last executing test programs: 3.890976825s ago: executing program 1: syz_usb_connect$hid(0x0, 0x36, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0xffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x4, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000079000000090000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000380)={&(0x7f0000000000)='W2', &(0x7f0000000300)=""/65, &(0x7f0000000200)="090da27aca56d4ae6566d50435922400e03d7abd6a163572df8b3126814dc13d32097e7f8d7c09aee2e470b8ec39687353ba592f2799c020623173db4e0710", &(0x7f0000000280), 0x4, r0}, 0x38) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r3}, 0x10) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="ec000000210001000000000000000000fc010000000000000000000000000000ff02000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000eeff0000009c00110000000000000000000000000000000001ffffffff000000000000000000000000fc0200000000000000000000000000000a0101000000000000000000000000006c0000000000000000000a0000000000000000000000000000000001ffffffff"], 0xec}}, 0x0) 3.303385365s ago: executing program 3: bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000300)='qdisc_dequeue\x00'}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x20, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f00000006c0)=""/88, 0x58}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYRESOCT=r0], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) waitid(0x0, 0x0, 0x0, 0x0, 0x0) 3.293549017s ago: executing program 3: r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x0) 3.281952128s ago: executing program 3: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) mount(0x0, 0x0, &(0x7f0000000000)='configfs\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001480)=@base={0x12, 0x22, 0x4, 0x6}, 0x48) r2 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000), &(0x7f0000000100)=@udp=r2}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f00000011c0)={r1, &(0x7f00000002c0), &(0x7f0000000000)=@udp}, 0x20) syz_usb_control_io$hid(r0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) syz_usb_control_io(r0, 0x0, 0x0) 2.440280046s ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400}) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) 2.42238422s ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000640)='./file0\x00', 0x30148d0, &(0x7f0000000000)={[{@discard}, {@barrier_val={'barrier', 0x3d, 0x1000}}, {@grpjquota}, {@norecovery}, {@noauto_da_alloc}]}, 0x3, 0x4d0, &(0x7f0000000680)="$eJzs3d9rW9cdAPDvle3ESZzZ2faQBZaFLcMJWyQ7XhKzh8yDsT0FlmXvnmfLxli2jCUnsQnDYX9AofQX7VOf+lLoH1Ao+RNKIdC+l1JaQpukD31oqyL5qjGubMuNLSXW5wPH99wf8vd7JHSkc89FN4COdSYixiKiKyLOR0R/uj2TllhbL9XjHj28M1ktSVQqN75IIkm31f9Xki6PpQ/rjYh//SPiv8mP45ZWVucmCoX8UrqeK88v5korqxdm5ydm8jP5hbGR4cujV0YvjQ7tWVuv/u3TV1546+9X3/vjrY/HPz/3v2pafem+je1oxlqTx603vaf2XNR1R8TSboI9w7rS9vS0OxEAAJpS/Y7/84j4bUQ8fr3d2QAAAAD7ofKXvvgmiagAAAAAB1amdg1sksmm1wL0RSaTza5fw/vLOJopFEvlP0wXlxem1q+VHYiezPRsIT+UXis8ED1JdX24Vn+yfnHT+khEnIiIl/qP1Nazk8XCVLtPfgAAAECHOLZp/P9V//r4HwAAADhgBtqdAAAAALDvjP8BAADg4Nty/J90tzYRAAAAYD/889q1aqnU7389dXNlea5488JUvjSXnV+ezE4WlxazM8XiTO03++Z3+n+FYnHxT7GwfDtXzpfKudLK6vh8cXmhPF67r/d43n2iAQAAoPVO/ObeR0lErP35SK1UHUr3NTFWH9vf7ID9lNnd4cl+5QG0Xle7EwDaxgW+0LnMxwM7DOxf3rS+y9MGAADAs2DwV081/28+EJ5jBvLQucz/Q+cy/w+dy/w/dLjDOx/Su9WO9/c4FwAAYN/01UqSyaZzgX2RyWSzEcdrtwXoSaZnC/mhiPhZRHzY33O4uj7c7qQBAAAAAAAAAAAAAAAAAAAAAAAA4DlTqSRRAQAAAA60iMxnSXoj/8H+s32bzw8cSr7ury27Im69cePV2xPl8tJwdfuX69sjovxauv1iO85gAAAAAJvVx+n1cTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7KVHD+9M1ksr4z74a0QMNIrfHb21ZW/0RMTRx0l0b3hcEhFdexB/7W5EnGwUP6mmFQNpFpvjZyLiSJvjH9uD+NDJ7lX7n7FG779MnKktG7//utPytB6c2ar/y/zQ/3Vt0f8dbzLGqfvv5LaMfzfiVHfj/qceP3nK/vc//15d3Wpf5c2IwYafP0mla0OsXHl+MVdaWb0wOz8xk5/JL4yMDF8evTJ6aXQoNz1byKd/G8Z48dfvfrdd+482jl/rf7dr/9km2//t/dsPf7FN/HO/a/z6n9wmfvW5+X36OVDdP1ivr63XNzr99gent2v/1Bbt3+n1P9dk+89f//8nTR4KALRAaWV1bqJQyC+1onI4IloVS2XvKtUvgs9AGio/oXI9faPv+uFt7pgAAIA99+RLf7szAQAAAAAAAAAAAAAAAAAAgM7Vih8h2xivt31NBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADY1vcBAAD//4/p0B8=") bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) rename(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file1\x00') ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'team0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000240)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRESDEC=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32=r3, @ANYRESHEX=r1, @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000180)='sys_enter\x00', r4}, 0x10) r5 = socket(0x1e, 0x1, 0x0) connect$tipc(r5, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) sendmmsg$unix(r5, &(0x7f0000004400), 0x400000000000203, 0x0) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCOUTQ(r6, 0x4b4b, &(0x7f0000000100)) removexattr(0x0, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xc, 0x4, &(0x7f0000000480)=ANY=[@ANYRESDEC=r0], 0x0, 0x10000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, r7, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = io_uring_setup(0x6d2e, &(0x7f0000000000)={0x0, 0x0, 0x8c0}) io_uring_register$IORING_REGISTER_RESTRICTIONS(r8, 0xb, &(0x7f0000000080)=[@ioring_restriction_register_op={0x0, 0x6}], 0x1) io_uring_register$IORING_REGISTER_ENABLE_RINGS(r8, 0xc, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(r8, 0x6, 0x0, 0x0) 2.346228221s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=@framed={{}, [@printk={@x}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) write$binfmt_script(r2, &(0x7f0000000140), 0xb) readv(r3, 0x0, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10) symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 2.293705349s ago: executing program 2: r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x10) getdents64(0xffffffffffffffff, 0x0, 0x0) 2.262001474s ago: executing program 2: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) mount(0x0, 0x0, &(0x7f0000000000)='configfs\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001480)=@base={0x12, 0x22, 0x4, 0x6}, 0x48) r2 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000), &(0x7f0000000100)=@udp=r2}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f00000011c0)={r1, &(0x7f00000002c0), &(0x7f0000000000)=@udp}, 0x20) syz_usb_control_io$hid(r0, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) syz_usb_control_io(r0, 0x0, 0x0) 2.256723335s ago: executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000001280)=@base={0x2, 0x4, 0x2, 0xc}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100000000a0000000000000000000850000006d00000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0) 2.22482592s ago: executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f00000005c0)='ext4_es_remove_extent\x00', r0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.stat\x00', 0x275a, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e7d, 0x2d5a, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0xc}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x90) socket$igmp(0x2, 0x3, 0x2) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f0000000580)={0x2c, &(0x7f0000000300)={0x0, 0x0, 0x5, {0x5, 0x0, "ff4e4a"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 2.210602222s ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000201000085000000430000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000200), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400}) futex(&(0x7f0000004000), 0x5, 0x0, 0x0, &(0x7f0000004000), 0x82020000) 2.179573187s ago: executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) mount(0x0, 0x0, &(0x7f0000000000)='configfs\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001480)=@base={0x12, 0x22, 0x4, 0x6}, 0x48) r2 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000), &(0x7f0000000100)=@udp=r2}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f00000011c0)={r1, &(0x7f00000002c0), &(0x7f0000000000)=@udp}, 0x20) syz_usb_control_io$hid(r0, 0x0, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10) r6 = syz_io_uring_setup(0xd8, &(0x7f0000000000)={0x0, 0x0, 0x40}, &(0x7f0000000080), &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_RESTRICTIONS(r6, 0xb, &(0x7f0000000100), 0x0) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newsa={0x154, 0x10, 0x633, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@empty, 0x4d5, 0x32}, @in=@multicast1, {}, {0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0xa, 0x1, 0x0, 0x4}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x4, {0x2, 0x0, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}]}, 0x154}}, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x7, 0x10000, 0x9}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="18000107000000000000000000008ee700006935b814000000", @ANYRES32, @ANYRES8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f5a}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r7}, &(0x7f0000000940), &(0x7f0000000980)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10) syz_usb_control_io(r0, 0x0, 0x0) r8 = syz_io_uring_setup(0xb1b, &(0x7f00000012c0)={0x0, 0x0, 0x40}, &(0x7f0000001340), &(0x7f0000001380)) io_uring_register$IORING_REGISTER_RESTRICTIONS(r8, 0xb, &(0x7f00000013c0)=[@ioring_restriction_sqe_op, @ioring_restriction_sqe_flags_required, @ioring_restriction_sqe_flags_allowed, @ioring_restriction_register_op, @ioring_restriction_sqe_op], 0x5) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="18", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$nl_route(0x10, 0x3, 0x0) socket(0x25, 0x803, 0x0) 1.529348976s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000008018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003010000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000070000000850000005000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10) getdents64(0xffffffffffffffff, 0x0, 0x300) 1.484728883s ago: executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x19, 0x4, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x51}]}, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) 1.440348039s ago: executing program 3: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) mount(0x0, 0x0, &(0x7f0000000000)='configfs\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001480)=@base={0x12, 0x22, 0x4, 0x6}, 0x48) r2 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000), &(0x7f0000000100)=@udp=r2}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f00000011c0)={r1, &(0x7f00000002c0), &(0x7f0000000000)=@udp}, 0x20) syz_usb_control_io$hid(r0, 0x0, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, &(0x7f0000000100), 0x0) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newsa={0x154, 0x10, 0x633, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@empty, 0x4d5, 0x32}, @in=@multicast1, {}, {0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0xa, 0x1, 0x0, 0x4}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x4, {0x2, 0x0, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}]}, 0x154}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x7, 0x10000, 0x9}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="18000107000000000000000000008ee700006935b814000000", @ANYRES32, @ANYRES8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f5a}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10) 832.517312ms ago: executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000000040)='./file1\x00', 0x1000, 0x1) r1 = open(0x0, 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') linkat(r0, &(0x7f0000000100)='./file1\x00', r1, &(0x7f0000000240)='./file0\x00', 0x0) r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) mkdirat(r2, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0) r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r4 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) renameat2(r3, &(0x7f0000000000)='./file0\x00', r4, &(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x2) 798.346128ms ago: executing program 4: bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000300)='qdisc_dequeue\x00'}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x20, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f00000006c0)=""/88, 0x58}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYRESOCT=r0], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) waitid(0x0, 0x0, 0x0, 0x0, 0x0) 580.874691ms ago: executing program 2: r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x10) getdents64(0xffffffffffffffff, 0x0, 0x0) 556.641234ms ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=@framed={{}, [@printk={@x}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) write$binfmt_script(r2, &(0x7f0000000140), 0xb) readv(r3, 0x0, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r4, &(0x7f00000000c0)='./file0\x00') 539.921977ms ago: executing program 4: bpf$MAP_CREATE(0x0, &(0x7f0000001280)=@base={0x2, 0x4, 0x2, 0xc}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100000000a0000000000000000000850000006d00000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0) 530.881508ms ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000201000085000000430000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000200), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400}) futex(&(0x7f0000004000), 0x5, 0x0, 0x0, &(0x7f0000004000), 0x82020000) 518.059821ms ago: executing program 4: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000004000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000fbb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10) timer_create(0x0, 0x0, &(0x7f0000000600)) timer_delete(0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESDEC, @ANYBLOB="0000000000000000b7080000000006007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001", @ANYRESHEX, @ANYRESDEC=r2], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x6, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000001000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r5 = inotify_init1(0x0) fcntl$setown(r5, 0x8, 0xffffffffffffffff) fcntl$getownex(r5, 0x10, &(0x7f0000000000)={0x0, 0x0}) fcntl$setown(r4, 0x8, r6) socket$igmp(0x2, 0x3, 0x2) r7 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$TIOCSBRK(r7, 0x5427) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) close(r8) 501.971783ms ago: executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f00000005c0)='ext4_es_remove_extent\x00', r0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.stat\x00', 0x275a, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e7d, 0x2d5a, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0xc}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) syz_read_part_table(0x5d0, &(0x7f0000000000)="$eJzs3LGrHFUUB+DfzO7MvIWExcbSLKSxS2vzMCDJI10ae1sbETtB2V0UBUEbLbSwsE2Tf0DbECytghBiIWgnYmGjuTIzO7urNsLykMD38d7MuXfvPecM3C1nw7OtLGdnY7AuZQjq/r+upgXLP7MYgtnfNzZJXr136/ad1d2q3c1VqZJfNmOOJPP+0iYvjFFvtbt/Pc/H9y4+/OSzd9pssnmyTvJlsklKN7WWofIX7aHod/tCOaTk//PiP8bDsTmbRi/vBzemA9RfNknXR+0HJ9e/f/5g21dJGQ/sok119PHN8TY1VGd9fYya/Po0Tb2aWj7ueNMH26PJLnUppUn+2H1DunaXs5l294fx4Q/rbNtmGD/6Zto8ZMvjRfLm48z3xeqTHx0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEtQBh+9tBs+99Vwm3+epNsvmg9/eaWdJ+XhuGtRSsnm5Pr3zx8s33v/rTpvn7/+6I13f7z4+ey3JLPcuLhSukMLr6Vrc9xQ/XSWPL84tX7pVmORJsm1/fQq23x7/ftr9SxtWR6WN9W4crBNdWp5AAAAAAAAAAAAAAAAAAAAGNy6fWd1t15ML/vX03zJ2b8Xl99LKTf7pdX8MLtI2jwZ3oX/KaXaJ0g75Lua6WcCpoylXB3CT69c2mPxH/0VAAD//6+qXCI=") 470.342638ms ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000201000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x19, 0x4, &(0x7f00000003c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x51}]}, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) 439.609892ms ago: executing program 4: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1807000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0xa, 0x4, 0x8, 0x48}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000940)={{r0}, &(0x7f00000008c0), &(0x7f0000000900)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) fcntl$lock(r3, 0x26, &(0x7f0000000000)) creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r4 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r4, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001c40)=ANY=[@ANYBLOB="4800000010000104000000000000004ede33f57a099ae50000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010065727370616e00000c00028008000700000000000a000100aaaaaaaaaaaa0000"], 0x48}}, 0x0) r6 = open(&(0x7f00000001c0)='.\x00', 0x0, 0x0) mkdirat(r6, &(0x7f00000003c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000080)='./bus\x00', 0x200800, &(0x7f0000000500)=ANY=[@ANYBLOB='dmask=00000000000000000000004,iocharset=cp737,allow_utime=00000000000000000000006,dmask=00000000000000000000011,uid=', @ANYRESHEX=0x0, @ANYBLOB=',errors=remount-ro,allow_utime=00000000000000000000001,discard,discard,dmask=00000000000000000000002,smackfsfloor=iocharset,fowner>', @ANYRESDEC=0xee00, @ANYBLOB="01105b4e3678684895c48ddc295ff5b35ee2aea6f6d5aec39a4f7a46712f29977aca5268721559904b5123461e0d81b1d48d3ea4ca8b410a4b00e4b1b83018d0672589e8ff8145c2647a7097259c8fc053ce83f29a9941921a0e87ea41a9d39ce160792e9b2c1a"], 0x2, 0x1518, &(0x7f0000002280)="$eJzs3AuYjVX7MPD7Xms9Y0jaTXIY1lr3wyaHZZIkhyQ5JEmSJDklJE3ySl4khpCkIQnJYUgOQ0gOE5PG+Xw+JknSJElITsn6rgmft7f63n/f2//1v/5z/67rufa693rWetba97Nnr+fZM/Nt16G1mtSu3oiI4N+CFx+SACAWAAYCwHUAEABA+bjycVn1OSUm/XsHYX+th1Ov9gjY1cT5z944/9kb5z974/xnb5z/7I3zn71x/rM3zj9j2dnm6QWv5y37bnz/Pzvjz///RTLLjP1ybZkbu/2JJpz/7I3z/79W8F/ZifOfvXH+szfOf/bG+c8OcvxhDec/u7p4TnD+GcvOrvb9Z96u7na1zz/GGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY9nDGX+FAoDL5as9LsYYY4wxxhhjjP11fI6rPQLGGGOMMcYYY4z990MQIEFBADGQA2IhJ+QCAQDXQh64DiJwPcTBDZAXboR8kB8KQEGIh0JQGDQYsEAQQhEoClEoBsXhJigBJaEUlAYHZSABboaycAuUg1uhPNwGFeB2qAiVoDJUgTugKtwJ1eAuqA53Qw2oCbWgNtwDdeBeqAv3QT24H+rDA9AAHoSG8BA0goehMTwCTeBRaAqPQTNoDi2gJbT6/2r/AvSEF6EX9IYk6AN94SXoB/3/7ysyCF6FwfAaJMMQGAqvwzB4A4bDmzACRsIoeAtGw9swBsbCOBgPKTABJsI7MAnehckwBabCNEiF6TAD3oOZMAtmw/swBz6AuTAP5sMCSIMPYSEsgnT4CBbDx5ABS2ApLIPlsAJWwipYDWtgLayD9bABNsIm2AxbYCtsg+2wA3bCLtgNn8Ae+BT2wmewDz7/k+1P/1P7bggIKFCgQoUxGIOxGIu5MBfmxtyYB/NgBCMYh3GYF/NiPsyHBbAAxmM8FsbCaNAgIWERLIJRjGJxLI4lsASWwlLo0GECJmBZvAXLYTksj+WxAlbAilgJK2EVrIJVsSpWw2pYHatjDayBtbAW3oP3YB+si3WxHtbD+lj/8u0pbISNsDE2xibYBJtiU2yGzbAFtsBW2ApbY2tsg22wHbbD9tgeO2AHTMRE7IgdsRN2ws7YGbtgF+yKXbEbdsfu+EIOwBfxReyNNUQf7It9sR8m5xiAL+PL+AoOwlfxVXwNk3EIDsXX8XV8A4fjKRyBI3EUjsKqvjcAjkUS4zEFU3AiTsRJOAkn4xScgtMwFafjDJyBM3EWzsL3cQ5+gB/gPJyHCzAN03AhLsJ0TMfFeBozcAkuxWW4HFfgclyFq3EVrsV1uBY34AbchJtwC27BbbgNd+AO3IUKAD/BT/FTTMZ9uA/34348gAfwIB7ETMzEQ3gID+NhPIJH8CgexWN4HE/gcTyJJ/EUnsYzeAbP4Tk8j8/Hf914V8k1ySCyKKFEjIgRsSJW5BK5RG6RW+QReURERESciBN5RV6RT+QTBUQBES/iRWFRWBhhBIkwBgBEVERFcVFclBAlRClRSjjhRIJIEGVFWVFOlBPlxW2igrhdVBSVRFtXRVQRVUU7V03cJaqL6qKGqClqidqitqgj6oi6oq6oJ+qJ+qK+aCAeFA1FHxyAD4uszDQRQ7CpGIrNRHMhL71fW4vh2Ea0Fe3Ek2IkjsAOorVLFM+IjmIMdhJ/E2PxOdFFjMeu4u+im+gueogXRE/RxvUSvcVk7CP6imnYT/QXA8TLYibWFO/jnJy1xGsiWQwRQ8XrYgG+IYaLN8UIMVKMEm+J0eJtMUaMFePEeJEiJoiJ4h0xSbwrJospYqqYJlLFdDFDvCdmillitnhfzBEfiLlinpgvFog08aFYKBaJdPGRWCw+FhliiVgqlonlYoVYKVaJ1WKNWCvWifVig9goNonNYovYKraJ7WKH2Cl2id3iE7FHfCr2is/EPvG52C++EAfEl+Kg+Epkiq/FIfGNOCy+FUfEd+Ko+F4cE8fFCfGDOCl+FKfEaXFGnBXnxE/ivPhZXBBegEQppJRKBjJG5pCxMqfMJa+RuWVw6dW9XsbJG2ReeaPMJ/PLArKgjJeFZGGppZFWkgxlEVlURmUxWVzeJEvIkrKULC2dLCMT5M2yrLxFlpO3yvLyNllB3i4rykqysqwi75BV5Z0SIhePUUPWlLVkbXmPrCPvlXXlfbKevF/Wlw/IBvJB2VA+JBvJh2Vj+YhsIh+VTeVjsplsLlvIlrKVfFy2lk/INrKtbCeflO3lU7KDfFomymdkR+kvnSLPyS7yedlV/l12k91lD/mzvCC97CV7S4A+sq98SfaT/eUA+bIcKF+Rg+SrcrB8TSbLIXKofF0Ok2/I4fJNOUKOlKPkW3K0fFuOkWPlODlepsgJcqJ8R06S78rJcoqcKqfJVDldDrjU02wp/2X7d36n/eBfjr5JbpZb5Fa5TW6XO+ROuUvulrvlHrlH7pV75T65T+6X++UBeUAelAdlpsyUh+QheVgelkfkEXlUHpXH5HF5Vv4gT8of5Sl5Wp6WZ+U5eU6ev/QagEIllFRKBSpG5VCxKqfKpa5RudW1Ko+6TkXU9SpO3aDyqhtVPpVfFVAFVbwqpAorrYyyilSoiqiiKqqK4aUTRpVSpZVTZVSCuvnPtFfF1U2qhCr5q/aXx6f/YHytVCvVWrVWbVQb1U61U+1Ve9VBdVCJKlF1VB1VJ9VJdVadVRfVRXVVXVU31U31UD1UT9VT9VK9VJJKUn3VS6qf6q8GqJfVQPWKGqQGqcFqsEpWyWqoGqqGqWFquBquRqgRapQapUar0WqMGqPGqXEqRaWoiWqimqQmqclqspqqpqpUlapmqBlqppqpZqvZao6ao+aquWq+mq/SVJpaqBaqdJWuFqvFKkMtUUvUMrVMrVAr1Cq1Sq1Ra9Q6tU5tUBtUhtqsNqutaqvarrarnWqn2q12qz1qj9qr9qp9ap/ar/arA+qAOqgOqkyVqQ6pQ+qwOqyOqCPqqDqqjqlj6oQ6oU6qk+qUOqXOqDPqnDqnzqvz6oK6kLXsC0QgAhWoICaICWKD2CBXkCvIHeQO8gR5gkgQCeKCuCBvcGOQL8gfFAgKBvFBoaBwoAMT2EBcSno0KBYUD24KSgQlg1JB6cAFZYKE4OagbHBLUC64NSgf3BZUCG4PKgaVgspBleCOoGpwZ1AtuCuoHtwd1AhqBrWC2sE9QZ3g3qBucF9QL7g/qB88EDQIHgwaBg8FjYKHg8bBI0GT4NGgafBY0CxoHrQIWgat/tL+vT+V/wnXS/fWSbqP7qtf0v10fz1Av6wH6lf0IP2qHqxf08l6iB6qX9fD9Bt6uH5Tj9Aj9Sj9lh6t39Zj9Fg9To/XKXqCnqjf0ZP0u3qynqKn6mk6VU/XM/R7eqaepWfr9/Uc/YGeq+fp+XqBTtMf6oV6kU7XH+nF+mOdoZfopXqZXq5X6JV6lV6t1+i1ep1erzfojXqT3qy36K16m96ud+idepferT/Re/Sneq/+TO/Tn+v9+gt9QH+pD+qvdKb+Wh/S3+jD+lt9RH+nj+rv9TF9XJ/QP+iT+kd9Sp/WZ/RZfU7/pM/rn/UF7bMW91kf70YZZWJMjIk1sSaXyWVym9wmj8ljIiZi4kycyWvymnwmnylgCph4E28Km8ImCxkyRUwREzVRU9wUNyVMCVPKlDLOOJNgEkxZU9aUM+VMeVPeVDAVTEVT0VQ2lc0d5g5zp7nT3GXuMnebu01NU9PUNrVNHVPH1DV1TT1Tz9Q39U0D08A0NA1NI9PINDaNTRPTxDQ1TU0z08y0MC1MK9PKtDatTRvTxrQz7Ux70950MB1Mokk0HU1H08l0Mp1NZ9PFdDFdTVfTzXQzPUwP09P0NL1ML5Nkkkxf09f0M/3MADPADDQDzSAzyAw2g02ySTZDzVAzzAwzw81wM8KMNKOyFqrmbTPGjDXjzHiTYlLMRDPRTDKTzGQz2Uw13qSaVDPDzDAzzUwz28w2c8wcM9fMNfPNfJNm0sxCs9Ckm3Sz2Cw2GSbDLDVLzXKz3Kw0K81qs9qsNWvNelhvNpqNZrPZbLaarWa72W52mp1mt9lt9pg9Zq/Za/aZfWa/2W8OmAPmoDloMk2mOWQOmcPmsDlijpij5qg5Zo6ZE+aEOWlOmlPmlDljzphzJv+lz0tvYm1Om8teY3Pba20ee53957iALWjjbSFb2Gqbz+b/VWystSVsSVvKlrbOlrEJ9ubfxBVtJVvZVrF32Kr2TlvtN3Ede6+ta++z9ez9tra951dxffuAbWAftQ0RAWxz29i2tE3so7apfcw2s81tC9vStrdP2Q72aZton7Ed7bO/iRfaRXa1XWPX2nV2j/3UnrFn7WH7rT1nf7K9bG870L5iB9lX7WD7mk22Q34Tj7Jv2dH2bTvGjrXj7PjfxFPtNJtqp9sZ9j070876TZxmP7RzbLqda+fZ+XbBL3HWmNLtR3ax/dhm2CV2qV1ml9sVdqVddXmsl7+tt7vtJ3ar3Wa32x12p931S5w1j732M7vPfm4P2W/sAfulPWiP2Ez79S9x1vyO2O/sUfu9PWaP2xP2B3vS/mhP2dO/zD9r7j/Yn+0F6y0QEpAkRQHFUA6KpZyUi66h3HQt5aHrKELXUxzdQHnpRspH+akAFaR4KkSFSZMhS0QhFaGiFKVidHmdXopKk6MylEA3U1m6hcrRrVSebqMKdDtVpEpUmarQHVSV7qRqdBdVp7upBtWkWlSb7qE6dC/VpfuoHt1P9ekBakAPUkN6iBrRw9SYHqEm9Cg1pceoGTWnFtSSWtHj1JqeoDbUltrRk9SenqIO9DQl0jPUkZ6lTvQ36kzPURd6nrrS36kbdace9AL1pBepF/WmJOpDfekl6kf9aQC9TAPpFRpEr9Jgeo2SaQgNpddpGL1Bw+lNGkEjaRS9RaPpbRpDY2kcjacUmkAT6R2aRO/SZJpCU2kapdJ0mkHv0UyaRbPpfZpDH9BcmkfzaQGl0Ye0kBZROn1Ei+ljyqAltJSW0XJaQStpFa2mNbSW1tF62kAbaRNtpi20lbbRdtpBO2kX7aZPaA99SnvpM9pHn9N++oIO0Jd0kL6iTPqaDtE3dJi+pSP0ne9N39MxOk4n6Ac6ST/SKTpNZ+gsnaOf6Dz9TBfIE4QYilCGKgzCmDBHGBvmDHOF14S5w2vDPOF1YSS8PowLbwjzhjeG+cL8YYGwYBgfFgoLhzo0oQ0pDMMiYdEwGhYLi4c3hSXCkmGpsHTowjJhQnhzWDa8JSwX3hqWD28LK4S3hxXDSuGj91cJ7wirhneG1cK7wurh3WGNsGZYK6wd3hPWCe8N64b3hfXC+8Ny4QNhg/DBsGH4UNgofDhsHD4SNgkfDZuGj4XNwuZhi7Bl2Cp8PGwdPhG2CduG7cInw/bhU2GH8OkwMXwm7Bg++0v9A4v+uD4p7BP2DV8KXwq9v0/Ojy6IpkU/jC6MLoqmRz+KLo5+HM2ILokujS6LLo+uiK6Mroqujq6Jro2ui66PbohujG6Kel87Bzh0wkmnXOBiXA4X63K6XO4al9td6/K461zEXe/i3A0ur7vR5XP5XQFX0MW7Qq6w084468iFrogr6qKumCvubnIlXElXypV2zpVxCa6la+VaudbuCdfGtXXt3JPuSfeUe8o97Z52z7iO7lnXyf3NdXbPuS7ueRUD4Lq57q6He8H1dBPyXHxPJrm+rq/r5/q5AW6AG+gGukFukBvsBrtkl+yGuqFumBvmhrvhboTLCQCj3Gg32o1xY9w4N86luBQ30U10k9wkN9lNdlPdVJfqUt0MN8PNdDNd1VkXjzLXzXXz3XyX5tLcQpe1Zkx3i91il+Ey3FK31C13y91Kt9KtdqvdWrfWrXfr3Ua30W12m91Wt9Vtd9vdTrfT7Xa73R5/3cVO3T633+13B9wBd9B95TLd1+6Q+8Yddt+6I+47d9R974654+6E+8GddD+6U+60O+POunPuJ3fe/ewuOO9SIhMiEyPvRCZF3o1MjkyJTI1Mi6RGpkdmRN6LzIzMisyOvB+ZE/kgMjcyLzI/siCSFvkwsjCyKJIe+SiyOPJxJCOyJLI0siyyPLIi4n2hraEv4ov6qC/mi/ubfAlf0pfypb3zZXyCv9mX9bf4cv5WX97f5iv4231FX8lX9o/5Zr65b+Fb+lb+cd/aP+Hb+La+nX/St/dP+Q7+aZ/on/Ed/bO+k/+b7+yf8138876r/7vv5rv7Hv4F39O/6Hv53j7J9/F9/Uu+n+/vB/iX/UD/ih/kX/WD/Ws+2Q/xQ/3rfph/ww/3b/oRfqQfFfOWH335EhnG+xQ/wU/07/hJ/l0/2U/xU/00n+qn+xn+PT/Tz/Kz/ft+jv8Akvw8P98v8Gn+Q7/QL/Lp/iO/2H/sM/ySy7dQ/Uq/yq/2a/xav86v9xv8Rr/Jb/Zb/Fa/zW/3O/xOv8vv9p/4Pf5Tv9d/5vf5z/1+/4U/4L/0B/1XPtN/7Q/5b/xh/60/4r/zR/33/pg/7k/4H/xJ/6M/5U/7M/6sP+d/8uf9z/4C/80aY4wxxth/yYQrRfF79X1+5znxDzv3BYBrtxXM/Mf6rBXl+nwXy/1FfPsIADzTu+vDl7caNZKSki7tmyEhKDoP4PI3QVli4Eq8BNrBU5AIbaHs746/v+h+jv5F/9HbAHL9Q5tYuBJf6f+LP+j/8SdHLawQnon7f/Q/D6BE0Sttsq6TLsdLoJ3KemwL5f6g//yt/8X4c36ZAtDmH9rkhivxlfEnwBPwLCT+ak/GGGOMMcYYY+yi/qJy58vXn5d/4/P3rs/j1ZU2OeBK/K+uzxljjDHGGGOMMXb1Pde9x9OPX1OsbedfComJf6JQ7c/szIXfK3j4HzGMiwXvAS4/owDg3+wQ4JfCuP/gLLb8R46VfOmt889Vy8/6AP5npPKvKFzlH0yMMcYYY4yxv9yVRf+vn1dXa0CMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxlg29J/4d2JXe46MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcbY1fZ/AgAA//81OQSC") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) 363.722764ms ago: executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) mount(0x0, 0x0, &(0x7f0000000000)='configfs\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001480)=@base={0x12, 0x22, 0x4, 0x6}, 0x48) r2 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000), &(0x7f0000000100)=@udp=r2}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f00000011c0)={r1, &(0x7f00000002c0), &(0x7f0000000000)=@udp}, 0x20) syz_usb_control_io$hid(r0, 0x0, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x1e, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10) io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, &(0x7f0000000100), 0x0) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newsa={0x154, 0x10, 0x633, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@empty, 0x4d5, 0x32}, @in=@multicast1, {}, {0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0xa, 0x1, 0x0, 0x4}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x4, {0x2, 0x0, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}]}, 0x154}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x7, 0x10000, 0x9}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="18000107000000000000000000008ee700006935b814000000", @ANYRES32, @ANYRES8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f5a}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x10) 307.863073ms ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400}) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) 74.610488ms ago: executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000000040)='./file1\x00', 0x1000, 0x1) r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) chdir(0x0) linkat(r0, &(0x7f0000000100)='./file1\x00', r1, &(0x7f0000000240)='./file0\x00', 0x0) r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) mkdirat(r2, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0) r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r4 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) renameat2(r3, &(0x7f0000000000)='./file0\x00', r4, &(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x2) 0s ago: executing program 0: r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x10) getdents64(0xffffffffffffffff, 0x0, 0x0) kernel console output (not intermixed with test programs): [ 4.481159][ T100] udevd[100]: starting version 3.2.11 [ 4.545524][ T101] udevd[101]: starting eudev-3.2.11 [ 4.747486][ T102] udevadm (102) used greatest stack depth: 22288 bytes left [ 15.271203][ T28] kauditd_printk_skb: 50 callbacks suppressed [ 15.271219][ T28] audit: type=1400 audit(1717216943.540:61): avc: denied { transition } for pid=228 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.281561][ T28] audit: type=1400 audit(1717216943.540:62): avc: denied { noatsecure } for pid=228 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.287080][ T28] audit: type=1400 audit(1717216943.540:63): avc: denied { write } for pid=228 comm="sh" path="pipe:[12676]" dev="pipefs" ino=12676 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 15.302255][ T28] audit: type=1400 audit(1717216943.540:64): avc: denied { rlimitinh } for pid=228 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.320904][ T28] audit: type=1400 audit(1717216943.540:65): avc: denied { siginh } for pid=228 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 17.012615][ T229] sshd (229) used greatest stack depth: 22256 bytes left Warning: Permanently added '10.128.0.49' (ED25519) to the list of known hosts. 2024/06/01 04:42:31 fuzzer started 2024/06/01 04:42:32 dialing manager at 10.128.0.163:30012 [ 23.732744][ T28] audit: type=1400 audit(1717216952.000:66): avc: denied { node_bind } for pid=287 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 23.753278][ T28] audit: type=1400 audit(1717216952.000:67): avc: denied { name_bind } for pid=287 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 23.805955][ T28] audit: type=1400 audit(1717216952.070:68): avc: denied { mounton } for pid=296 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 23.807419][ T296] cgroup: Unknown subsys name 'net' [ 23.849334][ T296] cgroup: Unknown subsys name 'devices' [ 23.855206][ T28] audit: type=1400 audit(1717216952.070:69): avc: denied { mount } for pid=296 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.877319][ T28] audit: type=1400 audit(1717216952.110:70): avc: denied { setattr } for pid=297 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=166 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.900418][ T28] audit: type=1400 audit(1717216952.110:71): avc: denied { mounton } for pid=304 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 23.909319][ T306] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 23.925196][ T28] audit: type=1400 audit(1717216952.110:72): avc: denied { mount } for pid=304 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 23.956655][ T28] audit: type=1400 audit(1717216952.120:73): avc: denied { unmount } for pid=296 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.976529][ T28] audit: type=1400 audit(1717216952.210:74): avc: denied { relabelto } for pid=306 comm="mkswap" name="swap-file" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.001932][ T28] audit: type=1400 audit(1717216952.210:75): avc: denied { write } for pid=306 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.029462][ T300] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 24.098761][ T296] cgroup: Unknown subsys name 'hugetlb' [ 24.104246][ T296] cgroup: Unknown subsys name 'rlimit' 2024/06/01 04:42:32 starting 5 executor processes [ 25.268584][ T314] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.275462][ T314] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.282963][ T314] device bridge_slave_0 entered promiscuous mode [ 25.290967][ T314] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.297822][ T314] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.305100][ T314] device bridge_slave_1 entered promiscuous mode [ 25.445630][ T315] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.452643][ T315] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.460121][ T315] device bridge_slave_0 entered promiscuous mode [ 25.468172][ T315] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.475019][ T315] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.482444][ T315] device bridge_slave_1 entered promiscuous mode [ 25.488848][ T322] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.495687][ T322] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.503238][ T322] device bridge_slave_0 entered promiscuous mode [ 25.511622][ T322] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.518662][ T322] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.525868][ T322] device bridge_slave_1 entered promiscuous mode [ 25.603026][ T318] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.609947][ T318] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.617626][ T318] device bridge_slave_0 entered promiscuous mode [ 25.624365][ T318] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.631460][ T318] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.638826][ T318] device bridge_slave_1 entered promiscuous mode [ 25.649811][ T314] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.656681][ T314] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.663792][ T314] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.670675][ T314] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.694856][ T321] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.701755][ T321] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.709394][ T321] device bridge_slave_0 entered promiscuous mode [ 25.732998][ T321] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.739972][ T321] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.747384][ T321] device bridge_slave_1 entered promiscuous mode [ 25.851374][ T322] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.858253][ T322] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.865337][ T322] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.872140][ T322] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.941207][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.948294][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.955441][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.963382][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.971459][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 25.978872][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.004635][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.012674][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.019526][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.026883][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.034851][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.041703][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.056819][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.064630][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.103383][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.131522][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.139537][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.146489][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.153796][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.162149][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.169019][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.176168][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.184516][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.192056][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.200105][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.206950][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.214100][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.222120][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.228974][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.236424][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 26.251805][ T314] device veth0_vlan entered promiscuous mode [ 26.259861][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.267803][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 26.275158][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.282797][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 26.290730][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.298803][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 26.306687][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.314840][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 26.322340][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 26.340787][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 26.349015][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.357094][ T319] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.363953][ T319] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.371630][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 26.380236][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.388281][ T319] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.395143][ T319] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.402386][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 26.410547][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.418399][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 26.426353][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.434376][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 26.453020][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 26.461093][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.468987][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 26.476226][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.483519][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 26.491832][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.499806][ T324] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.506661][ T324] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.526319][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 26.533857][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 26.542590][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.550954][ T324] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.557943][ T324] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.565090][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 26.573279][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.584100][ T322] device veth0_vlan entered promiscuous mode [ 26.593404][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 26.601312][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.609366][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 26.617718][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.625585][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 26.632982][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 26.653700][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 26.662078][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.670442][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 26.678841][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.686932][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 26.694870][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.706137][ T314] device veth1_macvtap entered promiscuous mode [ 26.714901][ T321] device veth0_vlan entered promiscuous mode [ 26.721278][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 26.729301][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.737554][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 26.744947][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.753253][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 26.760680][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 26.771618][ T322] device veth1_macvtap entered promiscuous mode [ 26.789145][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 26.797429][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.805381][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 26.813000][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 26.821194][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.829909][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.838019][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.846098][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.854408][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.876585][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 26.884466][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.892781][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 26.901193][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.909395][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.917490][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.925581][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.933793][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.941926][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 26.949684][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.957816][ T318] device veth0_vlan entered promiscuous mode [ 26.968583][ T315] device veth0_vlan entered promiscuous mode [ 26.981659][ T318] device veth1_macvtap entered promiscuous mode [ 26.999197][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.008694][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.016047][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.023962][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.031576][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.042688][ T321] device veth1_macvtap entered promiscuous mode [ 27.058992][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.067656][ T343] futex_wake_op: syz-executor.4 tries to shift op by 32; fix this program [ 27.070695][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 27.085022][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 27.126490][ T315] device veth1_macvtap entered promiscuous mode [ 27.141987][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.155565][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 27.166478][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 27.174798][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 27.183358][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 27.191659][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 27.199912][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 27.208400][ T324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 27.246206][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 27.254494][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 27.264969][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 27.276442][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 27.284337][ T362] overlayfs: missing 'lowerdir' [ 27.350756][ T369] loop3: detected capacity change from 0 to 512 [ 27.357904][ T369] ======================================================= [ 27.357904][ T369] WARNING: The mand mount option has been deprecated and [ 27.357904][ T369] and is ignored by this kernel. Remove the mand [ 27.357904][ T369] option from the mount to silence this warning. [ 27.357904][ T369] ======================================================= [ 27.394144][ T369] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 27.407826][ T19] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 27.421979][ T369] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 27.431887][ T369] ext4 filesystem being mounted at /root/syzkaller-testdir3076896672/syzkaller.pEkHGd/1/file0 supports timestamps until 2038 (0x7fffffff) [ 27.454794][ T369] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #15: comm syz-executor.3: corrupted xattr block 19 [ 27.466311][ T6] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 27.468073][ T369] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 27.483449][ T369] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #15: comm syz-executor.3: corrupted xattr block 19 [ 27.493932][ T376] futex_wake_op: syz-executor.1 tries to shift op by 32; fix this program [ 27.502280][ T369] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 27.522468][ T369] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 27.537517][ T369] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2926: inode #15: comm syz-executor.3: corrupted xattr block 19 [ 27.555472][ T369] EXT4-fs warning (device loop3): ext4_evict_inode:299: xattr delete (err -117) [ 27.586411][ T324] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 27.666394][ T19] usb 3-1: Using ep0 maxpacket: 16 [ 27.706388][ T6] usb 5-1: Using ep0 maxpacket: 32 [ 27.786429][ T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.797256][ T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 27.806961][ T19] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 27.815814][ T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.824806][ T19] usb 3-1: config 0 descriptor?? [ 27.836396][ T324] usb 1-1: Using ep0 maxpacket: 32 [ 27.836389][ T6] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.836420][ T6] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 27.861620][ T6] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 27.871314][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.896394][ T356] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 27.919824][ T6] hub 5-1:4.0: USB hub found [ 27.976349][ T324] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.987139][ T324] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 27.996860][ T324] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 28.005736][ T324] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.047413][ T324] hub 1-1:4.0: USB hub found [ 28.136400][ T6] hub 5-1:4.0: 2 ports detected [ 28.187546][ T315] EXT4-fs (loop3): unmounting filesystem. [ 28.256447][ T356] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 28.267248][ T356] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 28.276421][ T324] hub 1-1:4.0: 2 ports detected [ 28.277158][ T356] usb 2-1: config 0 interface 0 has no altsetting 0 [ 28.289126][ T19] savu 0003:1E7D:2D5A.0001: item fetching failed at offset 2/5 [ 28.296651][ T356] usb 2-1: New USB device found, idVendor=ffff, idProduct=ffff, bcdDevice= 0.00 [ 28.305442][ T356] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.313514][ T19] savu 0003:1E7D:2D5A.0001: parse failed [ 28.319129][ T19] savu: probe of 0003:1E7D:2D5A.0001 failed with error -22 [ 28.332052][ T356] usb 2-1: config 0 descriptor?? [ 28.396402][ T6] hub 5-1:4.0: hub_hub_status failed (err = -71) [ 28.402647][ T6] hub 5-1:4.0: config failed, can't get hub status (err -71) [ 28.436829][ T6] usb 5-1: USB disconnect, device number 2 [ 28.493025][ T19] usb 3-1: USB disconnect, device number 2 [ 28.516411][ T337] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 28.526492][ T324] hub 1-1:4.0: hub_hub_status failed (err = -71) [ 28.532733][ T324] hub 1-1:4.0: config failed, can't get hub status (err -71) [ 28.566602][ T324] usb 1-1: USB disconnect, device number 2 [ 28.676367][ T356] usbhid 2-1:0.0: can't add hid device: -71 [ 28.682424][ T356] usbhid: probe of 2-1:0.0 failed with error -71 [ 28.689959][ T356] usb 2-1: USB disconnect, device number 2 [ 28.756307][ T337] usb 4-1: Using ep0 maxpacket: 32 [ 28.766722][ T28] kauditd_printk_skb: 48 callbacks suppressed [ 28.766738][ T28] audit: type=1400 audit(1717216957.040:124): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 28.905744][ T396] overlayfs: missing 'lowerdir' [ 28.910579][ T337] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 28.921919][ T337] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 28.931747][ T337] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 28.941012][ T337] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.987533][ T337] hub 4-1:4.0: USB hub found [ 29.032401][ T402] futex_wake_op: syz-executor.0 tries to shift op by 32; fix this program [ 29.111497][ T410] loop1: detected capacity change from 0 to 512 [ 29.120422][ T410] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 29.138468][ T410] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 29.147438][ T410] ext4 filesystem being mounted at /root/syzkaller-testdir2451884647/syzkaller.kgYzFY/8/file0 supports timestamps until 2038 (0x7fffffff) [ 29.162724][ T410] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #15: comm syz-executor.1: corrupted xattr block 19 [ 29.176938][ T410] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop1 ino=15 [ 29.189085][ T410] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #15: comm syz-executor.1: corrupted xattr block 19 [ 29.201750][ T410] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop1 ino=15 [ 29.212734][ T19] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 29.216435][ T337] hub 4-1:4.0: 2 ports detected [ 29.228048][ T410] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 29.249784][ T410] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2926: inode #15: comm syz-executor.1: corrupted xattr block 19 [ 29.270953][ T410] EXT4-fs warning (device loop1): ext4_evict_inode:299: xattr delete (err -117) [ 29.279137][ T426] overlayfs: missing 'lowerdir' [ 29.304339][ T318] EXT4-fs (loop1): unmounting filesystem. [ 29.322738][ T430] futex_wake_op: syz-executor.1 tries to shift op by 32; fix this program [ 29.466342][ T19] usb 5-1: Using ep0 maxpacket: 32 [ 29.476368][ T337] hub 4-1:4.0: hub_hub_status failed (err = -71) [ 29.482624][ T337] hub 4-1:4.0: config failed, can't get hub status (err -71) [ 29.526959][ T337] usb 4-1: USB disconnect, device number 2 [ 29.536449][ T316] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 29.566355][ T363] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 29.586369][ T19] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 29.597535][ T19] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 29.607311][ T356] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 29.614659][ T19] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 29.623617][ T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 29.666905][ T19] hub 5-1:4.0: USB hub found [ 29.776308][ T316] usb 3-1: Using ep0 maxpacket: 32 [ 29.806349][ T363] usb 1-1: Using ep0 maxpacket: 16 [ 29.846314][ T356] usb 2-1: Using ep0 maxpacket: 32 [ 29.886444][ T19] hub 5-1:4.0: 2 ports detected [ 29.896444][ T316] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 29.907349][ T316] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 29.917033][ T316] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 29.925881][ T316] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 29.936363][ T363] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 29.947167][ T363] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 29.956772][ T363] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 29.966382][ T356] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 29.968600][ T363] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 29.989200][ T356] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 29.993748][ T363] usb 1-1: config 0 descriptor?? [ 30.000205][ T316] hub 3-1:4.0: USB hub found [ 30.008794][ T356] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 30.017937][ T356] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.066909][ T356] hub 2-1:4.0: USB hub found [ 30.106404][ T19] hub 5-1:4.0: hub_hub_status failed (err = -71) [ 30.112779][ T19] hub 5-1:4.0: config failed, can't get hub status (err -71) [ 30.146627][ T19] usb 5-1: USB disconnect, device number 3 [ 30.186382][ T316] hub 3-1:4.0: 2 ports detected [ 30.286354][ T356] hub 2-1:4.0: 2 ports detected [ 30.346336][ T319] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 30.446346][ T316] hub 3-1:4.0: hub_hub_status failed (err = -71) [ 30.452664][ T316] hub 3-1:4.0: config failed, can't get hub status (err -71) [ 30.467343][ T363] savu 0003:1E7D:2D5A.0002: item fetching failed at offset 2/5 [ 30.474972][ T363] savu 0003:1E7D:2D5A.0002: parse failed [ 30.480730][ T363] savu: probe of 0003:1E7D:2D5A.0002 failed with error -22 [ 30.486823][ T316] usb 3-1: USB disconnect, device number 3 [ 30.546379][ T356] hub 2-1:4.0: hub_hub_status failed (err = -71) [ 30.552753][ T356] hub 2-1:4.0: config failed, can't get hub status (err -71) [ 30.586336][ T319] usb 4-1: Using ep0 maxpacket: 32 [ 30.591891][ T356] usb 2-1: USB disconnect, device number 3 [ 30.670459][ T363] usb 1-1: USB disconnect, device number 3 [ 30.693119][ T28] audit: type=1400 audit(1717216958.960:125): avc: denied { unlink } for pid=442 comm="syz-executor.4" name="#1" dev="sda1" ino=1971 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=chr_file permissive=1 [ 30.715443][ T319] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.726986][ T319] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 30.736817][ T319] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 30.745716][ T319] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.796856][ T319] hub 4-1:4.0: USB hub found [ 30.983257][ T451] overlayfs: missing 'lowerdir' [ 30.994174][ T453] futex_wake_op: syz-executor.2 tries to shift op by 32; fix this program [ 31.003193][ T319] hub 4-1:4.0: 2 ports detected [ 31.086577][ T461] loop4: detected capacity change from 0 to 1024 [ 31.093425][ T461] EXT4-fs: Ignoring removed orlov option [ 31.099028][ T461] EXT4-fs: Ignoring removed nomblk_io_submit option [ 31.110074][ T461] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 31.122993][ T28] audit: type=1400 audit(1717216959.390:126): avc: denied { create } for pid=460 comm="syz-executor.4" name="blkio.bfq.avg_queue_size" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 31.151484][ T28] audit: type=1400 audit(1717216959.390:127): avc: denied { read append open } for pid=460 comm="syz-executor.4" path="/root/syzkaller-testdir125411774/syzkaller.UuUtUW/11/file1/file0/blkio.bfq.avg_queue_size" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 31.153988][ T461] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'. [ 31.181793][ T28] audit: type=1400 audit(1717216959.390:128): avc: denied { lock } for pid=460 comm="syz-executor.4" path="/root/syzkaller-testdir125411774/syzkaller.UuUtUW/11/file1/file0/blkio.bfq.avg_queue_size" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 31.228348][ T28] audit: type=1400 audit(1717216959.390:129): avc: denied { write } for pid=460 comm="syz-executor.4" path="/root/syzkaller-testdir125411774/syzkaller.UuUtUW/11/file1/file0/bus" dev="loop4" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 31.231569][ T469] EXT4-fs error (device loop4): ext4_check_all_de:655: inode #12: block 7: comm syz-executor.4: bad entry in directory: rec_len is smaller than minimal - offset=56, inode=0, rec_len=0, size=124 fake=0 [ 31.257623][ T28] audit: type=1400 audit(1717216959.390:130): avc: denied { mounton } for pid=460 comm="syz-executor.4" path="/root/syzkaller-testdir125411774/syzkaller.UuUtUW/11/file1/file0/bus" dev="loop4" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 31.275653][ T319] hub 4-1:4.0: hub_hub_status failed (err = -71) [ 31.304743][ T28] audit: type=1400 audit(1717216959.400:131): avc: denied { map } for pid=460 comm="syz-executor.4" path="/root/syzkaller-testdir125411774/syzkaller.UuUtUW/11/file1/file0/bus" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 31.309934][ T356] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 31.351075][ T28] audit: type=1400 audit(1717216959.500:132): avc: denied { create } for pid=460 comm="syz-executor.4" name=131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D338 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 31.388779][ T461] EXT4-fs error (device loop4): ext4_find_dest_de:2112: inode #12: block 7: comm syz-executor.4: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=0, rec_len=50689, size=68 fake=0 [ 31.407648][ T319] hub 4-1:4.0: config failed, can't get hub status (err -71) [ 31.434360][ T314] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2810: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 31.448370][ T28] audit: type=1400 audit(1717216959.720:133): avc: denied { rmdir } for pid=314 comm="syz-executor.4" name="lost+found" dev="loop4" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 31.448903][ T314] EXT4-fs error (device loop4): ext4_read_inline_dir:1589: inode #12: block 7: comm syz-executor.4: path /root/syzkaller-testdir125411774/syzkaller.UuUtUW/11/file1/file0: bad entry in directory: rec_len is smaller than minimal - offset=80, inode=0, rec_len=0, size=148 fake=0 [ 31.472100][ T319] usb 4-1: USB disconnect, device number 3 [ 31.502774][ T314] EXT4-fs error (device loop4): ext4_read_inline_dir:1589: inode #12: block 7: comm syz-executor.4: path /root/syzkaller-testdir125411774/syzkaller.UuUtUW/11/file1/file0: bad entry in directory: rec_len is smaller than minimal - offset=80, inode=0, rec_len=0, size=148 fake=0 [ 31.531857][ T314] ================================================================== [ 31.539753][ T314] BUG: KASAN: use-after-free in __ext4_check_dir_entry+0x700/0x880 [ 31.547473][ T314] Read of size 2 at addr ffff888132262008 by task syz-executor.4/314 [ 31.555376][ T314] [ 31.557543][ T314] CPU: 1 PID: 314 Comm: syz-executor.4 Not tainted 6.1.78-syzkaller-00132-g92704e00b599 #0 [ 31.567349][ T314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 31.576387][ T19] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 31.577255][ T314] Call Trace: [ 31.577263][ T314] [ 31.577272][ T314] dump_stack_lvl+0x151/0x1b7 [ 31.594954][ T314] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 31.600255][ T314] ? _printk+0xd1/0x111 [ 31.604248][ T314] ? __virt_addr_valid+0x242/0x2f0 [ 31.609186][ T314] print_report+0x158/0x4e0 [ 31.613524][ T314] ? __virt_addr_valid+0x242/0x2f0 [ 31.618472][ T314] ? kasan_addr_to_slab+0xd/0x80 [ 31.623247][ T314] ? __ext4_check_dir_entry+0x700/0x880 [ 31.628627][ T314] kasan_report+0x13c/0x170 [ 31.632962][ T314] ? __ext4_check_dir_entry+0x700/0x880 [ 31.638439][ T314] __asan_report_load2_noabort+0x14/0x20 [ 31.643901][ T314] __ext4_check_dir_entry+0x700/0x880 [ 31.646312][ T356] usb 3-1: Using ep0 maxpacket: 16 [ 31.649112][ T314] empty_inline_dir+0x54f/0xa30 [ 31.658742][ T314] ? __ext4_find_entry+0x16e9/0x1af0 [ 31.663883][ T314] ? ext4_delete_inline_entry+0x610/0x610 [ 31.669592][ T314] ? ext4_ci_compare+0x660/0x660 [ 31.674364][ T314] ext4_empty_dir+0x121/0xa10 [ 31.678885][ T314] ? ext4_append+0x5b0/0x5b0 [ 31.683394][ T314] ext4_rmdir+0x30b/0xad0 [ 31.688001][ T314] ? ext4_mkdir+0xce0/0xce0 [ 31.692336][ T314] ? rwsem_mark_wake+0x6b0/0x6b0 [ 31.697105][ T314] ? security_inode_rmdir+0xcd/0x110 [ 31.702224][ T314] vfs_rmdir+0x398/0x500 [ 31.706306][ T314] do_rmdir+0x3ab/0x630 [ 31.710295][ T314] ? d_delete_notify+0x160/0x160 [ 31.715078][ T314] __x64_sys_unlinkat+0xdf/0xf0 [ 31.719844][ T314] do_syscall_64+0x3d/0xb0 [ 31.724097][ T314] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 31.730091][ T314] RIP: 0033:0x7fe73bc7c6c7 [ 31.734336][ T314] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 31.753777][ T314] RSP: 002b:00007ffd75481408 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 31.762021][ T314] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007fe73bc7c6c7 [ 31.766361][ T356] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 31.769921][ T314] RDX: 0000000000000200 RSI: 00007ffd754825b0 RDI: 00000000ffffff9c [ 31.769938][ T314] RBP: 00007fe73bcc8336 R08: 0000000000000000 R09: 0000000000000000 [ 31.780894][ T356] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 31.788491][ T314] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffd754825b0 [ 31.788509][ T314] R13: 00007fe73bcc8336 R14: 000000000000794c R15: 0000000000000017 [ 31.788529][ T314] [ 31.788536][ T314] [ 31.788540][ T314] The buggy address belongs to the physical page: [ 31.788565][ T314] page:ffffea0004c89880 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x132262 [ 31.798363][ T356] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 31.805971][ T314] flags: 0x4000000000000000(zone=1) [ 31.805999][ T314] raw: 4000000000000000 ffffea0004c8bb88 ffffea0004c8bb48 0000000000000000 [ 31.814390][ T356] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 31.821827][ T314] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 31.821838][ T314] page dumped because: kasan: bad access detected [ 31.821859][ T314] page_owner tracks the page as freed [ 31.828936][ T19] usb 2-1: Using ep0 maxpacket: 32 [ 31.833107][ T314] page last allocated via order 0, migratetype Movable, gfp_mask 0x8140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO|__GFP_CMA), pid 460, tgid 460 (syz-executor.4), ts 31119379151, free_ts 31429867983 [ 31.844008][ T356] usb 3-1: config 0 descriptor?? [ 31.852027][ T314] post_alloc_hook+0x213/0x220 [ 31.852052][ T314] prep_new_page+0x1b/0x110 [ 31.852069][ T314] get_page_from_freelist+0x27ea/0x2870 [ 31.936901][ T314] __alloc_pages+0x3a1/0x780 [ 31.941324][ T314] __folio_alloc+0x15/0x40 [ 31.945580][ T314] wp_page_copy+0x23b/0x1690 [ 31.950002][ T314] do_wp_page+0xc25/0xdf0 [ 31.954281][ T314] handle_mm_fault+0x15a2/0x2f40 [ 31.959147][ T314] exc_page_fault+0x3b3/0x700 [ 31.963658][ T314] asm_exc_page_fault+0x27/0x30 [ 31.968365][ T314] page last free stack trace: [ 31.972872][ T314] free_unref_page_prepare+0x83d/0x850 [ 31.976437][ T19] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 31.978328][ T314] free_unref_page_list+0xf1/0x7b0 [ 31.989091][ T19] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 31.993945][ T314] release_pages+0xf7f/0xfe0 [ 31.993974][ T314] free_pages_and_swap_cache+0x8a/0xa0 [ 32.004934][ T19] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 32.007920][ T314] tlb_finish_mmu+0x1e0/0x3f0 [ 32.007947][ T314] exit_mmap+0x421/0x940 [ 32.007963][ T314] __mmput+0x95/0x310 [ 32.013549][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 32.022066][ T314] mmput+0x56/0x170 [ 32.022092][ T314] do_exit+0xb29/0x2b80 [ 32.022109][ T314] do_group_exit+0x21a/0x2d0 [ 32.022127][ T314] __x64_sys_exit_group+0x3f/0x40 [ 32.059216][ T314] do_syscall_64+0x3d/0xb0 [ 32.063468][ T314] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 32.069293][ T314] [ 32.070875][ T19] hub 2-1:4.0: USB hub found [ 32.071453][ T314] Memory state around the buggy address: [ 32.071466][ T314] ffff888132261f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2024/06/01 04:42:40 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 32.089352][ T314] ffff888132261f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.097239][ T314] >ffff888132262000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.105133][ T314] ^ [ 32.108041][ T457] loop2: detected capacity change from 0 to 2048 [ 32.109396][ T314] ffff888132262080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.109411][ T314] ffff888132262100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 32.131440][ T314] ================================================================== [ 32.142622][ T314] Disabling lock debugging due to kernel taint [ 32.151732][ T314] EXT4-fs error (device loop4): empty_inline_dir:1858: inode #12: block 7: comm syz-executor.4: bad entry in directory: rec_len % 4 != 0 - offset=60, inode=0, rec_len=50689, size=68 fake=0 [ 32.171111][ T314] EXT4-fs warning (device loop4): empty_inline_dir:1865: bad inline directory (dir #12) - inode 0, rec_len 50689, name_len 213inline size 68