0x10 [ 235.980278][ T3199] __x64_sys_mount+0xbf/0xd0 [ 235.984872][ T3199] x64_sys_call+0x65d/0x9a0 [ 235.989422][ T3199] do_syscall_64+0x4c/0xa0 [ 235.993849][ T3199] ? clear_bhb_loop+0x15/0x70 [ 235.998539][ T3199] ? clear_bhb_loop+0x15/0x70 [ 236.003230][ T3199] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 236.009138][ T3199] RIP: 0033:0x7faebeb8e969 [ 236.013549][ T3199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.033150][ T3199] RSP: 002b:00007faebf9cf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 236.041563][ T3199] RAX: ffffffffffffffda RBX: 00007faebedb5fa0 RCX: 00007faebeb8e969 [ 236.049530][ T3199] RDX: 0000200000000040 RSI: 0000200000000000 RDI: 0000000000000000 [ 236.057506][ T3199] RBP: 00007faebf9cf090 R08: 0000200000000140 R09: 0000000000000000 [ 236.065471][ T3199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 236.073462][ T3199] R13: 0000000000000000 R14: 00007faebedb5fa0 R15: 00007fff3002a398 [ 236.081555][ T3199] [ 236.115427][ T3203] loop0: detected capacity change from 0 to 1024 [ 236.124186][ T3203] EXT4-fs: Ignoring removed bh option [ 236.129729][ T3203] EXT4-fs: Ignoring removed nomblk_io_submit option [ 236.192279][ T3203] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 236.656812][ T39] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 236.853741][ T39] usb 1-1: config 0 has an invalid interface number: 64 but max is 0 [ 236.871126][ T39] usb 1-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config [ 237.006654][ T39] usb 1-1: config 0 has no interface number 0 [ 237.014400][ T3211] loop2: detected capacity change from 0 to 40427 [ 237.035211][ T3211] F2FS-fs (loop2): invalid crc value [ 237.265637][ T39] usb 1-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48 [ 237.291747][ T3211] F2FS-fs (loop2): Found nat_bits in checkpoint [ 237.349618][ T39] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.462334][ T3211] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 237.478901][ T39] usb 1-1: Product: syz [ 237.485512][ T3229] loop4: detected capacity change from 0 to 1024 [ 237.507998][ T39] usb 1-1: Manufacturer: syz [ 237.513984][ T3229] EXT4-fs error (device loop4): __ext4_fill_super:5377: inode #2: comm syz.4.831: casefold flag without casefold feature [ 237.519402][ T39] usb 1-1: SerialNumber: syz [ 237.534961][ T3229] EXT4-fs (loop4): get root inode failed [ 237.541757][ T3229] EXT4-fs (loop4): mount failed [ 237.550526][ T39] usb 1-1: config 0 descriptor?? [ 238.632644][ T3236] overlayfs: conflicting lowerdir path [ 238.751710][ T3235] netlink: 4 bytes leftover after parsing attributes in process `syz.4.831'. [ 238.759089][ T28] kauditd_printk_skb: 12 callbacks suppressed [ 238.759114][ T28] audit: type=1400 audit(1748677509.252:638): avc: denied { mounton } for pid=3210 comm="syz.2.827" path="/168/file0/bus" dev="loop2" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 239.023272][ T39] hid-generic 0000:0004:0000.000A: unknown main item tag 0x0 [ 239.051919][ T39] hid-generic 0000:0004:0000.000A: unknown main item tag 0x0 [ 239.163553][ T286] syz-executor: attempt to access beyond end of device [ 239.163553][ T286] loop2: rw=2049, sector=45096, nr_sectors = 24 limit=40427 [ 239.171735][ T39] hid-generic 0000:0004:0000.000A: unknown main item tag 0x0 [ 239.185238][ T28] audit: type=1400 audit(1748677509.252:639): avc: denied { rename } for pid=3210 comm="syz.2.827" name="#76" dev="loop2" ino=22 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 239.207739][ T39] hid-generic 0000:0004:0000.000A: hidraw0: HID v0.00 Device [syz0] on syz1 [ 239.296523][ T28] audit: type=1400 audit(1748677509.262:640): avc: denied { unlink } for pid=3210 comm="syz.2.827" name="#77" dev="loop2" ino=22 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 239.955719][ T3252] loop1: detected capacity change from 0 to 1024 [ 240.027185][ T3252] EXT4-fs error (device loop1): __ext4_fill_super:5377: inode #2: comm syz.1.836: casefold flag without casefold feature [ 240.057252][ T3252] EXT4-fs (loop1): get root inode failed [ 240.070044][ T3252] EXT4-fs (loop1): mount failed [ 240.217738][ T287] usb 1-1: USB disconnect, device number 17 [ 240.223652][ T3262] 9pnet_fd: Insufficient options for proto=fd [ 240.234950][ T284] EXT4-fs (loop0): unmounting filesystem. [ 241.602494][ T3275] random: crng reseeded on system resumption [ 241.988482][ T3284] 9pnet_fd: Insufficient options for proto=fd [ 242.967389][ T3290] random: crng reseeded on system resumption [ 243.988432][ T3307] loop2: detected capacity change from 0 to 1024 [ 244.008852][ T3309] netlink: 36 bytes leftover after parsing attributes in process `syz.3.851'. [ 244.122565][ T3307] EXT4-fs error (device loop2): __ext4_fill_super:5377: inode #2: comm syz.2.852: casefold flag without casefold feature [ 244.406739][ T3315] netlink: 60 bytes leftover after parsing attributes in process `syz.0.853'. [ 244.627979][ T3307] EXT4-fs (loop2): get root inode failed [ 244.635117][ T3307] EXT4-fs (loop2): mount failed [ 244.695695][ T28] audit: type=1400 audit(1748677515.322:641): avc: denied { write } for pid=3321 comm="syz.0.856" path="socket:[25760]" dev="sockfs" ino=25760 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 245.017182][ T3330] netlink: 4 bytes leftover after parsing attributes in process `syz.2.852'. [ 245.515271][ T3346] netlink: 28 bytes leftover after parsing attributes in process `syz.3.859'. [ 245.524263][ T3346] netlink: 28 bytes leftover after parsing attributes in process `syz.3.859'. [ 245.534788][ T28] audit: type=1400 audit(1748677516.172:642): avc: denied { block_suspend } for pid=3339 comm="syz.3.859" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 245.618233][ T3349] binder: BINDER_SET_CONTEXT_MGR already set [ 245.624459][ T3349] binder: 3347:3349 ioctl 4018620d 200000000040 returned -16 [ 245.645801][ T3352] loop4: detected capacity change from 0 to 1024 [ 245.658502][ T3354] loop1: detected capacity change from 0 to 256 [ 245.677245][ T3354] FAULT_INJECTION: forcing a failure. [ 245.677245][ T3354] name failslab, interval 1, probability 0, space 0, times 0 [ 245.697839][ T3352] EXT4-fs: Ignoring removed nobh option [ 245.713368][ T3354] CPU: 1 PID: 3354 Comm: syz.1.864 Not tainted 6.1.138-syzkaller-00046-gdb710ea87c32 #0 [ 245.723131][ T3354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 245.733219][ T3354] Call Trace: [ 245.736509][ T3354] [ 245.739449][ T3354] __dump_stack+0x21/0x24 [ 245.743089][ T3352] EXT4-fs: Ignoring removed bh option [ 245.743800][ T3354] dump_stack_lvl+0xee/0x150 [ 245.753753][ T3354] ? __cfi_dump_stack_lvl+0x8/0x8 [ 245.758795][ T3354] ? kasan_set_track+0x60/0x70 [ 245.759451][ T3352] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 245.763560][ T3354] ? kasan_save_free_info+0x31/0x50 [ 245.763589][ T3354] ? ____kasan_slab_free+0x132/0x180 [ 245.785331][ T3354] ? __kasan_slab_free+0x11/0x20 [ 245.790288][ T3354] ? kmem_cache_free+0x12d/0x300 [ 245.795237][ T3354] ? fat_search_long+0x102a/0x1120 [ 245.800382][ T3354] ? vfat_lookup+0x1a8/0x560 [ 245.804997][ T3354] ? path_openat+0xff3/0x2f50 [ 245.809707][ T3354] dump_stack+0x15/0x24 [ 245.813980][ T3354] should_fail_ex+0x3d4/0x520 [ 245.818685][ T3354] __should_failslab+0xac/0xf0 [ 245.823462][ T3354] ? vfat_add_entry+0x1e0/0x2d30 [ 245.828433][ T3354] should_failslab+0x9/0x20 [ 245.832953][ T3354] __kmem_cache_alloc_node+0x3d/0x2c0 [ 245.838343][ T3354] ? vfat_add_entry+0x1e0/0x2d30 [ 245.841697][ T303] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 245.843301][ T3354] kmalloc_trace+0x29/0xb0 [ 245.855192][ T3354] vfat_add_entry+0x1e0/0x2d30 [ 245.859991][ T3354] ? debug_smp_processor_id+0x17/0x20 [ 245.865382][ T3354] ? kasan_quarantine_put+0x34/0x190 [ 245.870706][ T3354] ? kmem_cache_free+0x12d/0x300 [ 245.875758][ T3354] ? vfat_rename2+0x1c10/0x1c10 [ 245.880641][ T3354] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 245.886209][ T3354] ? __cfi__raw_spin_lock_irqsave+0x10/0x10 [ 245.892127][ T3354] ? _raw_spin_unlock_irqrestore+0x5a/0x80 [ 245.897967][ T3354] ? __wake_up+0x11b/0x190 [ 245.898942][ T3352] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 245.902407][ T3354] ? __cfi___wake_up+0x10/0x10 [ 245.902439][ T3354] ? __kasan_check_write+0x14/0x20 [ 245.902468][ T3354] ? ktime_get_coarse_real_ts64+0x11b/0x130 [ 245.902492][ T3354] ? current_time+0x197/0x2b0 [ 245.931737][ T3354] ? __kasan_check_write+0x14/0x20 [ 245.936882][ T3354] ? __cfi_current_time+0x10/0x10 [ 245.941912][ T3354] vfat_create+0x12c/0x240 [ 245.946329][ T3354] ? __cfi_vfat_create+0x10/0x10 [ 245.951263][ T3354] ? selinux_inode_create+0x22/0x30 [ 245.956465][ T3354] ? security_inode_create+0xd2/0x120 [ 245.961842][ T3354] ? __cfi_vfat_create+0x10/0x10 [ 245.966806][ T3354] path_openat+0x11e3/0x2f50 [ 245.971397][ T3354] ? do_filp_open+0x3c0/0x3c0 [ 245.976068][ T3354] do_filp_open+0x1c1/0x3c0 [ 245.980571][ T3354] ? __cfi_do_filp_open+0x10/0x10 [ 245.985607][ T3354] ? alloc_fd+0x4e6/0x590 [ 245.989965][ T3354] do_sys_openat2+0x185/0x7e0 [ 245.994681][ T3354] ? __kasan_check_write+0x14/0x20 [ 245.999826][ T3354] ? do_sys_open+0xe0/0xe0 [ 246.004242][ T3354] ? ksys_write+0x1eb/0x240 [ 246.008745][ T3354] ? __cfi_ksys_write+0x10/0x10 [ 246.013599][ T3354] __x64_sys_openat+0x136/0x160 [ 246.018455][ T3354] x64_sys_call+0x783/0x9a0 [ 246.022955][ T3354] do_syscall_64+0x4c/0xa0 [ 246.027375][ T3354] ? clear_bhb_loop+0x15/0x70 [ 246.032051][ T3354] ? clear_bhb_loop+0x15/0x70 [ 246.036813][ T3354] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 246.042717][ T3354] RIP: 0033:0x7f117398e969 [ 246.047131][ T3354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 246.066865][ T3354] RSP: 002b:00007f1174714038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 246.075303][ T3354] RAX: ffffffffffffffda RBX: 00007f1173bb5fa0 RCX: 00007f117398e969 [ 246.083288][ T3354] RDX: 000000000000275a RSI: 0000200000000400 RDI: ffffffffffffff9c [ 246.091366][ T3354] RBP: 00007f1174714090 R08: 0000000000000000 R09: 0000000000000000 [ 246.099335][ T3354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 246.107302][ T3354] R13: 0000000000000000 R14: 00007f1173bb5fa0 R15: 00007fff7b92d858 [ 246.115274][ T3354] [ 246.123107][ T303] usb 4-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 246.124015][ T285] EXT4-fs (loop4): unmounting filesystem. [ 246.169510][ T303] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.186096][ T303] usb 4-1: Product: syz [ 246.190304][ T303] usb 4-1: Manufacturer: syz [ 246.195025][ T303] usb 4-1: SerialNumber: syz [ 246.221219][ T303] r8152-cfgselector 4-1: config 0 descriptor?? [ 246.232922][ T3369] capability: warning: `syz.0.868' uses 32-bit capabilities (legacy support in use) [ 246.254904][ T28] audit: type=1400 audit(1748677516.882:643): avc: denied { write } for pid=3372 comm="syz.1.870" name="ppp" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 246.293843][ T3374] loop4: detected capacity change from 0 to 1024 [ 246.426728][ T3369] loop0: detected capacity change from 0 to 4096 [ 246.527162][ T3374] EXT4-fs error (device loop4): __ext4_fill_super:5377: inode #2: comm syz.4.871: casefold flag without casefold feature [ 246.625685][ T303] r8152-cfgselector 4-1: Unknown version 0x0000 [ 246.633798][ T303] r8152-cfgselector 4-1: Unknown version 0x6ce0 [ 246.640674][ T3374] EXT4-fs (loop4): get root inode failed [ 246.646424][ T3374] EXT4-fs (loop4): mount failed [ 246.890623][ T3381] netlink: 4 bytes leftover after parsing attributes in process `syz.4.871'. [ 246.921767][ T934] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 247.151730][ T934] usb 1-1: Using ep0 maxpacket: 32 [ 247.158050][ T934] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 247.177271][ T934] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 247.246402][ T934] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 247.255890][ T934] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.265897][ T934] usb 1-1: config 0 descriptor?? [ 247.692302][ T934] koneplus 0003:1E7D:2D51.000B: unknown main item tag 0x0 [ 247.699611][ T934] koneplus 0003:1E7D:2D51.000B: unknown main item tag 0x0 [ 247.708089][ T934] koneplus 0003:1E7D:2D51.000B: unknown main item tag 0x0 [ 247.715346][ T934] koneplus 0003:1E7D:2D51.000B: unknown main item tag 0x0 [ 247.716428][ T3396] tipc: Started in network mode [ 247.722811][ T934] koneplus 0003:1E7D:2D51.000B: unknown main item tag 0x0 [ 247.727686][ T3396] tipc: Node identity ac14140f, cluster identity 4711 [ 247.735994][ T934] koneplus 0003:1E7D:2D51.000B: hidraw0: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.0-1/input0 [ 247.742499][ T3396] tipc: New replicast peer: 255.255.255.255 [ 247.759100][ T3396] tipc: Enabled bearer , priority 10 [ 247.936901][ T3403] loop1: detected capacity change from 0 to 2048 [ 247.950248][ T3402] SELinux: Context Ü is not valid (left unmapped). [ 248.080711][ T2777] usb 1-1: USB disconnect, device number 18 [ 248.496762][ T3422] netlink: 24 bytes leftover after parsing attributes in process `syz.2.882'. [ 248.937543][ T287] tipc: Node number set to 2886997007 [ 248.955183][ T287] r8152-cfgselector 4-1: USB disconnect, device number 8 [ 250.575924][ T3436] loop2: detected capacity change from 0 to 512 [ 250.596344][ T3439] loop3: detected capacity change from 0 to 256 [ 250.624609][ T3439] FAT-fs (loop3): Directory bread(block 64) failed [ 250.641528][ T3439] FAT-fs (loop3): Directory bread(block 65) failed [ 250.648588][ T3439] FAT-fs (loop3): Directory bread(block 66) failed [ 251.096985][ T3439] FAT-fs (loop3): Directory bread(block 67) failed [ 251.219790][ T3436] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 251.396541][ T3439] FAT-fs (loop3): Directory bread(block 68) failed [ 251.808406][ T3436] ext4 filesystem being mounted at /182/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 251.828311][ T3439] FAT-fs (loop3): Directory bread(block 69) failed [ 251.849811][ T3439] FAT-fs (loop3): Directory bread(block 70) failed [ 251.878193][ T3439] FAT-fs (loop3): Directory bread(block 71) failed [ 251.900304][ T3439] FAT-fs (loop3): Directory bread(block 72) failed [ 251.965446][ T3455] xt_ecn: cannot match TCP bits for non-tcp packets [ 251.972180][ T3439] FAT-fs (loop3): Directory bread(block 73) failed [ 252.014358][ T3455] loop4: detected capacity change from 0 to 512 [ 252.102763][ T286] EXT4-fs (loop2): unmounting filesystem. [ 252.139545][ T3455] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.893: invalid indirect mapped block 10 (level 1) [ 252.143240][ T3463] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 252.393935][ T3455] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.893: invalid indirect mapped block 8 (level 1) [ 252.492792][ T3455] EXT4-fs (loop4): 1 truncate cleaned up [ 252.498545][ T3455] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 252.548904][ T285] EXT4-fs (loop4): unmounting filesystem. [ 252.555667][ T28] audit: type=1400 audit(1748677523.162:644): avc: denied { ioctl } for pid=3454 comm="syz.4.893" path="/193/file0/cpu.stat" dev="loop4" ino=18 ioctlcmd=0x583b scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 254.177605][ T3475] loop4: detected capacity change from 0 to 16 [ 254.531522][ T3487] xt_hashlimit: max too large, truncated to 1048576 [ 255.384069][ T3496] netlink: 60 bytes leftover after parsing attributes in process `syz.1.905'. [ 255.449279][ T3501] netlink: 8 bytes leftover after parsing attributes in process `syz.3.897'. [ 255.465424][ T3501] netlink: 24 bytes leftover after parsing attributes in process `syz.3.897'. [ 255.565895][ T3507] xt_CT: No such helper "pptp" [ 257.377194][ T3540] random: crng reseeded on system resumption [ 259.694280][ T3560] netlink: 60 bytes leftover after parsing attributes in process `syz.2.918'. [ 260.698035][ T3568] random: crng reseeded on system resumption [ 261.320462][ T3590] random: crng reseeded on system resumption [ 261.368132][ T3587] loop3: detected capacity change from 0 to 1024 [ 261.689164][ T3587] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 261.704379][ T28] audit: type=1400 audit(1748677532.332:645): avc: denied { link } for pid=3573 comm="syz.3.927" name="file0" dev="incremental-fs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 261.728188][ T3587] incfs: Unexpected inode type [ 261.925505][ T283] EXT4-fs (loop3): unmounting filesystem. [ 262.024915][ T28] audit: type=1400 audit(1748677532.332:646): avc: denied { link } for pid=3573 comm="syz.3.927" name="file0" dev="loop3" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 262.454762][ T28] audit: type=1400 audit(1748677533.082:647): avc: denied { validate_trans } for pid=3600 comm="syz.0.932" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 262.981304][ T3626] netlink: 60 bytes leftover after parsing attributes in process `syz.3.935'. [ 263.335198][ T3635] loop0: detected capacity change from 0 to 1024 [ 263.448051][ T3635] ext4: Unknown parameter 'fowner>00000000000000000000' [ 264.042872][ T3642] wireguard: wg2: Could not create IPv6 socket [ 264.057406][ T3642] device wg2 entered promiscuous mode [ 264.126664][ T3644] netlink: 28 bytes leftover after parsing attributes in process `syz.4.943'. [ 264.214936][ T3647] loop4: detected capacity change from 0 to 512 [ 264.240521][ T3647] EXT4-fs (loop4): orphan cleanup on readonly fs [ 264.248686][ T3647] EXT4-fs error (device loop4): ext4_orphan_get:1426: comm syz.4.943: bad orphan inode 13 [ 264.264516][ T3642] fuse: Bad value for 'user_id' [ 264.270860][ T3642] netlink: 36 bytes leftover after parsing attributes in process `syz.1.944'. [ 264.280227][ T3647] ext4_test_bit(bit=12, block=18) = 1 [ 264.301823][ T3647] is_bad_inode(inode)=0 [ 264.307253][ T3647] NEXT_ORPHAN(inode)=2130706432 [ 264.351354][ T3647] max_ino=32 [ 264.402058][ T3647] i_nlink=1 [ 264.447601][ T3654] loop1: detected capacity change from 0 to 512 [ 264.459428][ T3647] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 264.530361][ T3654] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 264.690189][ T28] audit: type=1400 audit(1748677535.312:648): avc: denied { execute } for pid=3643 comm="syz.4.943" name="file2" dev="loop4" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 264.712972][ T2777] usb 1-1: new low-speed USB device number 19 using dummy_hcd [ 264.728791][ T3654] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 264.864520][ T3654] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 264.891689][ T2777] usb 1-1: device descriptor read/64, error -71 [ 264.995972][ T3654] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 265.024989][ T3654] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 265.168442][ T3654] EXT4-fs (loop1): orphan cleanup on readonly fs [ 265.188775][ T3654] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.944: bg 0: block 34: padding at end of block bitmap is not set [ 265.211687][ T2777] usb 1-1: device descriptor read/64, error -71 [ 265.218737][ T285] EXT4-fs (loop4): unmounting filesystem. [ 265.232153][ T3654] Quota error (device loop1): write_blk: dquota write failed [ 265.243429][ T3654] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 265.321718][ T3654] EXT4-fs error (device loop1): ext4_acquire_dquot:6789: comm syz.1.944: Failed to acquire dquot type 1 [ 265.349847][ T3654] EXT4-fs (loop1): 1 truncate cleaned up [ 265.353481][ T3672] loop3: detected capacity change from 0 to 256 [ 265.362487][ T3654] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 265.392434][ T3654] syz.1.944 (3654) used greatest stack depth: 20480 bytes left [ 265.436711][ T3674] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 265.475522][ T3663] loop2: detected capacity change from 0 to 40427 [ 265.492364][ T2777] usb 1-1: new low-speed USB device number 20 using dummy_hcd [ 265.494049][ T282] EXT4-fs (loop1): unmounting filesystem. [ 265.576780][ T3663] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 265.584885][ T3663] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 265.625228][ T3663] F2FS-fs (loop2): Found nat_bits in checkpoint [ 265.651675][ T2777] usb 1-1: device descriptor read/64, error -71 [ 265.677253][ T3663] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 265.684504][ T3663] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 265.704526][ T3687] device vlan2 entered promiscuous mode [ 265.777866][ T3687] device bridge0 entered promiscuous mode [ 265.795376][ T3688] netlink: 60 bytes leftover after parsing attributes in process `syz.4.956'. [ 265.811807][ T3679] netlink: 152 bytes leftover after parsing attributes in process `syz.1.957'. [ 265.827393][ T3690] FAULT_INJECTION: forcing a failure. [ 265.827393][ T3690] name failslab, interval 1, probability 0, space 0, times 0 [ 265.840096][ T3690] CPU: 1 PID: 3690 Comm: syz.2.950 Not tainted 6.1.138-syzkaller-00046-gdb710ea87c32 #0 [ 265.849843][ T3690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 265.859949][ T3690] Call Trace: [ 265.863241][ T3690] [ 265.866190][ T3690] __dump_stack+0x21/0x24 [ 265.870538][ T3690] dump_stack_lvl+0xee/0x150 [ 265.875151][ T3690] ? __cfi_dump_stack_lvl+0x8/0x8 [ 265.880211][ T3690] dump_stack+0x15/0x24 [ 265.884408][ T3690] should_fail_ex+0x3d4/0x520 [ 265.889115][ T3690] __should_failslab+0xac/0xf0 [ 265.893982][ T3690] ? bpf_prog_alloc_no_stats+0x9a/0x3f0 [ 265.899535][ T3690] should_failslab+0x9/0x20 [ 265.904047][ T3690] __kmem_cache_alloc_node+0x3d/0x2c0 [ 265.909422][ T3690] ? bpf_prog_alloc_no_stats+0x9a/0x3f0 [ 265.914972][ T3690] kmalloc_trace+0x29/0xb0 [ 265.919444][ T3690] bpf_prog_alloc_no_stats+0x9a/0x3f0 [ 265.924831][ T3690] bpf_prog_alloc+0x22/0x1c0 [ 265.929433][ T3690] bpf_prog_load+0x7c6/0x15a0 [ 265.934107][ T3690] ? map_freeze+0x390/0x390 [ 265.938618][ T3690] ? selinux_bpf+0xc7/0xf0 [ 265.943041][ T3690] ? security_bpf+0x93/0xb0 [ 265.947576][ T3690] __sys_bpf+0x504/0x780 [ 265.951838][ T3690] ? bpf_link_show_fdinfo+0x320/0x320 [ 265.957227][ T3690] ? __cfi_ksys_write+0x10/0x10 [ 265.962091][ T3690] ? debug_smp_processor_id+0x17/0x20 [ 265.967558][ T3690] __x64_sys_bpf+0x7c/0x90 [ 265.971983][ T3690] x64_sys_call+0x488/0x9a0 [ 265.976577][ T3690] do_syscall_64+0x4c/0xa0 [ 265.980994][ T3690] ? clear_bhb_loop+0x15/0x70 [ 265.985668][ T3690] ? clear_bhb_loop+0x15/0x70 [ 265.990342][ T3690] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 265.996247][ T3690] RIP: 0033:0x7fe12838e969 [ 266.000657][ T3690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 266.020265][ T3690] RSP: 002b:00007fe1292c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 266.028699][ T3690] RAX: ffffffffffffffda RBX: 00007fe1285b6080 RCX: 00007fe12838e969 [ 266.036677][ T3690] RDX: 0000000000000080 RSI: 0000200000000300 RDI: 0000000000000005 [ 266.044650][ T3690] RBP: 00007fe1292c0090 R08: 0000000000000000 R09: 0000000000000000 [ 266.052649][ T3690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 266.060629][ T3690] R13: 0000000000000000 R14: 00007fe1285b6080 R15: 00007ffc83102748 [ 266.068610][ T3690] [ 266.151656][ T2777] usb 1-1: device descriptor read/64, error -71 [ 266.281749][ T2777] usb usb1-port1: attempt power cycle [ 266.341743][ T287] usb 3-1: new full-speed USB device number 15 using dummy_hcd [ 266.533060][ T287] usb 3-1: unable to get BOS descriptor or descriptor too short [ 266.541271][ T287] usb 3-1: not running at top speed; connect to a high speed hub [ 266.551156][ T287] usb 3-1: config 5 interface 0 has no altsetting 0 [ 266.560448][ T287] usb 3-1: New USB device found, idVendor=0582, idProduct=0074, bcdDevice=2a.70 [ 266.569718][ T287] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.578046][ T287] usb 3-1: Product: syz [ 266.583310][ T287] usb 3-1: Manufacturer: syz [ 266.587978][ T287] usb 3-1: SerialNumber: syz [ 266.680138][ T3705] loop4: detected capacity change from 0 to 40427 [ 266.689977][ T3705] F2FS-fs (loop4): Unrecognized mount option "background_gc" or missing value [ 266.701656][ T2777] usb 1-1: new low-speed USB device number 21 using dummy_hcd [ 266.734139][ T2777] usb 1-1: device descriptor read/8, error -71 [ 266.882783][ T2777] usb 1-1: device descriptor read/8, error -71 [ 266.981652][ T450] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 267.151660][ T2777] usb 1-1: new low-speed USB device number 22 using dummy_hcd [ 267.163112][ T450] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 267.182603][ T450] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 267.199069][ T450] usb 5-1: New USB device found, idVendor=05ac, idProduct=0264, bcdDevice= 0.00 [ 267.207698][ T2777] usb 1-1: device descriptor read/8, error -71 [ 267.208775][ T450] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.449347][ T3714] random: crng reseeded on system resumption [ 267.844060][ T450] usb 5-1: config 0 descriptor?? [ 267.847756][ T2777] usb 1-1: device descriptor read/8, error -71 [ 268.078827][ T287] usb 3-1: bad CDC descriptors [ 268.084672][ T287] usb 3-1: USB disconnect, device number 15 [ 268.090707][ T3705] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 268.167863][ T3716] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 268.786518][ T450] apple 0003:05AC:0264.000C: item fetching failed at offset 5/7 [ 268.798716][ T450] apple 0003:05AC:0264.000C: parse failed [ 268.813094][ T2777] usb usb1-port1: unable to enumerate USB device [ 268.831839][ T450] apple: probe of 0003:05AC:0264.000C failed with error -22 [ 268.891484][ T3735] FAULT_INJECTION: forcing a failure. [ 268.891484][ T3735] name failslab, interval 1, probability 0, space 0, times 0 [ 268.918844][ T3735] CPU: 0 PID: 3735 Comm: syz.2.965 Not tainted 6.1.138-syzkaller-00046-gdb710ea87c32 #0 [ 268.928702][ T3735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 268.938782][ T3735] Call Trace: [ 268.942083][ T3735] [ 268.945021][ T3735] __dump_stack+0x21/0x24 [ 268.949371][ T3735] dump_stack_lvl+0xee/0x150 [ 268.953980][ T3735] ? __cfi_dump_stack_lvl+0x8/0x8 [ 268.959026][ T3735] ? stack_trace_save+0x98/0xe0 [ 268.963895][ T3735] dump_stack+0x15/0x24 [ 268.968066][ T3735] should_fail_ex+0x3d4/0x520 [ 268.972844][ T3735] ? __nf_conntrack_alloc+0xf3/0x3c0 [ 268.978151][ T3735] __should_failslab+0xac/0xf0 [ 268.982927][ T3735] should_failslab+0x9/0x20 [ 268.987451][ T3735] kmem_cache_alloc+0x3b/0x330 [ 268.992236][ T3735] ? x64_sys_call+0xad/0x9a0 [ 268.996847][ T3735] __nf_conntrack_alloc+0xf3/0x3c0 [ 269.001979][ T3735] init_conntrack+0x26a/0xb90 [ 269.006750][ T3735] ? early_drop+0x720/0x720 [ 269.011263][ T3735] ? nf_conntrack_find_get+0x250/0x250 [ 269.016736][ T3735] ? __siphash_unaligned+0x26a/0x3b0 [ 269.022044][ T3735] nf_conntrack_in+0x5ab/0xf50 [ 269.026916][ T3735] ? __cfi_nf_conntrack_in+0x10/0x10 [ 269.032223][ T3735] ? ipt_do_table+0x2ae/0x15d0 [ 269.037003][ T3735] ? __cfi_ipt_do_table+0x10/0x10 [ 269.042044][ T3735] ipv4_conntrack_local+0x12c/0x200 [ 269.048305][ T3735] ? __cfi_ipv4_conntrack_local+0x10/0x10 [ 269.054055][ T3735] nf_hook_slow+0xca/0x210 [ 269.058504][ T3735] __ip_local_out+0x3a1/0x3c0 [ 269.063203][ T3735] ? __cfi___ip_local_out+0x10/0x10 [ 269.068428][ T3735] ? __cfi_dst_output+0x10/0x10 [ 269.073305][ T3735] ip_push_pending_frames+0x8d/0x1a0 [ 269.078619][ T3735] raw_sendmsg+0xdcb/0x12e0 [ 269.083140][ T3735] ? __cfi_raw_sendmsg+0x10/0x10 [ 269.088093][ T3735] ? 0xffffffffa0000950 [ 269.092259][ T3735] ? selinux_socket_sendmsg+0x208/0x2e0 [ 269.097840][ T3735] ? inet_send_prepare+0x60/0x4d0 [ 269.102895][ T3735] inet_sendmsg+0xb6/0xd0 [ 269.107247][ T3735] sock_write_iter+0x2ca/0x3b0 [ 269.112003][ T3735] ? __cfi_sock_write_iter+0x10/0x10 [ 269.117288][ T3735] ? fsnotify_perm+0x67/0x5b0 [ 269.121959][ T3735] ? security_file_permission+0x8a/0xb0 [ 269.127501][ T3735] do_iter_write+0x650/0xb10 [ 269.132091][ T3735] ? _copy_from_user+0x8f/0xc0 [ 269.136845][ T3735] ? vfs_iter_write+0xa0/0xa0 [ 269.141517][ T3735] ? import_iovec+0x7c/0xb0 [ 269.146034][ T3735] vfs_writev+0x30b/0x590 [ 269.150353][ T3735] ? do_writev+0x2b0/0x2b0 [ 269.154759][ T3735] ? vfs_write+0x9d6/0xca0 [ 269.159176][ T3735] ? __fdget_pos+0x1f2/0x380 [ 269.163766][ T3735] ? do_writev+0x76/0x2b0 [ 269.168082][ T3735] do_writev+0x14a/0x2b0 [ 269.172310][ T3735] ? do_readv+0x3e0/0x3e0 [ 269.176625][ T3735] ? debug_smp_processor_id+0x17/0x20 [ 269.182077][ T3735] __x64_sys_writev+0x7d/0x90 [ 269.186753][ T3735] x64_sys_call+0xad/0x9a0 [ 269.191157][ T3735] do_syscall_64+0x4c/0xa0 [ 269.195564][ T3735] ? clear_bhb_loop+0x15/0x70 [ 269.200230][ T3735] ? clear_bhb_loop+0x15/0x70 [ 269.204893][ T3735] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 269.210784][ T3735] RIP: 0033:0x7fe12838e969 [ 269.215185][ T3735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 269.234781][ T3735] RSP: 002b:00007fe1292c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 269.243182][ T3735] RAX: ffffffffffffffda RBX: 00007fe1285b6080 RCX: 00007fe12838e969 [ 269.251160][ T3735] RDX: 0000000000000002 RSI: 0000200000000100 RDI: 0000000000000004 [ 269.259119][ T3735] RBP: 00007fe1292c0090 R08: 0000000000000000 R09: 0000000000000000 [ 269.267078][ T3735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 269.275038][ T3735] R13: 0000000000000000 R14: 00007fe1285b6080 R15: 00007ffc83102748 [ 269.283008][ T3735] [ 269.299620][ T450] usb 5-1: USB disconnect, device number 10 [ 270.611400][ T3753] netlink: 96 bytes leftover after parsing attributes in process `syz.1.976'. [ 271.273510][ T3756] random: crng reseeded on system resumption [ 271.302613][ T303] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 271.353028][ T3760] loop0: detected capacity change from 0 to 256 [ 271.363940][ T3760] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d) [ 271.444560][ T3759] loop2: detected capacity change from 0 to 8192 [ 271.563701][ T303] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 271.580452][ T28] audit: type=1400 audit(1748677542.202:649): avc: denied { ioctl } for pid=3761 comm="syz.1.980" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=27280 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 271.614636][ T303] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 271.624791][ T303] usb 4-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 271.634922][ T303] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.649254][ T303] usb 4-1: config 0 descriptor?? [ 272.225812][ T303] logitech-djreceiver 0003:046D:C534.000D: collection stack underflow [ 272.234694][ T303] logitech-djreceiver 0003:046D:C534.000D: item 0 4 0 12 parsing failed [ 272.243534][ T303] logitech-djreceiver 0003:046D:C534.000D: logi_dj_probe: parse failed [ 272.255970][ T303] logitech-djreceiver: probe of 0003:046D:C534.000D failed with error -22 [ 272.325879][ T3742] Bluetooth: hci0: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 272.334621][ T1997] Bluetooth: hci0: Frame reassembly failed (-84) [ 272.342072][ T287] usb 4-1: USB disconnect, device number 9 [ 273.298173][ T3781] random: crng reseeded on system resumption [ 273.823414][ T3793] netlink: 100 bytes leftover after parsing attributes in process `syz.4.989'. [ 274.710107][ T45] Bluetooth: hci0: command 0x1003 tx timeout [ 274.786750][ T3802] random: crng reseeded on system resumption [ 274.862082][ T1830] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 274.911746][ T39] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 275.198478][ T28] audit: type=1400 audit(1748677545.822:650): avc: denied { bpf } for pid=3808 comm="syz.0.995" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 275.238658][ T3810] loop0: detected capacity change from 0 to 1024 [ 275.274070][ T28] audit: type=1400 audit(1748677545.852:651): avc: denied { prog_load } for pid=3808 comm="syz.0.995" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 275.371144][ T39] usb 3-1: config 0 has no interfaces? [ 275.382406][ T39] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 275.397355][ T28] audit: type=1400 audit(1748677545.852:652): avc: denied { read write } for pid=285 comm="syz-executor" name="loop4" dev="devtmpfs" ino=122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 275.401720][ T39] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.583522][ T3792] loop1: detected capacity change from 0 to 40427 [ 275.619738][ T39] usb 3-1: Product: syz [ 275.625002][ T39] usb 3-1: Manufacturer: syz [ 275.629795][ T39] usb 3-1: SerialNumber: syz [ 275.636008][ T3792] F2FS-fs (loop1): Wrong SSA boundary, start(3584) end(4096) blocks(0) [ 275.715484][ T28] audit: type=1400 audit(1748677545.852:653): avc: denied { open } for pid=285 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 275.773359][ T39] r8152-cfgselector 3-1: config 0 descriptor?? [ 275.780085][ T3792] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 275.799911][ T3792] F2FS-fs (loop1): fault_type options not supported [ 275.813915][ T3792] F2FS-fs (loop1): Image doesn't support compression [ 275.821625][ T28] audit: type=1400 audit(1748677545.852:654): avc: denied { ioctl } for pid=285 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=122 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 275.832182][ T3792] F2FS-fs (loop1): invalid crc value [ 275.862291][ T3792] F2FS-fs (loop1): Found nat_bits in checkpoint [ 275.872582][ T28] audit: type=1400 audit(1748677545.872:655): avc: denied { map_create } for pid=3814 comm="syz.4.996" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 275.904169][ T28] audit: type=1400 audit(1748677545.872:656): avc: denied { map_read } for pid=3814 comm="syz.4.996" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 275.927695][ T28] audit: type=1400 audit(1748677545.872:657): avc: denied { perfmon } for pid=3814 comm="syz.4.996" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 275.927822][ T3792] F2FS-fs (loop1): Start checkpoint disabled! [ 275.954728][ T28] audit: type=1400 audit(1748677545.932:658): avc: denied { execmem } for pid=3816 comm="syz.4.998" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 275.988799][ T3792] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 275.995923][ T3792] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 276.009355][ T3789] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 276.030519][ T3789] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 276.190825][ T3833] loop3: detected capacity change from 0 to 512 [ 276.208060][ T3835] netlink: 'syz.0.1001': attribute type 6 has an invalid length. [ 276.221032][ T10] usb 3-1: config 0 descriptor?? [ 276.235790][ T3833] EXT4-fs: Ignoring removed mblk_io_submit option [ 276.253025][ T303] usb 3-1: USB disconnect, device number 16 [ 276.259023][ T10] usb 3-1: can't set config #0, error -71 [ 276.275571][ T3833] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.1000: invalid indirect mapped block 10 (level 1) [ 276.289786][ T3833] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.1000: invalid indirect mapped block 8 (level 1) [ 276.303663][ T3833] EXT4-fs (loop3): 1 truncate cleaned up [ 276.309331][ T3833] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 276.678040][ T283] EXT4-fs (loop3): unmounting filesystem. [ 276.693719][ T28] kauditd_printk_skb: 36 callbacks suppressed [ 276.693736][ T28] audit: type=1400 audit(1748677547.322:695): avc: denied { create } for pid=3841 comm="syz.3.1003" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 276.695766][ T3319] kworker/u4:11: attempt to access beyond end of device [ 276.695766][ T3319] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 276.821674][ T2777] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 276.910275][ T3848] random: crng reseeded on system resumption [ 277.183013][ T28] audit: type=1400 audit(1748677547.532:696): avc: denied { write } for pid=3841 comm="syz.3.1003" name="snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 277.207831][ T3846] cgroup: fork rejected by pids controller in /syz2 [ 277.222765][ T28] audit: type=1400 audit(1748677547.532:697): avc: denied { open } for pid=3841 comm="syz.3.1003" path="/dev/snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 277.235542][ T3851] serio: Serial port ptm0 [ 277.251464][ T28] audit: type=1400 audit(1748677547.852:698): avc: denied { unmount } for pid=285 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 277.314379][ T2777] usb 1-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 277.321274][ T3956] loop4: detected capacity change from 0 to 1024 [ 277.323571][ T28] audit: type=1400 audit(1748677547.942:699): avc: denied { module_request } for pid=3954 comm="syz.4.1007" kmod="netdev-syzkaller0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 277.353119][ T2777] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 277.362413][ T2777] usb 1-1: Product: syz [ 277.368383][ T3956] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 277.376920][ T2777] usb 1-1: Manufacturer: syz [ 277.387115][ T2777] usb 1-1: SerialNumber: syz [ 277.395425][ T28] audit: type=1400 audit(1748677548.022:700): avc: denied { read } for pid=3954 comm="syz.4.1007" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 277.397748][ T2777] r8152-cfgselector 1-1: config 0 descriptor?? [ 277.424857][ T28] audit: type=1400 audit(1748677548.052:701): avc: denied { map } for pid=3954 comm="syz.4.1007" path="socket:[27435]" dev="sockfs" ino=27435 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 277.450867][ T28] audit: type=1400 audit(1748677548.052:702): avc: denied { read } for pid=3954 comm="syz.4.1007" path="socket:[27435]" dev="sockfs" ino=27435 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 277.476378][ T28] audit: type=1400 audit(1748677548.052:703): avc: denied { read } for pid=3954 comm="syz.4.1007" dev="nsfs" ino=4026532554 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 277.498085][ T28] audit: type=1400 audit(1748677548.052:704): avc: denied { open } for pid=3954 comm="syz.4.1007" path="net:[4026532554]" dev="nsfs" ino=4026532554 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 277.551488][ T285] EXT4-fs (loop4): unmounting filesystem. [ 277.714331][ T2777] r8152-cfgselector 1-1: Unknown version 0x0000 [ 277.723103][ T3968] loop1: detected capacity change from 0 to 512 [ 277.730906][ T3968] EXT4-fs: Ignoring removed mblk_io_submit option [ 277.737749][ T3968] EXT4-fs: Ignoring removed bh option [ 277.744018][ T3968] EXT4-fs: Invalid want_extra_isize 15 [ 278.082993][ T2777] r8152-cfgselector 1-1: Unknown version 0x0000 [ 278.090964][ T2777] r8152-cfgselector 1-1: USB disconnect, device number 23 [ 278.111125][ T3966] bridge0: port 1(bridge_slave_0) entered blocking state [ 278.118246][ T3966] bridge0: port 1(bridge_slave_0) entered disabled state [ 278.126022][ T3966] device bridge_slave_0 entered promiscuous mode [ 278.133220][ T3966] bridge0: port 2(bridge_slave_1) entered blocking state [ 278.140401][ T3966] bridge0: port 2(bridge_slave_1) entered disabled state [ 278.150515][ T3966] device bridge_slave_1 entered promiscuous mode [ 278.406658][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 278.416363][ T2925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 278.495447][ T1997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 278.505129][ T1997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 278.522850][ T3980] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 278.526219][ T1997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 278.541353][ T1997] bridge0: port 1(bridge_slave_0) entered blocking state [ 278.548451][ T1997] bridge0: port 1(bridge_slave_0) entered forwarding state [ 278.629140][ T1997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 278.818896][ T1997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 278.840613][ T1997] bridge0: port 2(bridge_slave_1) entered blocking state [ 278.847903][ T1997] bridge0: port 2(bridge_slave_1) entered forwarding state [ 278.855586][ T1997] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 278.863902][ T1997] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 278.878517][ T3966] device veth0_vlan entered promiscuous mode [ 278.894766][ T3966] device veth1_macvtap entered promiscuous mode [ 278.976871][ T1997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 278.987382][ T1997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 278.996381][ T1997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 278.999893][ T3987] loop0: detected capacity change from 0 to 512 [ 279.005269][ T1997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 279.018582][ T1997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 279.019837][ T3987] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 279.232601][ T3987] EXT4-fs (loop0): 1 truncate cleaned up [ 279.242153][ T3987] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 279.377971][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 279.396059][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 279.405356][ T3238] tipc: Left network mode [ 279.410813][ T3987] SELinux: policydb magic number 0x6572666b does not match expected magic number 0xf97cff8c [ 279.421259][ T3987] SELinux: failed to load policy [ 279.501484][ T284] EXT4-fs (loop0): unmounting filesystem. [ 280.146202][ T1651] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 280.202819][ T3238] device bridge_slave_1 left promiscuous mode [ 280.209233][ T3238] bridge0: port 2(bridge_slave_1) entered disabled state [ 280.219817][ T3238] device bridge_slave_0 left promiscuous mode [ 280.227602][ T3238] bridge0: port 1(bridge_slave_0) entered disabled state [ 280.246152][ T3238] device veth1_macvtap left promiscuous mode [ 280.253178][ T3238] device veth0_vlan left promiscuous mode [ 280.560338][ T4021] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 280.640116][ T1651] usb 2-1: Using ep0 maxpacket: 32 [ 280.648819][ T1651] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 280.657138][ T1651] usb 2-1: config 0 has no interface number 0 [ 280.666771][ T1651] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 280.675869][ T1651] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.684389][ T1651] usb 2-1: Product: syz [ 280.688606][ T1651] usb 2-1: Manufacturer: syz [ 280.693688][ T1651] usb 2-1: SerialNumber: syz [ 281.050669][ T1651] usb 2-1: config 0 descriptor?? [ 281.068776][ T1651] smsc95xx v2.0.0 [ 282.188921][ T28] kauditd_printk_skb: 28 callbacks suppressed [ 282.188938][ T28] audit: type=1400 audit(1748677552.812:733): avc: denied { write } for pid=4039 comm="syz.4.1030" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 282.216681][ T28] audit: type=1400 audit(1748677552.812:734): avc: denied { setattr } for pid=4039 comm="syz.4.1030" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 282.239762][ T28] audit: type=1400 audit(1748677552.872:735): avc: denied { unmount } for pid=285 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 282.301995][ T303] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 282.314294][ T4042] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1031'. [ 282.327084][ T28] audit: type=1400 audit(1748677552.952:736): avc: denied { read write } for pid=4043 comm="syz.2.1032" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 282.342946][ T4042] FAULT_INJECTION: forcing a failure. [ 282.342946][ T4042] name failslab, interval 1, probability 0, space 0, times 0 [ 282.362914][ T4042] CPU: 1 PID: 4042 Comm: syz.4.1031 Not tainted 6.1.138-syzkaller-00046-gdb710ea87c32 #0 [ 282.372743][ T4042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 282.374731][ T28] audit: type=1400 audit(1748677552.962:737): avc: denied { ioctl open } for pid=4043 comm="syz.2.1032" path="/dev/kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 282.382981][ T4042] Call Trace: [ 282.382989][ T4042] [ 282.382997][ T4042] __dump_stack+0x21/0x24 [ 282.383030][ T4042] dump_stack_lvl+0xee/0x150 [ 282.407846][ T4047] fuse: Bad value for 'fd' [ 282.409860][ T4042] ? __cfi_dump_stack_lvl+0x8/0x8 [ 282.418494][ T28] audit: type=1400 audit(1748677552.962:738): avc: denied { watch } for pid=4045 comm="syz.0.1033" path="/208/file0" dev="incremental-fs" ino=1236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 282.421700][ T4042] dump_stack+0x15/0x24 [ 282.426197][ T28] audit: type=1400 audit(1748677552.962:739): avc: denied { read } for pid=4045 comm="syz.0.1033" name=".pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 282.431225][ T4042] should_fail_ex+0x3d4/0x520 [ 282.431256][ T4042] __should_failslab+0xac/0xf0 [ 282.455990][ T28] audit: type=1400 audit(1748677552.962:740): avc: denied { open } for pid=4045 comm="syz.0.1033" path="/208/file0/.pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 282.459066][ T4042] ? cls_bpf_init+0x51/0x150 [ 282.520884][ T4042] should_failslab+0x9/0x20 [ 282.525427][ T4042] __kmem_cache_alloc_node+0x3d/0x2c0 [ 282.530836][ T4042] ? tcf_proto_create+0x66/0x310 [ 282.535804][ T4042] ? cls_bpf_init+0x51/0x150 [ 282.540421][ T4042] kmalloc_trace+0x29/0xb0 [ 282.544890][ T4042] cls_bpf_init+0x51/0x150 [ 282.549323][ T4042] tcf_proto_create+0x213/0x310 [ 282.554197][ T4042] tc_new_tfilter+0xe0e/0x1900 [ 282.558987][ T4042] ? __cfi_tc_new_tfilter+0x10/0x10 [ 282.564210][ T4042] ? security_capable+0x99/0xc0 [ 282.569087][ T4042] ? ns_capable+0x8c/0xf0 [ 282.571652][ T303] usb 4-1: Using ep0 maxpacket: 32 [ 282.573428][ T4042] ? netlink_net_capable+0x125/0x160 [ 282.579708][ T303] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 282.583817][ T4042] ? __cfi_tc_new_tfilter+0x10/0x10 [ 282.583854][ T4042] rtnetlink_rcv_msg+0x973/0xcf0 [ 282.583876][ T4042] ? 0xffffffffa0002610 [ 282.595693][ T303] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 282.599893][ T4042] ? __cfi_rtnetlink_rcv_msg+0x10/0x10 [ 282.605161][ T303] usb 4-1: config 0 interface 0 has no altsetting 0 [ 282.608969][ T4042] ? __kernel_text_address+0xd/0x30 [ 282.609002][ T4042] ? unwind_get_return_address+0x4d/0x90 [ 282.630582][ T303] usb 4-1: New USB device found, idVendor=056a, idProduct=00d0, bcdDevice= 0.00 [ 282.630719][ T4042] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 282.636169][ T303] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.641545][ T4042] ? memcpy+0x56/0x70 [ 282.655898][ T303] usb 4-1: config 0 descriptor?? [ 282.656749][ T4042] ? avc_has_perm_noaudit+0x2f4/0x460 [ 282.678990][ T4042] ? __cfi_avc_has_perm_noaudit+0x10/0x10 [ 282.684814][ T4042] ? slab_post_alloc_hook+0x4f/0x2d0 [ 282.690103][ T4042] ? avc_has_perm+0x158/0x240 [ 282.694780][ T4042] ? ____sys_sendmsg+0x5a9/0x990 [ 282.699720][ T4042] ? ___sys_sendmsg+0x21c/0x290 [ 282.704578][ T4042] ? __cfi_avc_has_perm+0x10/0x10 [ 282.709616][ T4042] ? selinux_nlmsg_lookup+0x416/0x4c0 [ 282.714998][ T4042] netlink_rcv_skb+0x1f2/0x440 [ 282.719777][ T4042] ? __cfi_rtnetlink_rcv_msg+0x10/0x10 [ 282.725231][ T4042] ? __cfi_netlink_rcv_skb+0x10/0x10 [ 282.730520][ T4042] ? __netlink_lookup+0x387/0x3b0 [ 282.735551][ T4042] rtnetlink_rcv+0x1c/0x20 [ 282.739968][ T4042] netlink_unicast+0x8b1/0xa30 [ 282.744747][ T4042] netlink_sendmsg+0x8aa/0xbc0 [ 282.749514][ T4042] ? __cfi_netlink_sendmsg+0x10/0x10 [ 282.754811][ T4042] ? security_socket_sendmsg+0x93/0xb0 [ 282.760294][ T4042] ? __cfi_netlink_sendmsg+0x10/0x10 [ 282.765593][ T4042] ____sys_sendmsg+0x5a9/0x990 [ 282.770371][ T4042] ? __sys_sendmsg_sock+0x40/0x40 [ 282.775410][ T4042] ? import_iovec+0x7c/0xb0 [ 282.779931][ T4042] ___sys_sendmsg+0x21c/0x290 [ 282.784624][ T4042] ? __sys_sendmsg+0x270/0x270 [ 282.789409][ T4042] ? __kasan_check_write+0x14/0x20 [ 282.794526][ T4042] ? proc_fail_nth_write+0x17a/0x1f0 [ 282.799827][ T4042] ? vfs_write+0x9d6/0xca0 [ 282.804255][ T4042] ? __fdget+0x19c/0x220 [ 282.808677][ T4042] __x64_sys_sendmsg+0x1f0/0x2c0 [ 282.813620][ T4042] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 282.819091][ T4042] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 282.825161][ T4042] x64_sys_call+0x171/0x9a0 [ 282.829690][ T4042] do_syscall_64+0x4c/0xa0 [ 282.834111][ T4042] ? clear_bhb_loop+0x15/0x70 [ 282.838792][ T4042] ? clear_bhb_loop+0x15/0x70 [ 282.843468][ T4042] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 282.849368][ T4042] RIP: 0033:0x7f3634f8e969 [ 282.853779][ T4042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 282.873385][ T4042] RSP: 002b:00007f3635e12038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 282.881798][ T4042] RAX: ffffffffffffffda RBX: 00007f36351b5fa0 RCX: 00007f3634f8e969 [ 282.889861][ T4042] RDX: 0000000020004804 RSI: 0000200000000000 RDI: 0000000000000004 [ 282.897831][ T4042] RBP: 00007f3635e12090 R08: 0000000000000000 R09: 0000000000000000 [ 282.905806][ T4042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 282.913784][ T4042] R13: 0000000000000000 R14: 00007f36351b5fa0 R15: 00007fff1357b488 [ 282.921772][ T4042] [ 282.926613][ T940] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 282.934555][ T1651] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 282.951766][ T1651] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 283.026330][ T28] audit: type=1400 audit(1748677553.652:741): avc: denied { execute } for pid=4057 comm="syz.4.1035" path="/223/bus" dev="tmpfs" ino=1297 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 283.075734][ T4060] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 283.131279][ T303] wacom 0003:056A:00D0.000E: Unknown device_type for 'HID 056a:00d0'. Assuming pen. [ 283.141731][ T303] wacom 0003:056A:00D0.000E: hidraw0: USB HID v0.00 Device [HID 056a:00d0] on usb-dummy_hcd.3-1/input0 [ 283.154296][ T940] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 283.167064][ T303] input: Wacom Bamboo 2FG Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:00D0.000E/input/input12 [ 283.179232][ T940] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 283.188770][ T940] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 283.189479][ T28] audit: type=1400 audit(1748677553.812:742): avc: denied { read } for pid=87 comm="acpid" name="event3" dev="devtmpfs" ino=1199 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 283.204453][ T940] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 283.233278][ T940] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.241310][ T940] usb 3-1: Product: syz [ 283.245731][ T940] usb 3-1: Manufacturer: syz [ 283.250381][ T940] usb 3-1: SerialNumber: syz [ 283.262110][ T940] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 283.268949][ T940] cdc_ncm 3-1:1.0: bind() failure [ 283.347586][ T4033] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 283.363111][ T4033] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 283.371876][ T1651] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 283.382869][ T1651] smsc95xx: probe of 2-1:0.67 failed with error -71 [ 283.394341][ T1651] usb 2-1: USB disconnect, device number 16 [ 283.402844][ T303] usb 4-1: USB disconnect, device number 10 [ 283.458574][ T940] usb 3-1: USB disconnect, device number 17 [ 283.808843][ T4067] loop0: detected capacity change from 0 to 512 [ 283.815509][ T4067] ext4: Unknown parameter 'nouser_xattr' [ 284.101004][ T4088] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 284.508391][ T4090] 9pnet: Could not find request transport: ft [ 284.731728][ T4100] bridge0: port 3(gretap0) entered blocking state [ 284.745396][ T4100] bridge0: port 3(gretap0) entered disabled state [ 284.758918][ T4100] device gretap0 entered promiscuous mode [ 284.771799][ T4100] bridge0: port 3(gretap0) entered blocking state [ 284.778270][ T4100] bridge0: port 3(gretap0) entered forwarding state [ 285.005090][ T4104] loop0: detected capacity change from 0 to 40427 [ 285.012415][ T4104] F2FS-fs (loop0): fault_injection options not supported [ 285.061954][ T2769] I/O error, dev loop0, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 286.456288][ T4116] loop4: detected capacity change from 0 to 512 [ 287.630726][ T4116] EXT4-fs (loop4): 1 orphan inode deleted [ 287.632325][ T4120] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1055'. [ 287.637263][ T4116] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 287.645574][ T4120] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1055'. [ 287.645596][ T4120] tc_dump_action: action bad kind [ 287.646821][ T4120] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 287.655226][ T10] __quota_error: 16 callbacks suppressed [ 287.655244][ T10] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 287.699463][ T4116] ext4 filesystem being mounted at /230/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 287.717953][ T10] EXT4-fs error (device loop4): ext4_release_dquot:6825: comm kworker/u4:1: Failed to release dquot type 1 [ 287.829605][ T4126] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 287.902808][ T285] EXT4-fs (loop4): unmounting filesystem. [ 287.970551][ T4132] FAULT_INJECTION: forcing a failure. [ 287.970551][ T4132] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 287.983776][ T4132] CPU: 1 PID: 4132 Comm: syz.3.1057 Not tainted 6.1.138-syzkaller-00046-gdb710ea87c32 #0 [ 287.993606][ T4132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 288.003668][ T4132] Call Trace: [ 288.006950][ T4132] [ 288.009881][ T4132] __dump_stack+0x21/0x24 [ 288.014231][ T4132] dump_stack_lvl+0xee/0x150 [ 288.018834][ T4132] ? __cfi_dump_stack_lvl+0x8/0x8 [ 288.023872][ T4132] ? preempt_schedule_irq+0xbb/0x110 [ 288.029174][ T4132] ? __cfi_preempt_schedule_irq+0x10/0x10 [ 288.034908][ T4132] dump_stack+0x15/0x24 [ 288.039087][ T4132] should_fail_ex+0x3d4/0x520 [ 288.043776][ T4132] should_fail+0xb/0x10 [ 288.047941][ T4132] should_fail_usercopy+0x1a/0x20 [ 288.052984][ T4132] _copy_to_user+0x1e/0x90 [ 288.057409][ T4132] simple_read_from_buffer+0xe9/0x160 [ 288.062805][ T4132] proc_fail_nth_read+0x19a/0x210 [ 288.067849][ T4132] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 288.073408][ T4132] ? security_file_permission+0x94/0xb0 [ 288.078965][ T4132] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 288.084530][ T4132] vfs_read+0x26e/0x8c0 [ 288.088718][ T4132] ? __cfi_vfs_read+0x10/0x10 [ 288.093413][ T4132] ? __kasan_check_write+0x14/0x20 [ 288.098544][ T4132] ? mutex_lock+0x8d/0x1a0 [ 288.102982][ T4132] ? __cfi_mutex_lock+0x10/0x10 [ 288.107854][ T4132] ? __fdget_pos+0x2cd/0x380 [ 288.112460][ T4132] ? ksys_read+0x71/0x240 [ 288.116805][ T4132] ksys_read+0x140/0x240 [ 288.121065][ T4132] ? __cfi_ksys_read+0x10/0x10 [ 288.125849][ T4132] ? fpregs_restore_userregs+0x128/0x260 [ 288.131495][ T4132] __x64_sys_read+0x7b/0x90 [ 288.136021][ T4132] x64_sys_call+0x2f/0x9a0 [ 288.140460][ T4132] do_syscall_64+0x4c/0xa0 [ 288.144891][ T4132] ? clear_bhb_loop+0x15/0x70 [ 288.149580][ T4132] ? clear_bhb_loop+0x15/0x70 [ 288.154270][ T4132] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 288.160202][ T4132] RIP: 0033:0x7f0593d8d37c [ 288.164628][ T4132] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 288.184247][ T4132] RSP: 002b:00007f0594c1c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 288.192687][ T4132] RAX: ffffffffffffffda RBX: 00007f0593fb6160 RCX: 00007f0593d8d37c [ 288.200679][ T4132] RDX: 000000000000000f RSI: 00007f0594c1c0a0 RDI: 0000000000000008 [ 288.208668][ T4132] RBP: 00007f0594c1c090 R08: 0000000000000000 R09: 0000000000000000 [ 288.216670][ T4132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 288.224664][ T4132] R13: 0000000000000000 R14: 00007f0593fb6160 R15: 00007ffefa4068c8 [ 288.232660][ T4132] [ 288.366467][ T28] audit: type=1326 audit(1748677558.992:759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4144 comm="syz.2.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc70438e969 code=0x7ffc0000 [ 288.412741][ T4145] serio: Serial port ptm0 [ 288.418537][ T28] audit: type=1326 audit(1748677559.012:760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4144 comm="syz.2.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc70438e969 code=0x7ffc0000 [ 288.703227][ T28] audit: type=1326 audit(1748677559.012:761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4144 comm="syz.2.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=306 compat=0 ip=0x7fc70438e969 code=0x7ffc0000 [ 288.742533][ T28] audit: type=1326 audit(1748677559.012:762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4144 comm="syz.2.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc70438e969 code=0x7ffc0000 [ 288.773661][ T28] audit: type=1326 audit(1748677559.012:763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4144 comm="syz.2.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc70438e969 code=0x7ffc0000 [ 288.797093][ T28] audit: type=1326 audit(1748677559.022:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4144 comm="syz.2.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc70438e969 code=0x7ffc0000 [ 288.820740][ T28] audit: type=1326 audit(1748677559.022:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4144 comm="syz.2.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc70438e969 code=0x7ffc0000 [ 288.844528][ T28] audit: type=1326 audit(1748677559.022:766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4144 comm="syz.2.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc70438e969 code=0x7ffc0000 [ 288.870802][ T28] audit: type=1326 audit(1748677559.022:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4144 comm="syz.2.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc70438e969 code=0x7ffc0000 [ 288.895613][ T4156] loop2: detected capacity change from 0 to 128 [ 288.906935][ T4156] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 288.916161][ T4156] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 289.481749][ T4166] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 289.879672][ T4177] loop4: detected capacity change from 0 to 512 [ 289.891273][ T4177] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 289.923405][ T4177] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 289.932588][ T4177] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.1074: invalid indirect mapped block 2683928664 (level 1) [ 289.947669][ T4177] EXT4-fs (loop4): Remounting filesystem read-only [ 289.954430][ T4177] EXT4-fs (loop4): 1 truncate cleaned up [ 289.960124][ T4177] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 290.140676][ T3966] EXT4-fs (loop2): unmounting filesystem. [ 290.144128][ T934] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 290.246746][ T4184] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2195: inode #15: comm syz.4.1074: corrupted in-inode xattr [ 290.260403][ T4184] EXT4-fs (loop4): Remounting filesystem read-only [ 290.269738][ T4184] EXT4-fs error (device loop4): ext4_find_dest_de:2115: inode #2: block 13: comm syz.4.1074: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 290.290406][ T4184] EXT4-fs (loop4): Remounting filesystem read-only [ 290.299754][ T4184] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2195: inode #15: comm syz.4.1074: corrupted in-inode xattr [ 290.360158][ T4185] random: crng reseeded on system resumption [ 290.642649][ T4184] EXT4-fs (loop4): Remounting filesystem read-only [ 290.834194][ T285] EXT4-fs (loop4): unmounting filesystem. [ 290.889713][ T4191] loop2: detected capacity change from 0 to 128 [ 290.972674][ T934] usb 4-1: unable to get BOS descriptor or descriptor too short [ 290.989592][ T934] usb 4-1: not running at top speed; connect to a high speed hub [ 291.035378][ T4201] loop0: detected capacity change from 0 to 512 [ 291.043402][ T4201] EXT4-fs: Ignoring removed nobh option [ 291.077574][ T934] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 291.083313][ T4201] EXT4-fs error (device loop0): ext4_acquire_dquot:6789: comm syz.0.1082: Failed to acquire dquot type 0 [ 291.097297][ T934] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 291.107770][ T4201] EXT4-fs (loop0): Remounting filesystem read-only [ 291.107957][ T934] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 291.121756][ T4201] EXT4-fs error (device loop0): ext4_acquire_dquot:6789: comm syz.0.1082: Failed to acquire dquot type 0 [ 291.124205][ T934] usb 4-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 2, skipping [ 291.145907][ T934] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 291.178671][ T934] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 291.219807][ T934] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.248322][ T934] usb 4-1: Product: syz [ 291.255143][ T4201] EXT4-fs (loop0): Remounting filesystem read-only [ 291.275294][ T4208] random: crng reseeded on system resumption [ 291.431043][ T4201] EXT4-fs error (device loop0): ext4_acquire_dquot:6789: comm syz.0.1082: Failed to acquire dquot type 0 [ 291.448073][ T4206] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1079'. [ 291.466900][ T934] usb 4-1: Manufacturer: syz [ 291.476933][ T934] usb 4-1: SerialNumber: syz [ 291.497998][ T4201] EXT4-fs (loop0): Remounting filesystem read-only [ 291.525382][ T4201] EXT4-fs (loop0): 1 orphan inode deleted [ 291.531758][ T4201] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 291.539467][ T4210] loop2: detected capacity change from 0 to 2048 [ 291.545956][ T4201] ext4 filesystem being mounted at /218/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 291.547866][ T4210] EXT4-fs: Ignoring removed nomblk_io_submit option [ 291.659309][ T4210] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 291.679037][ T4210] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm syz.2.1083: bg 0: block 2: invalid block bitmap [ 291.695292][ T4210] EXT4-fs (loop2): Remounting filesystem read-only [ 291.702571][ T934] usb 4-1: 0:2 : does not exist [ 291.743029][ T934] usb 4-1: USB disconnect, device number 11 [ 291.817287][ T4210] xt_hashlimit: size too large, truncated to 1048576 [ 292.160104][ T284] EXT4-fs (loop0): unmounting filesystem. [ 292.166252][ T4217] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 292.262181][ T2769] udevd[2769]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 292.305915][ T4224] xt_hashlimit: size too large, truncated to 1048576 [ 292.319305][ T4223] loop4: detected capacity change from 0 to 1024 [ 293.689995][ T4243] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1090'. [ 293.964816][ T4245] random: crng reseeded on system resumption [ 294.761870][ T4253] loop3: detected capacity change from 0 to 512 [ 294.789235][ T3966] EXT4-fs (loop2): unmounting filesystem. [ 294.867656][ T4259] random: crng reseeded on system resumption [ 295.265350][ T4262] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 295.278766][ T4253] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 295.347774][ T4253] ext4 filesystem being mounted at /191/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 295.491670][ T940] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 295.608519][ T4271] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1098'. [ 295.682929][ T940] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 295.704989][ T940] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 295.733798][ T940] usb 1-1: config 0 interface 0 has no altsetting 0 [ 295.733835][ T940] usb 1-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00 [ 295.733861][ T940] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.744974][ T940] usb 1-1: config 0 descriptor?? [ 295.848925][ T4275] loop1: detected capacity change from 0 to 512 [ 295.877905][ T4275] EXT4-fs: Ignoring removed mblk_io_submit option [ 295.892688][ T4275] EXT4-fs: Ignoring removed bh option [ 295.898662][ T4275] EXT4-fs: Mount option(s) incompatible with ext3 [ 295.981476][ T4275] netlink: 'syz.1.1101': attribute type 27 has an invalid length. [ 296.008711][ T283] EXT4-fs (loop3): unmounting filesystem. [ 296.072631][ T4275] bridge0: port 2(bridge_slave_1) entered disabled state [ 296.079805][ T4275] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.162792][ T4275] device wg2 left promiscuous mode [ 296.323850][ T4275] device ip6gre1 left promiscuous mode [ 296.353877][ T940] usbhid 1-1:0.0: can't add hid device: -71 [ 296.359856][ T940] usbhid: probe of 1-1:0.0 failed with error -71 [ 296.380286][ T940] usb 1-1: USB disconnect, device number 24 [ 296.386735][ T4275] device vlan2 left promiscuous mode [ 296.457323][ T4275] device bridge0 left promiscuous mode [ 296.677108][ T4289] loop4: detected capacity change from 0 to 256 [ 296.683970][ T28] kauditd_printk_skb: 27 callbacks suppressed [ 296.683985][ T28] audit: type=1400 audit(1748677567.312:789): avc: denied { remount } for pid=4288 comm="syz.4.1105" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 297.045876][ T4295] loop0: detected capacity change from 0 to 512 [ 297.066268][ T4295] EXT4-fs: Ignoring removed oldalloc option [ 297.076840][ T4293] loop2: detected capacity change from 0 to 8192 [ 297.089869][ T4295] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802c02c, mo2=0002] [ 297.102969][ T4295] System zones: 1-12 [ 297.108275][ T4295] EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: comm syz.0.1108: Parent and EA inode have the same ino 15 [ 297.110960][ T4293] FAT-fs (loop2): error, clusters badly computed (2 != 1) [ 297.122309][ T4295] EXT4-fs (loop0): Remounting filesystem read-only [ 297.134636][ T4295] EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: comm syz.0.1108: Parent and EA inode have the same ino 15 [ 297.151861][ T4295] EXT4-fs (loop0): Remounting filesystem read-only [ 297.163118][ T4293] FAT-fs (loop2): Filesystem has been set read-only [ 297.175454][ T4295] EXT4-fs (loop0): 1 orphan inode deleted [ 297.185548][ T4295] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 297.193310][ T4298] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 297.299291][ T28] audit: type=1400 audit(1748677567.922:790): avc: denied { add_name } for pid=4294 comm="syz.0.1108" name=".pending_reads" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 297.321764][ T28] audit: type=1400 audit(1748677567.922:791): avc: denied { associate } for pid=4294 comm="syz.0.1108" name=".pending_reads" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 297.347122][ T28] audit: type=1400 audit(1748677567.922:792): avc: denied { append } for pid=4294 comm="syz.0.1108" name=".pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 297.371174][ T28] audit: type=1400 audit(1748677567.922:793): avc: denied { ioctl } for pid=4294 comm="syz.0.1108" path="/223/file0/file0/.pending_reads" dev="incremental-fs" ino=2 ioctlcmd=0x671e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 297.398289][ T28] audit: type=1400 audit(1748677567.922:794): avc: denied { write } for pid=4294 comm="syz.0.1108" name=".index" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 297.592844][ T4309] random: crng reseeded on system resumption [ 297.870649][ T28] audit: type=1400 audit(1748677567.922:795): avc: denied { add_name } for pid=4294 comm="syz.0.1108" name="00000000000000000000000000000000" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 297.893505][ T28] audit: type=1400 audit(1748677567.922:796): avc: denied { setattr } for pid=4294 comm="syz.0.1108" name="00000000000000000000000000000000" dev="loop0" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 297.917913][ T28] audit: type=1400 audit(1748677567.922:797): avc: denied { link } for pid=4294 comm="syz.0.1108" name="00000000000000000000000000000000" dev="loop0" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 297.942257][ T28] audit: type=1400 audit(1748677567.922:798): avc: denied { write } for pid=4294 comm="syz.0.1108" name="00000000000000000000000000000000" dev="incremental-fs" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 298.011719][ T1259] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 298.117392][ T4320] netlink: 'syz.1.1114': attribute type 12 has an invalid length. [ 298.212740][ T1259] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 298.224050][ T1259] usb 1-1: config 0 has no interface number 0 [ 298.237523][ T4327] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1116'. [ 298.246791][ T1259] usb 1-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=7d.08 [ 298.266623][ T1259] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 298.288948][ T1259] usb 1-1: Product: syz [ 298.301621][ T1259] usb 1-1: Manufacturer: syz [ 298.306238][ T1259] usb 1-1: SerialNumber: syz [ 298.321747][ T1259] usb 1-1: config 0 descriptor?? [ 298.327702][ T1259] usb-storage 1-1:0.8: USB Mass Storage device detected [ 298.354597][ T1259] usb-storage 1-1:0.8: device ignored [ 298.545119][ T287] usb 1-1: USB disconnect, device number 25 [ 298.636031][ T4332] FAULT_INJECTION: forcing a failure. [ 298.636031][ T4332] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 298.649169][ T4332] CPU: 0 PID: 4332 Comm: syz.1.1120 Not tainted 6.1.138-syzkaller-00046-gdb710ea87c32 #0 [ 298.658988][ T4332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 298.669035][ T4332] Call Trace: [ 298.672307][ T4332] [ 298.675235][ T4332] __dump_stack+0x21/0x24 [ 298.679577][ T4332] dump_stack_lvl+0xee/0x150 [ 298.684184][ T4332] ? __cfi_dump_stack_lvl+0x8/0x8 [ 298.689207][ T4332] ? __kmalloc_node+0xb2/0x1e0 [ 298.693980][ T4332] dump_stack+0x15/0x24 [ 298.698150][ T4332] should_fail_ex+0x3d4/0x520 [ 298.702837][ T4332] should_fail+0xb/0x10 [ 298.707266][ T4332] should_fail_usercopy+0x1a/0x20 [ 298.712312][ T4332] _copy_from_user+0x1e/0xc0 [ 298.716925][ T4332] map_update_elem+0x440/0x660 [ 298.721719][ T4332] __sys_bpf+0x448/0x780 [ 298.723887][ T4334] netlink: 'syz.3.1121': attribute type 3 has an invalid length. [ 298.725994][ T4332] ? bpf_link_show_fdinfo+0x320/0x320 [ 298.726037][ T4332] ? __cfi_ksys_write+0x10/0x10 [ 298.743941][ T4332] ? debug_smp_processor_id+0x17/0x20 [ 298.749317][ T4332] __x64_sys_bpf+0x7c/0x90 [ 298.753739][ T4332] x64_sys_call+0x488/0x9a0 [ 298.758241][ T4332] do_syscall_64+0x4c/0xa0 [ 298.762657][ T4332] ? clear_bhb_loop+0x15/0x70 [ 298.767325][ T4332] ? clear_bhb_loop+0x15/0x70 [ 298.771995][ T4332] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 298.777964][ T4332] RIP: 0033:0x7f117398e969 [ 298.782388][ T4332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 298.802028][ T4332] RSP: 002b:00007f1174714038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 298.810453][ T4332] RAX: ffffffffffffffda RBX: 00007f1173bb5fa0 RCX: 00007f117398e969 [ 298.818443][ T4332] RDX: 0000000000000020 RSI: 0000200000000940 RDI: 0000000000000002 [ 298.826407][ T4332] RBP: 00007f1174714090 R08: 0000000000000000 R09: 0000000000000000 [ 298.834422][ T4332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 298.842420][ T4332] R13: 0000000000000000 R14: 00007f1173bb5fa0 R15: 00007fff7b92d858 [ 298.850401][ T4332] [ 298.884178][ T4338] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 298.984514][ T4345] overlayfs: unrecognized mount option "mask=^MAY_WRITE" or missing value [ 299.020224][ T4343] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1126'. [ 299.498434][ T4355] FAULT_INJECTION: forcing a failure. [ 299.498434][ T4355] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 299.511714][ T4355] CPU: 0 PID: 4355 Comm: syz.3.1128 Not tainted 6.1.138-syzkaller-00046-gdb710ea87c32 #0 [ 299.521529][ T4355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 299.531599][ T4355] Call Trace: [ 299.534897][ T4355] [ 299.537831][ T4355] __dump_stack+0x21/0x24 [ 299.542182][ T4355] dump_stack_lvl+0xee/0x150 [ 299.546785][ T4355] ? __cfi_dump_stack_lvl+0x8/0x8 [ 299.551824][ T4355] ? kasan_set_track+0x60/0x70 [ 299.556598][ T4355] ? kasan_save_alloc_info+0x25/0x30 [ 299.561898][ T4355] ? __kasan_slab_alloc+0x72/0x80 [ 299.566936][ T4355] ? slab_post_alloc_hook+0x4f/0x2d0 [ 299.572233][ T4355] dump_stack+0x15/0x24 [ 299.576404][ T4355] should_fail_ex+0x3d4/0x520 [ 299.581094][ T4355] should_fail_alloc_page+0x61/0x90 [ 299.586304][ T4355] prepare_alloc_pages+0x148/0x5f0 [ 299.591436][ T4355] ? __alloc_pages_bulk+0x9c0/0x9c0 [ 299.596648][ T4355] __alloc_pages+0x115/0x3a0 [ 299.601250][ T4355] ? __cfi___alloc_pages+0x10/0x10 [ 299.606381][ T4355] ? __kasan_check_write+0x14/0x20 [ 299.611514][ T4355] ? lockref_get+0x123/0x1b0 [ 299.616109][ T4355] ? __kasan_check_write+0x14/0x20 [ 299.621233][ T4355] __get_free_pages+0xe/0x30 [ 299.625835][ T4355] selinux_genfs_get_sid+0x59/0x250 [ 299.631048][ T4355] inode_doinit_with_dentry+0x86e/0xd70 [ 299.636607][ T4355] ? ktime_get_coarse_real_ts64+0x11b/0x130 [ 299.642509][ T4355] ? sb_finish_set_opts+0x9d0/0x9d0 [ 299.647719][ T4355] ? __cfi_current_time+0x10/0x10 [ 299.652755][ T4355] selinux_d_instantiate+0x27/0x40 [ 299.657879][ T4355] security_d_instantiate+0xb3/0x110 [ 299.663182][ T4355] d_splice_alias+0x6d/0x390 [ 299.667784][ T4355] proc_sys_lookup+0x517/0x610 [ 299.672566][ T4355] __lookup_slow+0x2c7/0x3f0 [ 299.677174][ T4355] ? lookup_one_len+0x2d0/0x2d0 [ 299.682063][ T4355] ? down_read+0xa0/0xf0 [ 299.686339][ T4355] ? __cfi_down_read+0x10/0x10 [ 299.691201][ T4355] lookup_slow+0x57/0x70 [ 299.695475][ T4355] link_path_walk+0x936/0xe50 [ 299.700175][ T4355] ? handle_lookup_down+0x130/0x130 [ 299.705393][ T4355] path_openat+0x285/0x2f50 [ 299.709906][ T4355] ? kasan_set_track+0x4b/0x70 [ 299.714677][ T4355] ? getname_flags+0xb9/0x500 [ 299.719372][ T4355] ? getname+0x19/0x20 [ 299.723453][ T4355] ? do_sys_openat2+0xcb/0x7e0 [ 299.728227][ T4355] ? x64_sys_call+0x783/0x9a0 [ 299.732918][ T4355] ? do_syscall_64+0x4c/0xa0 [ 299.737532][ T4355] ? do_filp_open+0x3c0/0x3c0 [ 299.742221][ T4355] do_filp_open+0x1c1/0x3c0 [ 299.746735][ T4355] ? __cfi_do_filp_open+0x10/0x10 [ 299.751769][ T4355] ? alloc_fd+0x4e6/0x590 [ 299.756116][ T4355] do_sys_openat2+0x185/0x7e0 [ 299.760805][ T4355] ? __kasan_check_write+0x14/0x20 [ 299.765928][ T4355] ? do_sys_open+0xe0/0xe0 [ 299.770351][ T4355] ? ksys_write+0x1eb/0x240 [ 299.774871][ T4355] ? __cfi_ksys_write+0x10/0x10 [ 299.779739][ T4355] __x64_sys_openat+0x136/0x160 [ 299.784620][ T4355] x64_sys_call+0x783/0x9a0 [ 299.789139][ T4355] do_syscall_64+0x4c/0xa0 [ 299.793574][ T4355] ? clear_bhb_loop+0x15/0x70 [ 299.798263][ T4355] ? clear_bhb_loop+0x15/0x70 [ 299.802964][ T4355] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 299.808881][ T4355] RIP: 0033:0x7f0593d8e969 [ 299.813306][ T4355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 299.832930][ T4355] RSP: 002b:00007f0594c1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 299.841367][ T4355] RAX: ffffffffffffffda RBX: 00007f0593fb6160 RCX: 00007f0593d8e969 [ 299.849357][ T4355] RDX: 0000000000000001 RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 299.857346][ T4355] RBP: 00007f0594c1c090 R08: 0000000000000000 R09: 0000000000000000 [ 299.865330][ T4355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 299.873320][ T4355] R13: 0000000000000000 R14: 00007f0593fb6160 R15: 00007ffefa4068c8 [ 299.881316][ T4355] [ 299.886672][ T4353] random: crng reseeded on system resumption [ 300.523254][ T284] EXT4-fs error (device loop0): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 300.580528][ T284] EXT4-fs (loop0): Remounting filesystem read-only [ 300.628944][ T4363] random: crng reseeded on system resumption [ 300.664038][ T4367] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 300.711486][ T284] ------------[ cut here ]------------ [ 300.717142][ T284] kernel BUG at fs/namei.c:2954! [ 300.725517][ T284] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 300.731617][ T284] CPU: 1 PID: 284 Comm: syz-executor Not tainted 6.1.138-syzkaller-00046-gdb710ea87c32 #0 [ 300.741521][ T284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 300.752028][ T284] RIP: 0010:may_delete+0x701/0x710 [ 300.757154][ T284] Code: ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 84 fe ff ff 48 89 df e8 30 19 f4 ff e9 77 fe ff ff e8 c6 c0 af ff 0f 0b e8 bf c0 af ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 55 48 89 e5 41 56 53 [ 300.776758][ T284] RSP: 0018:ffffc90000d87c20 EFLAGS: 00010293 [ 300.782826][ T284] RAX: ffffffff81c03051 RBX: ffff8881005f4660 RCX: ffff888109810000 [ 300.790796][ T284] RDX: 0000000000000000 RSI: 0000000000200000 RDI: 0000000000000000 [ 300.798759][ T284] RBP: ffffc90000d87c88 R08: 0000000000000004 R09: 0000000000000003 [ 300.806731][ T284] R10: fffff520001b0f64 R11: 1ffff920001b0f64 R12: dffffc0000000000 [ 300.814783][ T284] R13: 0000000000000001 R14: ffff88813314b8b0 R15: 1ffff110200be8cc [ 300.822753][ T284] FS: 000055559139f500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 300.831937][ T284] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 300.838522][ T284] CR2: 00007fff13579f68 CR3: 000000012fb82000 CR4: 00000000003506a0 [ 300.846688][ T284] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 300.854747][ T284] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 300.862761][ T284] Call Trace: [ 300.866043][ T284] [ 300.868979][ T284] vfs_rmdir+0x32/0x500 [ 300.873165][ T284] incfs_kill_sb+0x105/0x220 [ 300.877758][ T284] deactivate_locked_super+0xb5/0x120 [ 300.883129][ T284] deactivate_super+0xaf/0xe0 [ 300.887812][ T284] cleanup_mnt+0x45f/0x4e0 [ 300.892247][ T284] __cleanup_mnt+0x19/0x20 [ 300.896682][ T284] task_work_run+0x1db/0x240 [ 300.901285][ T284] ? __cfi_task_work_run+0x10/0x10 [ 300.906542][ T284] ? __x64_sys_umount+0x125/0x160 [ 300.911745][ T284] ? __cfi___x64_sys_umount+0x10/0x10 [ 300.917123][ T284] exit_to_user_mode_loop+0x9b/0xb0 [ 300.922402][ T284] exit_to_user_mode_prepare+0x5a/0xa0 [ 300.927856][ T284] syscall_exit_to_user_mode+0x1a/0x30 [ 300.933312][ T284] do_syscall_64+0x58/0xa0 [ 300.937731][ T284] ? clear_bhb_loop+0x15/0x70 [ 300.942403][ T284] ? clear_bhb_loop+0x15/0x70 [ 300.947082][ T284] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 300.952980][ T284] RIP: 0033:0x7faebeb8fc97 [ 300.957388][ T284] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 300.976987][ T284] RSP: 002b:00007fff30028538 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 300.985394][ T284] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007faebeb8fc97 [ 300.993366][ T284] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff300285f0 [ 301.001350][ T284] RBP: 00007fff300285f0 R08: 0000000000000000 R09: 0000000000000000 [ 301.009324][ T284] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff300296e0 [ 301.017297][ T284] R13: 00007faebec1089d R14: 00000000000495b0 R15: 00007fff3002a7b0 [ 301.025282][ T284] [ 301.028315][ T284] Modules linked in: [ 301.038463][ T284] ---[ end trace 0000000000000000 ]--- [ 301.057548][ T284] RIP: 0010:may_delete+0x701/0x710 [ 301.068018][ T284] Code: ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 84 fe ff ff 48 89 df e8 30 19 f4 ff e9 77 fe ff ff e8 c6 c0 af ff 0f 0b e8 bf c0 af ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 55 48 89 e5 41 56 53 [ 301.110920][ T284] RSP: 0018:ffffc90000d87c20 EFLAGS: 00010293 [ 301.123261][ T284] RAX: ffffffff81c03051 RBX: ffff8881005f4660 RCX: ffff888109810000 [ 301.137346][ T284] RDX: 0000000000000000 RSI: 0000000000200000 RDI: 0000000000000000 [ 301.146741][ T284] RBP: ffffc90000d87c88 R08: 0000000000000004 R09: 0000000000000003 [ 301.154933][ T284] R10: fffff520001b0f64 R11: 1ffff920001b0f64 R12: dffffc0000000000 [ 301.163471][ T284] R13: 0000000000000001 R14: ffff88813314b8b0 R15: 1ffff110200be8cc [ 301.171540][ T284] FS: 000055559139f500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 301.180898][ T284] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 301.187820][ T284] CR2: 00007fff13579f68 CR3: 000000012fb82000 CR4: 00000000003506b0 [ 301.196064][ T284] Kernel panic - not syncing: Fatal exception [ 301.202421][ T284] Kernel Offset: disabled [ 301.206739][ T284] Rebooting in 86400 seconds..