last executing test programs: 1m28.322918015s ago: executing program 4 (id=486): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000600)='./file1\x00', 0x800714, &(0x7f0000000340)={[{@orlov}, {@minixdf}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x9c7c}}, {@commit={'commit', 0x3d, 0x2}}, {@grpquota}, {@errors_continue}, {@test_dummy_encryption}, {@auto_da_alloc}, {@nodiscard}]}, 0xfe, 0x44d, &(0x7f0000000cc0)="$eJzs281vG0UbAPBn10n79jN5Sym0tDRQEBEfSZMW6IELCCQOICHBoRxDklahboOaINEqgoBQOaJK3BFHJP4CTnBBwAmJK9xRpQoCEoVT0Nq7qePaaT7sOK1/P2mbGe+uZx7Pjnc80w2gaw1k/yQRuyPil4iYTxscMFD9c2NhbvyfhbnxJBYXX/89yU6LvxfmxotDk/zvrjwzmEakHyd5IcvNXLp8bqxcnryY54dnz78zPHPp8lNT58fOTp6dvDB66tTJEyPPPjP6dEvi7Mvqeuj96cMHX37z6qvjp6++9cNXPRFx4Eh1f20crTKQBf7HYkX9vkdbXViH7alJJz0drAhrUoqIrLl6K/2/L0pxs/H64qWPOlo5oK2ye9P25rvnF4G7WBKdrgHQGcWNPvv9W2ybNPTYEq4/X/0BlMV9I9+qe3qimArpbWP5AxFxev7fz7Mt2jQPAQBQ65ts/PNko/FfGgdqjtubr6H0R8T/I2JfRNwTEfsj4t6IyrH3RcT9ayy/fmno1vFPem1dga1SNv57Ll/bWj7+W1oI6y/luT2V+HuTM1PlyeP5ZzIYvduz/MgKZXz74s+fNttXO/7Ltqz8YiyY1+NaT90E3cTY7FirBqXXP4w41NMo/mRpJSCJiIMRcWhtb723SEw9/uXhZgfdPv4VtGCdafGLiMeq7T8fdfEXkpXXJ4f/F+XJ48PFVXGrH3+68lqz8jcUfwtk7b9z+fVfd0TfX0nteu3M2su48usnTX/TrPf635a8UVmz3pa/9t7Y7OzFkYhtySuV/LLXR2+eW+SL47P4B4817v/78nOy+B+IiOwiPhIRD0bE0bzuD0XEwxFxbIX4v3/hkbfXH397ZfFPNPz+W7r++5e3/9oTpXPffd2s/NW1/8lKajB/pfL9dxurreBGPjsAAAC4U6QRsTuSdGgpnaZDQ9X/w78/dqbl6ZnZJ85Mv3thovqMQH/0psVMV1/NfOhIMp+/YzU/ms8VF/tP5PPGn5V2VPJD49PliQ7HDt1uV5P+n/mt1OnaAW3neS3oXvX9v/4ZYODu5f4P3Uv/h+6l/0P3atT/P6jLL60FHG1/fYDN4/4P3Uv/h+6l/0P30v+hK23kuX6JLZpIN6OsSDc5rh3rPv3PXVugUe60RKe/mQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFrjvwAAAP//TyvugQ==") 1m28.057975254s ago: executing program 4 (id=487): pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x64, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote}}}}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000240), 0x208e24b) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000340)={0x0, 0x0}) capset(&(0x7f00000004c0)={0x39900612, r4}, 0x0) r5 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r5, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) listen(r5, 0x0) r6 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r6, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2, 0x3, {0x41}}, 0x10, 0x0}, 0x20000000) accept4(r5, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000180)='svcrdma_encode_wseg\x00', r0, 0x0, 0xfcc2}, 0x18) connect$tipc(r6, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x0, 0x4}, 0x2}}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r3, 0x0) r7 = dup(r2) r8 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000440), 0x204100, 0x0) write$P9_RGETLOCK(r8, &(0x7f0000000480)=ANY=[@ANYBLOB="270000003702000200000080000000000200000000000000", @ANYRES32=0x0, @ANYBLOB="0900b25dba764d3a745421"], 0x27) r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000e80)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000702000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe00000000850000000a000000b7000000000000009500001000000000a80501363034fdb117168bd07ba00af739d1a1ee35fe163a255c33282044b32495ef8ab9adc67ccc945f105d802f5132143c0a9fc7a84452569957c1002ed7d4d8e17f791f4798c8eb483e9973320d046c3126c6afcfd84de03352c69b3edff5be26765ba5f8f2879021c2ea53ea79acd7fb38dd1abb75aa393cea26d465637d11f705000000473e7b7c4ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a057844f226ef4e912f01a201e694e3806e8c70e8b69524cd19f7525d8d66bb766f7f3f918c86a70252236800001897133af94a5a4cfc794d8b9d7c33632152c48eaf302f0b2e0c252b00000000000000006f1bbefbe08de65e3762e194ba4cae8b13535d7d11ee917bca4885bbf597a14ab2458efce78510d86272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36bed435000025ecd201d2ffb0a7fa4f5d11060cdcf071defd0a8be3b69ce3e4f361aca75827426dde87fdf4617222674280f55e98107450c19b9d86329bd5b4697336112b0b8754ce3574046bf6114d1a88597850b77378fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f3faf37ebdfccea0c002ad2b42047c9ec43193ccf617dbf8a12b4f189edbf9fb7c42b1f435ccd4d96822e6b70100912c92e3943e9c4f45d8bcd528fa8a3ea847f10e9b2506f3bb506f1d7fbdf8010000000000a073d0de5538ab42e170b3baae34c35987b0dda497ac3f5e97e6e6aeea15c6d5ed24310100000003bb6030f84b63aaf8690db0221b1705c501f802ff59b4e683efa4b6e77e042072bd2ac37d413008ec9eb8166f6e28b49a77ed91befc65315896f88a8fb1dd679fb4c515f8b7a5b7aca6a251a89d47b728502f7e621cc0e3ba04000000c149ee6601728c750d304197c22da8650579475afd96187d881e93b42a5fdfd686d8900c44c67133dad58037fda65885a15a429edfe3027a5ebf95254744f10fd607bc3300b94932b8d9447c4df6e21ee0e54f8be072e0b083bbd86b19cb074577a25ff581d92af08a06f857310a2f14326b0b290205e91a682e00c8762cbc6b904c980eef6e6a1def886c95676dce6a8194479700a02b92bdc8d05eae1f24fdd7b80d1bb404c22f681594de2ebb9687219de8d73ac83823feb402a2415a9850d5f0183ec67be96dc0e4c2d7acf1dfe79d6771903b76e21190c22d641030e1ddacf006c3116e1803af20a5f2b5f7ba58aca5bcabbbab24414a3810788e5503e4be66d683daac5f0001000077339b4200000000108a3c87b19d5b9a00c75d84a92d6dcf00ba96edf35ede0e2b57c26e94801b498924166bde57d5f24258d9fd028096cc15a8b912b494d4bbe609031ea1ca65a548971d5d16296dd08e020000007a27310d5d01f8a8a0f5212d7f628f554afea715ccbc66cbb1016490f5d579308cb3188cf2fcaf67e0c16443d526ba4b968f07ae362c2133c168313e84beb871203880dd453c45d0a137d7f5a8b039dbfa62fb2b4214f8e69f967bf1fbd89e77fcca110000000800000000000000f8877994ebdc35f7efd41e3babd9b3782edd6776d5b6cb4ecd72c9de9b5503747d71440378cf2c2c7ea2dc5febb654a867f853713cf4c0bb322fbbe446d18dee4c821275ef18259cafc346c8b3b9fb0f3adcf6ea310a6b9a3f59e29a5909ea047fb61affb4bc8bbea1fb761b8933795b1a91358a7791aa843d07020e8bb6fc18458c49ac6313e7165b7d9f65e94a62b69f1011b94340cdb7303f01e5cdb5682ddf73d65c3de1d88dd7496d6345d5b9de0223988056a53e19a8b96b9640bc6c09d3c2ff894d626b57c776ed53f94d5e22ff148061b37f72bd92924cb1d0a725e19b264346b7cae0251a850de78316503f3c3d395c7e3f04fc8d52583327cd2341ce4b2d092815376299686f41353b2823814563011a2223b9dd"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) ioctl$KVM_NMI(r9, 0xae9a) ioctl$KVM_RUN(r9, 0xae80, 0x0) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="110000000400000004000000ff00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000fdffffff00"/28], 0x50) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r10, &(0x7f0000000140), &(0x7f0000000080)=@udp6=r0}, 0x20) r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000011c0)={r11, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x4000000}, 0x50) 1m27.924730394s ago: executing program 4 (id=488): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0xffffffff, [{0x0, 0x3, 0x7}]}, @ptr, @restrict={0x0, 0x0, 0x0, 0x10, 0x2}]}}, 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000500), 0x1, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000cc0)={0x39c, 0x15, 0x400, 0x70bd28, 0x25dfdbfd, {0x17}, [@typed={0x8, 0xbc, 0x0, 0x0, @pid=r0}, @generic="ce62b31b5d607b11bbeb485945f755843a7ac392387ef68a4b5ea9e46fc309fb6398747d1cbab4179af7322ced53e5e793d7c3cd918b25ad43459f4b8ac907a35d349a4f7580c69ff3ebc5244f774f984afa4bf8e6c39bbc104b6194a7d478b40672cc438cf9a83f26f5eb", @nested={0x1eb, 0x14, 0x0, 0x1, [@generic="a0297ed02a3fa7d37b8604d9afe26559febad9d9344e01c7864ff605065571b40f935ae40a02a7624b6bf739f634a25bf40c715feff0b6288e2cb33e3e82d4369ca7659f5a982477b9ede3d48f013f1e8c29f36664c67bc5724605c3bc519addb55f", @typed={0x15, 0x11e, 0x0, 0x0, @str='/dev/vga_arbiter\x00'}, @typed={0xb8, 0x98, 0x0, 0x0, @binary="169faf44af0be9e620b6e55fdd4985585520186a0389693ab74e40ba70ef5fc8860030e3b091744bf0eea84969c3af7f954e3abaceccc2afc603c7cf741b9f68bdbc79fc23698e19329120f22a07f95d53a218f34218a87e999267a6111e973ab6b2f5192e0849a3b2413e6b24bc4d6e4623b2fa003cf07ee7f491eef3513f2f2c0c12dc81a32182b64a92f05c9eba84b572fc592097d88129c8529f5cf825ba264aa519d28b8ee4095b6ccace7671511f4962d8"}, @generic="98a11cacc10015aba31b935389ecaa786dac3628c0e79402a457182f6a9293c906937f10b4a92504eb58499713f2b32ca99b0aa45bba1d32f2b1c3c442c749f844200bd6f861186d225c03b471b176b318230fd4002f917eb59a53a485515da233800642107c90195205156339cf411db1c1765a23c4146f2c8c9352e4cb715b5e9f5a5b80d71242b6817412613ed7c7b8af94cc9746fb4f9833d45b202faafd6d70ba625c4da071d93a97c30169a8db64", @nested={0x4, 0x5f}]}, @typed={0x9, 0xf2, 0x0, 0x0, @str='ext4\x00'}, @nested={0xfe, 0x5f, 0x0, 0x1, [@generic="9735babb7ae976804342854d5b79408ee545451bc6c814dc68639b82efc09a1a9a992a81d0cf80bb421e0ebc4b6a", @generic="04315711494640759460c773e1ee2f143c92afe196f84a2f2b1b97996286b5b9b959e963be08ad66fb97b983d5e650b24852edcbe87aaa6290f351c023876465d2589dab54faeb835741f09b0ea2c5b7f8c1e21066a3cf4b9d00b36dd00089d0f04cebf0b73a57f7c030f451201a9223a18c2c35a5e42c86e9a12987d0c1c76949b1e68d5e2b75efd2e896999f01ad1e91cfd3d978e19e2eec81aee6", @typed={0xf, 0x144, 0x0, 0x0, @str='](\\:\\\xd4!@#(\x00'}, @typed={0x14, 0xc0, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00'}, @nested={0x4, 0xd2}, @nested={0x4, 0xa1}, @nested={0x4, 0x67}]}, @typed={0x8, 0xc5, 0x0, 0x0, @fd=r1}, @typed={0x8, 0x86, 0x0, 0x0, @fd=r2}, @nested={0x4, 0x19}, @typed={0x8, 0xca, 0x0, 0x0, @fd=r4}]}, 0x39c}, 0x1, 0x0, 0x0, 0x20040080}, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=@framed={{}, [@printk={@llx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2a08000, &(0x7f00000001c0)={[{@acl}, {@user_xattr}]}, 0xfc, 0x480, &(0x7f0000000840)="$eJzs3MlvG1UYAPDP4zhNuoalQBcgbKJiadp0oQcuIJA4gIQEh8ItpGkV6lLUBIlWFSkIlSOqxB1xROIv4AQXBJyQuMIdVapQLi2LxKAZz7TO5sSJU7f17yc5em/m2fO+efPGb96ME0DPGs7+VCI2R8RvWTrJs9elRaGs3LXZ8+N/zZ4fr0SavvFnJV93dfb8eFm2fN/mIrMniUg+rcSuRbY7dfbcybF6feJMkR+ZPvX+yNTZc89Onho7MXFi4r3RI0cOHtj/3OHRQx2Jc0tW150fnd6945W3Lr02fvTSOz9901fWdV4cnTIcw3P2ZbMnOr2xLtvSlK70dbEitKUaEVlz1fL+vy2qcaPxtsXLn3S1csC6StM03br06gspcAerRLdrAHRH+UV/dXYwBtbpOvhWduWFxgVQFve14tVY0xdJUaY27/q2kwaKeZOjF/7+MvL9v6Gn9j8AcPN9l41/nmmMf8pXY81Q3NdUbms+H5wtjbgrIu6OiHsi4t6I2B6Rl70/Ih5oc/vD8/ILx5/J5VUFtkLZ+O/54t7W3PFfMfr7Lx2qFrktMRhDUascn6xP7Cv2yZ6obTg+WR9stY3vX/r186XWDRdjv/KVbb8cCxb1uNy3Ye57jo1Nj60p6CZXPs7nAGcWxn/jzlWW2hERO1fx+dm4efKpr3cvtX75+FvowH2m9KuIJxvtfyFaxD///mTZ4IdHD40MRH1i30h5VCz08y8XX19q+2uKvwOy9t+46PF/Pf6hSvP92qn2t3Hx98+WvKZp4/h/u1ySHf/9lTfzdH+x7MOx6ekz+yP6K68uXD5649PKfFn+yubtEY8t3v+zc1x2jGXx74qI7CB+MCIeioiHi7o/EhGPRv4Ri5m5FhE/vvj4u6uJP1lux3ZA1v7H5rR/LNP+7SeqJ3/4djXxN2TtfzBP7SmWrOT8t9IKrmXfAQAAwO0iyZ+BryR7r6eTZO/eiE353O7GpH56avrp46c/+OdY41n5oagl5UxXYz64MR+6v5gbLvOj8/IHinnjL6qDeX5jce8b6J5Nzf0/n3Bs9P/MH9UuVw5Yf36vBb1rFf2/5QMPwO3D9z/0rjb6v1MF3GFW2qnTda4HcPMt1v9nulAP4OYzqIfepf9D79L/oXfp/9CT1vK7follEjNt796BaFWm/xaJK09EkifSmS5W49/iMbSVFV6/+pT/LWP5wrWi390KLdg60b1zEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQCf9HwAA///ztNvN") r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000006c0)='net/route\x00') preadv(r6, &(0x7f00000025c0)=[{&(0x7f0000002500)=""/79, 0x4f}], 0x1, 0x10006c, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="77ba00000000000000001f000000080001"], 0x48}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000200)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_VENDOR(r6, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000340)={0x150, r8, 0x20, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_VENDOR_DATA={0x60, 0xc5, "601844b65bd15e70686f8105bdaf6bc763a759679a5999fa128e566379dd1e77183197925c9af81cb1d25111ae6915549401f8bd2000ccd54dcc66c4b9cf8d17789df21d731b32ce2f943313d0de32bd000f7db8291113bff73b9344"}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0xead}, @NL80211_ATTR_VENDOR_DATA={0x68, 0xc5, "1af728bffd1aa5776c0e402f75871c59eb4e2107c694ce321255c17fde92c8dd124e52a5ff6cd61fadd8b7ae08562de32ae4458c5ea96ab778059f103e1627d977249d04dbc0378fc29a4b8b9c8675e0ff4a81741c51523e9f46cb69f02534e54f819395"}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x7}, @NL80211_ATTR_VENDOR_DATA={0x5b, 0xc5, "b4971a055eb5a9b469255fb02df89e060ebd46729759684f6518965b34f5ec636739e6ec3def382016c84757f5658a39433743289648d62d2ff471296511eaf581333cbea8e98b5760cf44bed394b9417e82f5ed81d7dc"}]}, 0x150}, 0x1, 0x0, 0x0, 0x1}, 0x10) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000002780), 0x2, 0x0) 1m27.095755011s ago: executing program 4 (id=492): syz_mount_image$vfat(&(0x7f0000003880), &(0x7f0000000000)='./file0\x00', 0x14812, &(0x7f00000000c0)=ANY=[@ANYBLOB='iocharset=iso8859-%,utf8=1,shortname=lower,uni_xlate=1,shortname=win95,iocharset=cp775,uni_xlate=1,rodir,utf8=1,uni_xlate=0,tz=UTC,rodir,uni_xlate=0,utf8=0,codepage=1255,nonumtail=0,\x00'], 0x25, 0x2a1, &(0x7f0000002300)="$eJzs3T9rI0cUAPC3siwpSSEVqUIgC0mRythu08gEG0xUJahIUiQmtiFYImCDIX+I4iptmpT5BIFAuvsS19w3OLj24LpzYdhjpd2T7JNl67Ds+/P7NR7Pzpt5Mx5sXOzT9x/2D3bT2D/57WE0GklU2tGO0yRaUYnSH3FO+68AAF5np1kWT7KReeKSiGgsLi0AYIHm/vv//8JTAgAW7Kuvv/lio9PZ/DJNG7HV//O4m/9nn38dPd/Yjx+jF3uxGs04i8ieG7W3siwbVNNcKz7pD467eWT/u/vF/BuPI4bxa9GM1rDrfPx2Z3MtHZmIH+R5vFus387j16MZ709Zf7uzuT4lPrq1+PTjifxXohkPfoifohe7wyTG8b+vpenn2d9Pf/02Ty+PTwbH3fpw3Fi2dMs/GgAAAAAAAAAAAAAAAAAAAAAA3mArRe2cegzr9+RdRf2dpbP8m+VIS63z9XlG8Uk50YX6QIMs/inr66ymaZoVA8fx1figGtW72TUAAAAAAAAAAAAAAAAAAAC8Wo5+/uVgp9fbO7yRRlkNoHyt/2XnaU/0fBSzB9fHa1WK5oyZY6kck0TMTCPfxA0dy1WNdy7L+d//5p2wcfWY5VnnczON8nYd7CTTz7AeZU+jvCT3JsfU4ppr1S57lM11/WpTHzXn3nvtvWFjMGNMJLMS++zR6OSKnuTiLmrDU50avlw0JsIv3I257vOLvysS1ToAAAAAAAAAAAAAAAAAAGChxi/9Tnl4MjO0ktUXlhYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3Krx5//P0RgUwdcYXIvDozveIgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG+BZwEAAP//w1FiAg==") r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7050000000000006110480000000000dc0500001000000095000000000000009abb1723bf24203831c9545b21c751ee4024f479cbe4b89f9808837203000000000000c2d182c7a3221481f5009edaf5f5ac058299e10e790a198f42a715b99fb3d2a73dd025848710155ad1efd7d991408000000000000085a0db0401fa29e075b7ab0408a0d8cfceeb23465bb027ee1151c02af21d8f9aa57e673a6724441d08087aff070eda8abef22b3a806c8226f5a2886c93bd29b37252ba4a6e9cc5f69e75680c431aa855e487ae513abd6c4ee973fce29a26018ed5e0780f8778a602a3533a3dac7da4fe491edf3abfa7bf871c58848ac46ada6776bd9b85df01e626026a59ddfa7a9c879acbfb0bf426785dec7d8611dc850df49ed8633bdb83dd505fb20649f53841a0e200c91f5bf1bb186ed87efc7b6f8859d029c8376ca19265e281fea0a6fd2222f8850c8445758503ede0ce1b3f73ecd8989e8c53c5e679b13802bddf80f3b1d07d6d68bfa12ab34697d40ac1150a842f8bb381344b994c19642a10eb30845a993daaa8bd4aebc595475feb3475d8e802498382e73edb98fcf2df96ab3c870490c4"], &(0x7f00000002c0)='syzkaller\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = dup(r1) ioctl$KDSKBENT(r2, 0x4b47, &(0x7f0000000000)={0x1, 0x0, 0x27f}) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) wait4(r0, 0x0, 0x8, 0x0) wait4(r0, 0x0, 0x80000000, 0x0) socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40008d5}, 0x4000004) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) recvmmsg(r4, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0xffffffffffffffa7}}], 0xf00, 0x4c42bb4f92, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x6c, 0x43, 0xa6, 0x8, 0x5d1, 0x9003, 0x200, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x42, 0xcc, 0x98}}]}}]}}, 0x0) shutdown(r4, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) 1m26.69280522s ago: executing program 4 (id=494): socket$unix(0x1, 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=@framed={{}, [@printk={@llx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000540)={[{@test_dummy_encryption}]}, 0x1, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b) 1m26.58249746s ago: executing program 4 (id=495): syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000780)='./file0\x00', 0x0, &(0x7f00000000c0)={[{@data_err_ignore}, {@mblk_io_submit}, {@i_version}]}, 0x1, 0x746, &(0x7f0000000f40)="$eJzs3c9rHGUfAPDvbJOmb9vXpODBimCgBwulG5vWUkGkogcpVop689Bud7ehZLdbspvShIpWFMGTSPHsj5M3/wFRBL15FDx7kkKRUi+CsDLb2bjt7jabNJtV9/OBCc8zM5tnvjszz/Mkz8NMAGNrNv2Ri9gfER8lEdPZ+iQiJlupiYiTd/e7c/taMV2SaDZf/y1p7ZPmo+MzqT1Z5rGI+O79iEO57nLrK6uLhUqlvJTl5xrVy3P1ldXDF6uFhfJC+dL88WePzp+Yf+bE/JbF+sd7r54/9dVLX9x498dfXnvr1JNJnIy92bbOOLbKbMxm38lk+hXe48WtLmzEklEfAJuS3po77t7lsT+mY0crBQD8l70dEU0AYMwk2n8AGDPt/wO0x/aGMQ72T3brhYjY1Sv+iWzMbldrHHT3neSekZEkIma2oPzZiLj65gdfp0sMaRwSoJd3rkfEuZnZ7vov6ZqzsFFPD7DP7H159R9sn2/T/s+JXv2f3Fr/J3r0f6Z63Lubsf79n7u5BcX0lfb/nuvZ/12btDazI8v9v9Xnm0wuXKyU07rtkYg4GJNTaf7IA8o49vHzP/Tb1tn/S5e0/HZfMDuOmxNT936mVGgUHibmTreuRzw+0Sv+ZO38J336v2cGLKPx/ROf99u2fvzD1fws4qme5//vGW1Jx/zEqeianzjXuh7m2ldFt/yH0/v6lT/q+NPzv/vB8c8knfM16xsv46dP/ny537bNXv87kzda6Z3ZuquFRmPpSMTO5JXu9R1TSNv59v5p/AcPPLj+63X9p38Tnhsw/sVPvzy/+fiHK42/tKHzv/HEgZ+/6R1PM5ttvO75P9ZKHczWDFL/DXqAD/PdAQAAAAAAAAAAAAAAAAAAAAAAAMCgchGxN5Jcfi2dy+Xzd9/h/WjszlVq9cahC7XlS6VovSt7JiZz7SddTnc8D/VI9jz8dn7+vvzRiNgXETem/tfK54u1SmnUwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZk+f9/+nfp0a9dEBAEOza9QHAABsO+0/AIwf7T8AjB/tPwCMH+0/AIwf7T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDdub06XRp/n77WjHNl66sLC/WrhwuleuL+epyMV+sLV3OL9RqC5Vyvlirrvf7KrXa5fnjsXx1rlGuN+bqK6tnq7XlS42zF6uFhfLZ8uS2RAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG1NfWV0sVCrlJQkJCYm1xKhrJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/h78CAAD//6LRHug=") r0 = open(0x0, 0x400141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x580000a, 0x13, r0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x18) r2 = open(&(0x7f00000005c0)='./bus\x00', 0x66842, 0x19) prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x24a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000240)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="070000000000000000000000000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) pwritev2(r2, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xffffffe4}], 0x1, 0x1400, 0x0, 0x0) 1m26.54512286s ago: executing program 32 (id=495): syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000780)='./file0\x00', 0x0, &(0x7f00000000c0)={[{@data_err_ignore}, {@mblk_io_submit}, {@i_version}]}, 0x1, 0x746, &(0x7f0000000f40)="$eJzs3c9rHGUfAPDvbJOmb9vXpODBimCgBwulG5vWUkGkogcpVop689Bud7ehZLdbspvShIpWFMGTSPHsj5M3/wFRBL15FDx7kkKRUi+CsDLb2bjt7jabNJtV9/OBCc8zM5tnvjszz/Mkz8NMAGNrNv2Ri9gfER8lEdPZ+iQiJlupiYiTd/e7c/taMV2SaDZf/y1p7ZPmo+MzqT1Z5rGI+O79iEO57nLrK6uLhUqlvJTl5xrVy3P1ldXDF6uFhfJC+dL88WePzp+Yf+bE/JbF+sd7r54/9dVLX9x498dfXnvr1JNJnIy92bbOOLbKbMxm38lk+hXe48WtLmzEklEfAJuS3po77t7lsT+mY0crBQD8l70dEU0AYMwk2n8AGDPt/wO0x/aGMQ72T3brhYjY1Sv+iWzMbldrHHT3neSekZEkIma2oPzZiLj65gdfp0sMaRwSoJd3rkfEuZnZ7vov6ZqzsFFPD7DP7H159R9sn2/T/s+JXv2f3Fr/J3r0f6Z63Lubsf79n7u5BcX0lfb/nuvZ/12btDazI8v9v9Xnm0wuXKyU07rtkYg4GJNTaf7IA8o49vHzP/Tb1tn/S5e0/HZfMDuOmxNT936mVGgUHibmTreuRzw+0Sv+ZO38J336v2cGLKPx/ROf99u2fvzD1fws4qme5//vGW1Jx/zEqeianzjXuh7m2ldFt/yH0/v6lT/q+NPzv/vB8c8knfM16xsv46dP/ny537bNXv87kzda6Z3ZuquFRmPpSMTO5JXu9R1TSNv59v5p/AcPPLj+63X9p38Tnhsw/sVPvzy/+fiHK42/tKHzv/HEgZ+/6R1PM5ttvO75P9ZKHczWDFL/DXqAD/PdAQAAAAAAAAAAAAAAAAAAAAAAAMCgchGxN5Jcfi2dy+Xzd9/h/WjszlVq9cahC7XlS6VovSt7JiZz7SddTnc8D/VI9jz8dn7+vvzRiNgXETem/tfK54u1SmnUwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZk+f9/+nfp0a9dEBAEOza9QHAABsO+0/AIwf7T8AjB/tPwCMH+0/AIwf7T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDdub06XRp/n77WjHNl66sLC/WrhwuleuL+epyMV+sLV3OL9RqC5Vyvlirrvf7KrXa5fnjsXx1rlGuN+bqK6tnq7XlS42zF6uFhfLZ8uS2RAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG1NfWV0sVCrlJQkJCYm1xKhrJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/h78CAAD//6LRHug=") r0 = open(0x0, 0x400141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x580000a, 0x13, r0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x18) r2 = open(&(0x7f00000005c0)='./bus\x00', 0x66842, 0x19) prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x24a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000240)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="070000000000000000000000000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) pwritev2(r2, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xffffffe4}], 0x1, 0x1400, 0x0, 0x0) 45.357264631s ago: executing program 1 (id=686): openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=@framed={{}, [@printk={@llx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) keyctl$invalidate(0x15, 0x0) fstat(0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000540)={[{@test_dummy_encryption}]}, 0x1, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b) 44.506588569s ago: executing program 1 (id=692): r0 = syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10400, &(0x7f0000000540)={[{@quota}]}, 0xfe, 0x253, &(0x7f0000000240)="$eJzs3T+II1UcB/DvTBLv9i7IqY0g/gER0YXl7ASbs1E4kOMQEVQ4EbFR7oTzDruLlY2F1ipX2Sxi52op2yw2imC16hZrI+hi4WKhQiSZjcRsRHcTM8fO5wOTvMm8N78ZMt+XNJMEaKxTSc4kaSVZTtJJUox3uKdaTu2tXl/auJD0+0/+XAz7VeuV0biTSXpJHk6yXhZ5uZ1cXXt2+9fNx+9/60rnvg/Wnlla6Enu2dneemL3/XNvfnz2oatffv3juSJn0v3bec1fMeW1dpHc+n8Uu0EU7bqPgP/i/OsffTPI/W1J7h3mv5My1Zv39uWb1jt58L1/GvvOT1/dschjBeav3+8MPgN7faBxyiTdFOVKkqpdlisr1Xf4b1snylcuXX5t+aVLVy6+WPdMBcxLN9l67NNjn5ycyP8PrSr/wNE1yP9T51e/G7R3W3UfDbAQd1ZPg/wvP3/tgcg/NI78Q3PJPzSX/EODTGRc/qG55B+aS/7hCOuMGr2pm+Ufmkv+obnkH5prPP8AQLP0j9V9BzJQl7rnHwAAAAAAAAAAAAAAAAAAYL/rSxsXRsuian7+brLzaJL2tPqt4f8RJ8eHjyd+KQbd/lJUw2by3N0z7mBGH9Z89/XN39db/4u76q1/7WLSeyPJ6XZ7//VX7F1/h3fLv2zvvDBjgQMqJtYfeXouu/3jsAN/X51L/YM6Pmqc3Uw+G8w/p6fNP2VuH+s+Of90x39i+ZBe/W3GHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAwfwYAAP//CLBu0w==") (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000001400), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) (async) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000880)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@data_err_ignore}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@noauto_da_alloc}, {@journal_checksum}, {@nodioread_nolock}]}, 0x3, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O") prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x6, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r4, 0xc, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x7000000}, 0x50) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}}) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[]) (async) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x18) (async) chown(&(0x7f0000000340)='./file0\x00', 0xee01, 0x0) (async) listxattr(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000040)=0x0) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r0, 0x5000943f, &(0x7f0000001600)={{r0}, r6, 0x6, @inherit={0x50, &(0x7f00000004c0)={0x1, 0x1, 0x3, 0x7f, {0x2a, 0x80000001, 0xcdc, 0xb57a}, [0x300000000000000]}}, @devid}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) (async) preadv(r1, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xfdef}], 0x1, 0x0, 0x0) 44.325885169s ago: executing program 1 (id=693): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) r2 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000600)=ANY=[@ANYBLOB="180000007d0c0000000000000000000018010300646c6c2500000000002020207b1af8ff40000000800000000000000007010000f8ffffffb702000008000000b7035b9047ba20d039fe000000000000008085000000060000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r6}, 0x10) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000080)='./file1\x00', 0x1010000, &(0x7f0000000380)={[{@utf8}, {@iocharset={'iocharset', 0x3d, 'koi8-r'}}, {@uni_xlateno}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8no}, {@utf8}, {@numtail}, {@numtail}, {}, {@utf8no}, {@utf8no}, {@shortname_win95}, {@numtail}, {@shortname_lower}, {@shortname_lower}, {@fat=@check_strict}, {@fat=@allow_utime={'allow_utime', 0x3d, 0x1ff}}]}, 0x1, 0x363, &(0x7f0000000e00)="$eJzs3U1oY1UbAOA3vWnSGfi+dicKQnQnaJnOTje2SAcGu1EJ/izE4HRUkiq0WGwX09aF4lJwqSt3CrpwIS5FUMSdC7eOIKPiQmc34OCR5OYmt0naaQerFJ8Hmpy+57znnPtDcntJTp9bjPal6bh8/fq1mJmpRHXxkcW4UYm5yKKwG+NqE2IAwOlwI6X4PeWOmFI54SkBACes9/7/QkQ0Yi6PvP7lYe2Td38AOPX6f/+fOazNzEEVr5zIlACAEzZ2///efdW13k+1+LVa+lQAAHBaPfH0M48urUQ83mjMRKy9udncbMZDw/qly/FSdGI1zsVs3IzILxS6D5Xe44WLK8vnGo3GTvw0F82ImOonNvMrhaWsl1+PhZiNuX5+/2ojpZRd+GRleaHRExG7O73xY62y2ZyOs/3xvz8bq8MLj6KT3lPExZXl841+B821In8nYm9436I7//mYjW+fH3STUvEJxpXlKwvFpIf5m816XBrshQPvgAAAAAAAAAAAAAAAAAAAAAAAwG2ZbwzMDdbPSd3nfKWc+fkJ9b31cfL8/vpAe/n6QKmeIqXfXnug+VYW+9YHGl2fZ9NCggAAAAAAAAAAAAAAAAAAADCwsVWLVqezur6xtd0uF3bWN7amIqIbefnrj744E+NtblGo5kPUIwZDNPrDbrdbKSsapyxiPD3rDl5EPvh0MONym/pgKyZOo35wVafzv3t+fHcYuTsrev5z2CaLyRuYlabx8EjPa//Pp3ScHTUonC9H6uOjX00plSJvlNOvPDveYVQiqsc/cNvtqTi4TeoWvrr24p3F3m99nnL33T/75NV33v+l3ep0R47eEaytb9xM7ValaHy83dLd1UWkEnmhUj4Tqoel7+2PtLLvfn3qrre/OdroqRx5tXs+j7TJ8s35eDS9lhe60xypOjNMn+5vRGd1esLJf6vCbRzTO9777MOUfvj5yEMMTY29bFT+nlcfAAAAAAAAAAAAAAAAAACgrPRd8b7+l32nD8t68LGTnxkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/HOG//+/VNjbjZHIUQp/7EzIqq+ub0TU/u3NBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgP+6vAAAA///tLFqQ") socket$inet6(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = dup(0xffffffffffffffff) getsockname$packet(r7, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000001540)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=@newtaction={0x88, 0x30, 0x90d, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x3ffd, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x1, r8}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0x1, 0x20000000, 0xfffffff9, 0x200}, 0x1, r8}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}}, 0x0) 43.394579085s ago: executing program 1 (id=703): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x54, &(0x7f0000000100)={[{@bh}, {@errors_continue}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5e}}, {@barrier_val={'barrier', 0x3d, 0x8}}, {@delalloc}, {@jqfmt_vfsv0}, {@usrjquota}]}, 0x1, 0x477, &(0x7f00000002c0)="$eJzs209sFNUfAPDvzG4LP/hBK6IIolbR2Ki0tKBy8KLRxIMmJnrAi0ltC0EWamhNhBCtxuDRkHhXjyYm3jx4Ug9GPZl41bshIcoF9FQzuzPLdrv9s7TdUvbzSaZ5b+ZN3/vuzJt5M283gK41kP1JIv4fEb9HRF8tWzeXF8rKXb96YfyfqxfGk5ibe/WvpFru2tUL40XZYr/teWYwjUg/SvJK5ps+d/7UWKUyeTbPD8+cfnt4+tz5gydPj52YPDF5ZvTo0SOHR55+avTJdkPa2mplFt+1fe9N7d/74uuXXh4/dunNn79K8vXRFMdK9KygzEAW+N9zVc3bHmmnsk1gR0M6KTduKXe+MaxYKT9CPdX+3xelhuPVFy98uGCHtMMNBNZNdm/asvjm2TngNpbERrcA2BjFjT57/i2WDg09bglXnq09AGVxX8+X2pZy/VGnp+n5di0NRMSx2X8/y5a4ifcQAADt+i4b/zzRavyXRuMYcWc+N9QfEXdExK6IuDMidkfEXRFxd0TsiYh72qy/eWpo4fgnvbya+JaTjf+eyee25o//6i+6+0t5bkc1/p7k+MnK5KH8MxmMni1ZfmSJOr5//rdPFtvWOP7Llqz+Y/Mml9LL5aYXdBNjM2PZoPSNgzcfd+HKBxH7yq3iT+ozAUlE7I2Ife39651F4uRjX+5frFDL+POx8LLWYGpp7ouIR2vHfzaa4i8kS89PDm+NyuSh4eKsWOiXXy++slj9q4p/DWTHf9v887+5SH/SOF873X4dF//4eNFnmuXjb33+9yavVa9Hvfm6d8dmZs6ORPQmL9X2alw/emPfIl+Uz+IfPNC6/+/K98nivzcispP4voi4PyIeyNv+YEQ8FBEHloj/p+cefuvm419fWfwTLa9/9fO/6fi3nyid+vHbxeqvxv/Nzoglj/+RamowX1O9/i2jMrCyBq7mswMAAIDNIq1+Bz5Jh+rpNB0aqn2Hf3dsSytT0zOPH59658xE7bvy/dGTFm+6+hreh44ks/l/rOVH83fFxfbD+XvjT0v/q+aHxqcqExscO3S77Q39f9eeG/0/82epXuzrHxpnRPykA24f+jN0r+b+7zd+0D3c/6F76f/QvfR/6F6t+v/7TflSh9oCdJb7P3Qv/R+6l/4P3Uv/h660mt/1dyzxefmWaIZEkUinz52PdMObsZ6J3s3UQdYjsfBaUTZOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANqH/AgAA//89t/CN") r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x521000, 0x0) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x5, 0x28011, r2, 0xfb231000) ptrace$PTRACE_SETSIGMASK(0x420b, r1, 0x8, &(0x7f0000000040)={[0x5]}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000300000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000a61a7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000280)={'sit0\x00', &(0x7f0000000880)={'erspan0\x00', 0x0, 0x8000, 0x8, 0x1, 0xff, {{0x1f, 0x4, 0x1, 0x5, 0x7c, 0x66, 0x0, 0x0, 0x0, 0x0, @private=0xa010101, @multicast1, {[@timestamp_prespec={0x44, 0xc, 0x1a, 0x3, 0x0, [{@private=0xa010100, 0x6}]}, @end, @lsrr={0x83, 0x7, 0x3a, [@broadcast]}, @timestamp_prespec={0x44, 0x34, 0xb7, 0x3, 0x9, [{@remote, 0x1}, {@remote, 0xac2}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x8}, {@dev={0xac, 0x14, 0x14, 0x18}, 0x8}, {@loopback, 0x91}, {@loopback, 0x5}]}, @lsrr={0x83, 0x1f, 0x1c, [@remote, @multicast2, @loopback, @dev={0xac, 0x14, 0x14, 0x1e}, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}}}) eventfd(0x3) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000a80)={&(0x7f0000000940)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0x6, [@var={0x10, 0x0, 0x0, 0xe, 0x4, 0x1}, @fwd={0x7}, @volatile={0xf, 0x0, 0x0, 0x9, 0x4}, @float={0xe, 0x0, 0x0, 0x10, 0x8}, @ptr={0xe, 0x0, 0x0, 0x2, 0x2}]}, {0x0, [0x2e, 0x5f, 0x61, 0x5f]}}, &(0x7f00000009c0)=""/135, 0x5e, 0x87, 0x1, 0x10001, 0x10000, @value}, 0x28) r6 = syz_btf_id_by_name$bpf_lsm(&(0x7f0000000b00)='bpf_lsm_tun_dev_open\x00') r7 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') openat$cgroup_ro(r7, &(0x7f0000000040)='cpuacct.usage_all\x00', 0x26e1, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000bc0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000b40), &(0x7f0000000b80)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x16, 0x13, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00', 0x7, 0x52, &(0x7f0000000200)=""/82, 0x41100, 0x40, '\x00', r4, @flow_dissector, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000ac0)={0x2, 0xb, 0x8001, 0x81}, 0x10, r6, 0xffffffffffffffff, 0x0, &(0x7f0000000c00)=[r7, r8], &(0x7f0000000c40), 0x10, 0x1, @void, @value}, 0x94) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x54, &(0x7f0000000100)={[{@bh}, {@errors_continue}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5e}}, {@barrier_val={'barrier', 0x3d, 0x8}}, {@delalloc}, {@jqfmt_vfsv0}, {@usrjquota}]}, 0x1, 0x477, &(0x7f00000002c0)="$eJzs209sFNUfAPDvzG4LP/hBK6IIolbR2Ki0tKBy8KLRxIMmJnrAi0ltC0EWamhNhBCtxuDRkHhXjyYm3jx4Ug9GPZl41bshIcoF9FQzuzPLdrv9s7TdUvbzSaZ5b+ZN3/vuzJt5M283gK41kP1JIv4fEb9HRF8tWzeXF8rKXb96YfyfqxfGk5ibe/WvpFru2tUL40XZYr/teWYwjUg/SvJK5ps+d/7UWKUyeTbPD8+cfnt4+tz5gydPj52YPDF5ZvTo0SOHR55+avTJdkPa2mplFt+1fe9N7d/74uuXXh4/dunNn79K8vXRFMdK9KygzEAW+N9zVc3bHmmnsk1gR0M6KTduKXe+MaxYKT9CPdX+3xelhuPVFy98uGCHtMMNBNZNdm/asvjm2TngNpbERrcA2BjFjT57/i2WDg09bglXnq09AGVxX8+X2pZy/VGnp+n5di0NRMSx2X8/y5a4ifcQAADt+i4b/zzRavyXRuMYcWc+N9QfEXdExK6IuDMidkfEXRFxd0TsiYh72qy/eWpo4fgnvbya+JaTjf+eyee25o//6i+6+0t5bkc1/p7k+MnK5KH8MxmMni1ZfmSJOr5//rdPFtvWOP7Llqz+Y/Mml9LL5aYXdBNjM2PZoPSNgzcfd+HKBxH7yq3iT+ozAUlE7I2Ife39651F4uRjX+5frFDL+POx8LLWYGpp7ouIR2vHfzaa4i8kS89PDm+NyuSh4eKsWOiXXy++slj9q4p/DWTHf9v887+5SH/SOF873X4dF//4eNFnmuXjb33+9yavVa9Hvfm6d8dmZs6ORPQmL9X2alw/emPfIl+Uz+IfPNC6/+/K98nivzcispP4voi4PyIeyNv+YEQ8FBEHloj/p+cefuvm419fWfwTLa9/9fO/6fi3nyid+vHbxeqvxv/Nzoglj/+RamowX1O9/i2jMrCyBq7mswMAAIDNIq1+Bz5Jh+rpNB0aqn2Hf3dsSytT0zOPH59658xE7bvy/dGTFm+6+hreh44ks/l/rOVH83fFxfbD+XvjT0v/q+aHxqcqExscO3S77Q39f9eeG/0/82epXuzrHxpnRPykA24f+jN0r+b+7zd+0D3c/6F76f/QvfR/6F6t+v/7TflSh9oCdJb7P3Qv/R+6l/4P3Uv/h660mt/1dyzxefmWaIZEkUinz52PdMObsZ6J3s3UQdYjsfBaUTZOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANqH/AgAA//89t/CN") (async) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x521000, 0x0) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) ptrace(0x10, r1) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x5, 0x28011, r2, 0xfb231000) (async) ptrace$PTRACE_SETSIGMASK(0x420b, r1, 0x8, &(0x7f0000000040)={[0x5]}) (async) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000300000005"], 0x48) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000a61a7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000280)={'sit0\x00', &(0x7f0000000880)={'erspan0\x00', 0x0, 0x8000, 0x8, 0x1, 0xff, {{0x1f, 0x4, 0x1, 0x5, 0x7c, 0x66, 0x0, 0x0, 0x0, 0x0, @private=0xa010101, @multicast1, {[@timestamp_prespec={0x44, 0xc, 0x1a, 0x3, 0x0, [{@private=0xa010100, 0x6}]}, @end, @lsrr={0x83, 0x7, 0x3a, [@broadcast]}, @timestamp_prespec={0x44, 0x34, 0xb7, 0x3, 0x9, [{@remote, 0x1}, {@remote, 0xac2}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x8}, {@dev={0xac, 0x14, 0x14, 0x18}, 0x8}, {@loopback, 0x91}, {@loopback, 0x5}]}, @lsrr={0x83, 0x1f, 0x1c, [@remote, @multicast2, @loopback, @dev={0xac, 0x14, 0x14, 0x1e}, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}}}) (async) eventfd(0x3) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000a80)={&(0x7f0000000940)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0x6, [@var={0x10, 0x0, 0x0, 0xe, 0x4, 0x1}, @fwd={0x7}, @volatile={0xf, 0x0, 0x0, 0x9, 0x4}, @float={0xe, 0x0, 0x0, 0x10, 0x8}, @ptr={0xe, 0x0, 0x0, 0x2, 0x2}]}, {0x0, [0x2e, 0x5f, 0x61, 0x5f]}}, &(0x7f00000009c0)=""/135, 0x5e, 0x87, 0x1, 0x10001, 0x10000, @value}, 0x28) (async) syz_btf_id_by_name$bpf_lsm(&(0x7f0000000b00)='bpf_lsm_tun_dev_open\x00') (async) syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') (async) openat$cgroup_ro(r7, &(0x7f0000000040)='cpuacct.usage_all\x00', 0x26e1, 0x0) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000bc0)={{}, &(0x7f0000000b40), &(0x7f0000000b80)}, 0x20) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x16, 0x13, &(0x7f0000000040)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00', 0x7, 0x52, &(0x7f0000000200)=""/82, 0x41100, 0x40, '\x00', r4, @flow_dissector, r5, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000ac0)={0x2, 0xb, 0x8001, 0x81}, 0x10, r6, 0xffffffffffffffff, 0x0, &(0x7f0000000c00)=[r7, r8], &(0x7f0000000c40), 0x10, 0x1, @void, @value}, 0x94) (async) 43.056307704s ago: executing program 1 (id=704): r0 = syz_open_procfs(0x0, &(0x7f0000000100)='gid_map\x00') writev(r0, &(0x7f0000000180)=[{0x0}], 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r1 = getpid() socket$inet_udp(0x2, 0x2, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=@framed={{}, [@printk={@llx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) keyctl$invalidate(0x15, 0x0) syz_io_uring_setup(0x312, &(0x7f00000001c0)={0x0, 0xc4e6, 0x200, 0x1, 0x318, 0x0, r0}, &(0x7f0000000240), &(0x7f0000000280)) fstat(0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000a40)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@journal_dev={'journal_dev', 0x3d, 0x48000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@max_batch_time={'max_batch_time', 0x3d, 0x7}}, {@delalloc}, {@nodioread_nolock}]}, 0x3, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O") prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x18) chown(&(0x7f0000000340)='./file0\x00', 0xee01, 0x0) syz_open_dev$usbfs(0x0, 0x203, 0x8401) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x93) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 42.954463164s ago: executing program 1 (id=705): socket$unix(0x1, 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=@framed={{}, [@printk={@llx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) keyctl$invalidate(0x15, 0x0) fstat(0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000540)={[{@test_dummy_encryption}]}, 0x1, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") open(&(0x7f0000000340)='./bus\x00', 0x64842, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b) 42.879528524s ago: executing program 33 (id=705): socket$unix(0x1, 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=@framed={{}, [@printk={@llx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) keyctl$invalidate(0x15, 0x0) fstat(0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000540)={[{@test_dummy_encryption}]}, 0x1, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") open(&(0x7f0000000340)='./bus\x00', 0x64842, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b) 8.400897516s ago: executing program 6 (id=877): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)={0x0, 0x5, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000e40)={0x34, &(0x7f0000000c00)={0x40, 0x15, 0x4, 'U$i$'}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000180)={0x1c, &(0x7f0000000200)={0x20, 0x13, 0x4, '4\x007$'}, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000580)={0x2c, &(0x7f0000000440)={0x0, 0x11, 0x4, "f5a9b9cf"}, 0x0, 0x0, 0x0, 0x0}) 6.605456351s ago: executing program 0 (id=895): syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f00000002c0)='./bus\x00', 0x1800840, &(0x7f0000000080)={[{@rodir}, {@shortname_winnt}, {@uni_xlate}, {@shortname_lower}, {@shortname_win95}, {@numtail}, {@shortname_mixed}, {@rodir}, {@shortname_win95}, {@uni_xlate}, {@iocharset={'iocharset', 0x3d, 'maccroatian'}}, {@utf8no}, {@shortname_lower}]}, 0x1, 0x37b, &(0x7f0000006180)="$eJzs3T9sG9UfAPCve0mcVOovGX5SBRLSwYYEUf+IAaZUVSpVZAFkFRgQFnUB5UKFLSySoW5YECMSI0wsiAEGhs4ICYTYGFgpEiogFrpVouIh2+fYqR3TDm6p+HwG65vve997786X+HKJn19ei83z83Hh+vVrsbhYibm102txoxIrkcXA5Ri3MCEHANwfbqQUf6S+2yypzHhKAMCM9V7/Xz0yknnn62n9k1d/ALjvlb//L03rs3hQw8WZTAkAmLGx+/+P7Gte2P+n/rmR/woAAO5Xz73w4tOnNiKezfPFiK1327V2LZ4atp+6EK9HEY04FstxM6J/odB9qPQez5zdWD+W53knflmJWreiXYvY6rRr/SuFU1mvvhrHYzlWyvryaiOllJ35YmP9eN4TEZc7vfFjq9KuzcfhcvwfD0cjTkQe/x+rjzi7sX4iLzdQ2xrUdyJ2h/ctuvNfjeX4/pW4GEWcXzoXKQ0uazbWLx3P89NpY199u1aN83tH4cA7IFPvmwAAAAAAAAAAAAAAAAAAAAAAwEFW8z0re+vfpOH6PaurE9p76+P068v1gXb76wOlanozi3j78dp7WexbH+jW9Xnatbk4dG93HQAAAAAAAAAAAAAAAAAAAP41WtsLUS+KRrO1vbM5GnSare1DEdHNvPHtZ18txXiffwjmyjFGmvIytbNZT9mgc8r29SmDrDv4IPPplb0Zj/ap7u3FxGlUD24qiiMP//zhMPNQNtjyX8M+WUzeweyWaYwGW//rT+lODtTOyTI4Md50eXjEiuJqSumg7Vx6aXzLUYmYu/MnbnqQusE311574GTr6BO9zJep79HHls9d/eDj3zbrRXfkruKThWbrZtqsl19PPtkODrLy/EnVRrPSPwiNyuiZMDetfHd/pp798PvzD77/3e2NnkYzb03ok/V35/Nma7tSfqf0mhb6QTd3S9VScTYrn8rhduYnnPwzCI5+tFa/cumnX2+3auSHhIU6AAAAAAAAAAAAAAAAAADgrhh5r3ipfLPv/LSqJ5+Z/cwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4O7pff5/SqmTUkr1omg0W9s7u4Ng806CPzsx3lRtNFsRC/d6NwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+I/7OwAA//87u2qE") open(&(0x7f0000000040)='./bus\x00', 0x1612c2, 0x0) 6.566087201s ago: executing program 0 (id=896): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/kernel/fscaps', 0x42, 0x0) io_setup(0x20, &(0x7f0000001140)=0x0) io_submit(r2, 0x1, &(0x7f0000000140)=[&(0x7f0000002040)={0xf, 0x400000000000, 0x0, 0x1, 0x0, r1, &(0x7f0000000040)="ed", 0x1, 0x4, 0x0, 0x2}]) 6.490011531s ago: executing program 0 (id=902): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000540)={0x28, 0x0, 0x0, @local}, 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x2) shutdown(r1, 0x1) 6.35675456s ago: executing program 0 (id=906): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f00000000c0)=[{0xb1, 0x0, 0x0, 0xfffff034}, {0x6}]}, 0x10) sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0) 6.34300527s ago: executing program 0 (id=909): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000600)={0x44, &(0x7f0000000340)={0x40, 0xf, 0x1, 'V'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000780)={0x18, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000680)={0x1c, &(0x7f0000000400)={0x40, 0x13}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) 4.562729734s ago: executing program 6 (id=918): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61123400000000006113500000000000bf200000000000001500000008ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000002a00)=ANY=[@ANYBLOB="b7000000026d0300bfa30000000000000703000000feffff620af0fff8ffffff71a4f0ff000000002704000000ffffffdd0a05000000000014000000016d030063030000000000001d44010000000000620a00fe00ffffffdb03000000000000b5000000000000009500000000000000023bc065b70300c6dfa041b63af4a3912435b1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e5f58b7382a8b7e8177168001815548000000000000000275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7f300c095199fe3ff3128e599b0eaebbdbd732c9cc20eec363e4a8f6456e5ccae25ea21714ee18cf5d803e04d83b46e21557c0afc646cb7790b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845b9f75dd08d123deda8ebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987af1714e72ba7616536fd9aa58f2477184b6a89adaf17b0baf587aef370a2d426a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a277c7a775d55dfc28abbe9b5ea62d84f3a10746443d64364f56e24e6d2105bd901128c7e0ec82770c8206b1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee7d26b34381fcb59b854e9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67051d355d84ce97bb0c6b4a595e487efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599ddd71063be9261eee52216d009df5daf87068a608628efc56c752af4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d96c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9610f0000d36f38df9ba60248d9a0d61282dfb15eb6841bb64a1b3045024a982f3c48153baae2c4e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c3560811ea6c3560a43364d402ccdd9069bd50b994fd6a34ee18022a579dfc0229cc0dc9881610270928eeeb883418f562ae00003ea96d10f172c0374d6eed82640700dfffffffffff499c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c64a403ade624d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca5f1380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f254a9bf93f04bf072f0bc2d38092909ef3613861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf82807773e534015ea52acb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d2a9441eb315209d199e029e9135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d8516800ef3f9a6a8906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe3907000000466f4ca2195234648e0a1ca50db6f3d9436a7d55a9ad382400000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b45eb6dc5f6a9257d2283c42efc54fa84323a3304f41ff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f928ba7554ba51dd5ab2b7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f80724a5bfc1e8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f068840a754c02181561542c2571f983e96735600000554f327a353511ccedde99493c31ac05a7b57f03ca91a01ba2c60ca99e8ebc15ec3d59901da21afd6400000000832503969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d40460780000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120968308c31db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98c2c73e1661261173f359e93d2c80000000998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebccbaf1ea4a003fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91cda6b52a373803a9e0600f86909bc90addb7b9aee813df534aac4b32fc7741c7e3f426b9ed20debd883593ff5d691b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa000000000000006acc19808d7cf29bc974b0ea92499a419aa095e203c1bafbb9b9a7c2bca3f0a18ee4952f2d325a56390578f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa84feda91f3edb32231ec75300000000000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579c23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b88b5e7885e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d0f086b3f03b20d546fa66a72e38207c9d20035ab63de71a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db1829f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2744c46570e8f46da1ab990ca053cbfe801000000000000000000000000000000d55d7182af2ea5f8d0ad495e3eb9421963a5a683c3dcb2d300aa3b2cfe946d2348c35f5d67d68ac07c8f84b3679e77c2e629ecec7c12c35d6b6971b8ae13cc0095f5a3bfdcffffffffffffffff61ed2b3ecfb16d19037c8c88c91dda1f904fbbc864e95ad43d6dd6d5eadbcea25682ba4b91e14c3fbfdfd1d480e7f13a65dbaa1af102d97681656bf56ff0cf36518f674237ce097d39008cc3257778de878bcd37467386f993be6d20c93a7791e7f2a155ce379b4cda2500108052aeb9bd03ffbda9ff485d6576a492d436d52edcd420e7deaa4343a0add3941ceb3a805e46beef9dca77a4edcbb42aa0caf0bbd6cec72d85540293cb4849b0610800000000000000000000000000000000f9814d5f6c8673c143ff2f901e71b8818665b56f7a03afe3d900007656659db4cb06aaaf9f02cfab5b9e61cc00e8e194299219a3f4c4c53bddea4cc48737842952ff08aeac15685df194ca89da8cf6d29a2be9779181fd5d105af5786094d9130f5826b18b9667b971a994f3fd06961912052f441e96884fcdc91f4a974242aabfc8adbadc9ca27955b5c90f1ed9a46ed044272383d3768871a9c8cfd7948aea445c55684351002ed4a4af45341de8e5e1f33624bd2ec1591dd00bbe05000000f89a928662e9b9449db34394fc5e946fadaee576e28ac0feab4e3585ed43d206218f524083840a78b723621f3b706bb7f5e42b5376642f8ad4028d4ead407240e7467d1b37a7e20690d7672c7e926fded95cf805516ad836eb730619a05af36fb28329d6feb33219cc9164461a8ba3afd5949b9a6046c53663df30a149414089c1ae8f3476236b05dde8dda4843a62c591f8d2b1a62d0db8dc826219bd87398b33e13e3a7a1511573cb1a8cdce3a8fea40792297d023ef52de2e75b9dbbfb8713178e2409b8d3b981bc2ae74621e536b9d3f09a15dada1561a8192d65cc59d7ed5a6bd610000000000000000000000000000000000000000000000b41248c570c4223a471b755ce6956908e2b0e5dbc5e71ff2373d3ed89c2e2eafac81c21ac2436d2ffacffe2fc0d601a50221c88a47b264c5129004f350963b52702c5a360000000000000000000000000000000b4077dc8a1801a8bf833350d302c5439ea3dd0f3b8eb1dc93af1fbf863d33a38a53a02ec1e5b90cb673d6b0cfe7f35b20e438653e0f73ddfc78e3e1d1cc9798af0eb9b61bb4fc72454a57237b68ea614ad898374e952784a18ffb9dc4447acd7ad28a63f88007ad8cba31a6fdd9982c97a913dffe69654d3a00b98c45ead9b9619f946c82f5789379d0d942020652ccfac45e1ef5e93e72b7d5381a3c61fbabc1286285110540075bc7aee3e595f9850b9e96887d53404add0021b198be851d9f797d964fe7501997524d28ce7b1d5f8203d9f756efd5676c5d85052030c27e2a99ee39007d9b3c305b1c7d14899b42149d6c437d863651d30426e36ff66bafa93ce3f76c18b8c91ac65b7ab49f03b7c0d0687e1ee0369e88d674f51fe69423000000000000596444d8a7bf983d6f0342b2987e520100000000000000f37cda7868234eeefbd472c7b396c182f2b9a8bf2f85ad1a7b18681784c8fcf0cf5e34baebc594de0d6c9244a834b82a162739619b5f2e3c24378417f71f855b7958fbae631a8aa30b2120a9e23d8711f529b0cd7ce6ee2b0841a4d9e82e6ef54089b64175338ed7effe440c97c663a1000000000033f9ee8bc74fb676198caf54f9a07461c30b4b65890f2b64e68eb2a265f641e68af046fb8751055c6dba7e49068656dbf01c26b3812cec4204084e4c3f5abb86121a3eddd10720d3b66a3a8033aab499cf56b7e5b01d37c1d7b4f5968040cd727efc9a1d69fa550313969508472efa833327d1bcae9167e3316f272ba2efdebf91f15b4a2bc27ea303834692d92961d3dcff0e4f55d9e3e7c66e8d3324216c4c77b95c000c5f30d56da969b1ce3a3e1a8ce5a632b3c404e7b455cac15273ce31a57dc7bed120f5396671eb7f8670ddc26ecc7461b1badfc98076c95aa811954827767c023c51e183cf1de0230912617f72169a3f9bda12d14667855757ca543b524491e213929a9d095abb9e57f33ad7e5301e5995e65246bc06f931d983596a4979d403f1b3984123633e9af67a0972612b5874f2000000009a8c3199c30dd0c416da1c22e346958bda493b297fcb98181ac449ca17a08e27ae81320e316e018fc9c77e7434079bc06ca1d315a94d177a888cc189fa5649bf5b9ab787118c29d735cc6dfaa965ea9ebbbaff83a06292aff2e3ed23750786136f113cdb04b881f721d02bd3c99b9dd3fa2713cda74eb3dd3422c736dc5c7bd3d1d008b5af391dac38341744dc38e8620fd4b35974ef1d93a907f37a84e1d630dd93fcde4aaf59e0e1f64ba3eec9da0b3d3b241fa52d9db1b137140b27434e74b783f9b62cc516f99e425ed603c5e65c0c3b08815a4aac7c1db4e47261148fa3a54359a2157b9a0fcecd54abbfaaee20f9a6dcc5380f01f22b8fd02b340118a65cef1597f5ce8d8a602120a3b2bb8ccc199dc36b2110a2200a2d3eaff9bc85ff68cd233fb2c8198682bd1c99fd7d66f3554439db4145028bc69579e516fd32253f641b0bffebc32cd3e90d67c77017ae323d8d31bd9f061d270d89737acea845067d8fd36fcce1ae9cd64beeae55d4c8159262240837b2854e5e08c58551453f1b9e46c6a7aaa972255fe7ad8f653168ce260000000000000000008b816f1b5e51781fa92c8b2c886bd992507715f8554276f56e3498156ca6d639de489096f49f2e1850d7399b1fe3801d3b2c0f65abcb67ac3ded74b099f76fee439abfb20c23864280855f395e3449859040832ea50df150deb14fc420a8e91ec84ccd338ada3c5778cbd52bcc2ac93b00e64959286b99231afa239dbefc90a21180f12a03c370980c8101d8a014f6139e998c938bccc92bfc987af6f02ec667c9597c19cc4193c09d152093013629b93e5104447e54ba7bc95ed2b3532421d6a0424c1e000000000000c1af53b85ab7060d6797a18cac2bf246a16f503e09832de7f7aa523d2325b4e3b651b1883ab9a3012f2b5b91e2782250a650d2dddca42a671f083b4a3739a651feb7c1c6903f50ce2cb6501fa22cf55230792a1e2fc902c9115a3b912dcef392b050c9a2870e7da0ca2ce908ff7bc5c72b591004ec3034b189a580e7f6ef153c04bb5599ab22686c5520a02e14a53f105d7b6a097e86b61500bdd7e6e133a9870ec9c0bb77c90702910cc39a0f3a419f12ba636b5837a5ecb110c89fb8d14da2d04175b18a14b2618d05fb58e9a832a4993472e5d068fe44e92676e484662a656d93a0f368c0cfc70c68459b61f194aac3"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000400)={r0, 0x58, &(0x7f0000000140)}, 0x10) 4.500365904s ago: executing program 6 (id=921): syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc71c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xb0, 0x4, [{{0x9, 0x4, 0x0, 0x0, 0x4, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x3}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xee}}}}}]}}]}}, 0x0) 3.06636929s ago: executing program 0 (id=939): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000091c2f20c81403006c050102030109021b00010000000009040000018ea44300090585da20"], 0x0) close(0xffffffffffffffff) ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af04, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) 2.645101218s ago: executing program 6 (id=943): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x34, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x88ca}]]}, 0x34}, 0x1, 0x0, 0x0, 0x8894}, 0x0) 2.644966018s ago: executing program 2 (id=944): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f00000008c0)='./bus\x00', 0x0) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000600)='./file0/file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') lsetxattr$system_posix_acl(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='system.posix_acl_default\x00', 0x0, 0x0, 0x0) 2.588825498s ago: executing program 6 (id=948): bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8000}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10) ioprio_set$pid(0x1, 0x0, 0x0) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./file0\x00', 0x10, &(0x7f0000000a80)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e0500001e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba0", @ANYRES16], 0x1, 0x11dc, &(0x7f0000001280)="$eJzs3MGLG1UcB/Bf19rW1N2sWqstiA+96GVo9uBFL0G2IA0obSO0gjB1JxoyJiETFiJi9eTVv0M8ehPEm1724t/gbS8eexBHTNR2l3hYdDewfD6X/OD3vuQ9BgbeMG/23/jq40Gvynr5NNbOnIm1cUR6kCLFWvzt83j19R9/euHWnbs32p3O9s2Urrdvt15LKW28+P17n37z0g/Ti+9+u/Hd+djbfH//161f9i7vXdn//fZH/Sr1qzQcTVOe7o1G0/xeWaSdfjXIUnqnLPKqSP1hVUwO9HvlaDyepXy4s94YT4qqSvlwlgbFLE1HaTqZpfzDvD9MWZal9UbwX3S/flDXdURdPx7noq7r+oloxMV4MtZjI5qxGU/F0/FMXIpn43I8F8/HlfmoVc8bAAAAAAAAAAAAAAAAAAAAThfn/wEAAAAAAAAAAAAAAAAAAGD1bt25e6Pd6WzfTOlCRPnlbne3u/hd9Nu96EcZRVyLZvwW89P/C4v6+lud7WtpbjO+KO//lb+/233sYL41/5zA0nxrkU8H8+ej8Wh+K5pxaXl+a2n+Qrzy8iP5LJrx8wcxijJ24s/sw/xnrZTefLtzKH91Pg4AAABOgyz9Y+n+Pcv+rb/IH+H5wKH99dm4ena1ayeimn0yyMuymBxbcS6O/S8UCsX/XKz6zsRJeHjRVz0TAAAAAAAAAAAAjuIkXidc9RoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA/2IFjAQAAAABh/tZpdGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBVAAAA//8xgdSv") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x9) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cgroup.events\x00', 0x275a, 0x0) creat(&(0x7f0000000580)='./bus\x00', 0x0) io_setup(0x1, &(0x7f0000000040)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', 0xffffffffffffffff, 0x0, 0x200000000200}, 0x18) r3 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) fallocate(r3, 0x0, 0x2, 0x1000f4) 2.588668259s ago: executing program 2 (id=949): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000170000004c0006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987ccb8198904000500080006000300ff"], 0x60}, 0x1, 0x0, 0x0, 0x4}, 0x4000004) 2.548316928s ago: executing program 3 (id=950): syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYRES8=0x0, @ANYRESDEC], 0x1, 0x140, &(0x7f00000003c0)="$eJzs27Fq21AUBuDj2m3ddvFcOgi6dDJtn6CluFAqaEnwkEwJOFnsYIgXJZMfJS8YCJ683ZAo2Imxhwy2IPq+RT/8CO4dpMMV6OjT2XAwnpyO/8+i3WhE60dkMW9EJ15FM0rTAABeknlKcZNSSm+n8e4qUkpVrwgA2DbzHwDqx/wHgPox/wGgfvYPDv/+zPPeXpa1I66nRb/ol9ey//0n733N7nWWd82Kot9c9N/KPnvav473D/33tf2b+PK57O+6X//ylf5DDLa/fQAAAKiFbraw9nzf7W7qy/To+8DK+b0VH1s72wYA8AyTi8vh8Wh0ci4IgrAIVb+ZgG1bPvRVrwQAAAAAAAAAAAAAANhkF78TVb1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWHUbAAD//0DvUik=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) 2.539843278s ago: executing program 2 (id=951): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket(0x200000000000011, 0x2, 0x407ff8) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r5, 0x4b67, &(0x7f0000001ec0)={0x1, &(0x7f0000001e80)=[{0x0, 0x1000}]}) 2.539649888s ago: executing program 5 (id=952): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00'}, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r0) sendmsg$IEEE802154_LIST_PHY(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000005c0)={0x14, r1, 0x30b}, 0x14}}, 0x4000040) 2.416873848s ago: executing program 5 (id=953): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xda02}) write$tun(r0, &(0x7f0000001280)=ANY=[@ANYBLOB="ffab7a"], 0xe) 2.369818068s ago: executing program 5 (id=954): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001d40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x14, 0x2, 0x6, 0x3, 0x0, 0x0, {0x9, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x884}, 0x4000) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x48, 0x4, 0x6, 0x101, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) 1.364048225s ago: executing program 3 (id=955): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="640000000206050000000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a300000000005000400004000000500050002000000050001000600000014000780080006400000000008001340"], 0x64}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 1.304883554s ago: executing program 5 (id=956): openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x7a, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94) socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmmsg(r3, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) listen(r4, 0xbcc) 1.234996194s ago: executing program 2 (id=957): bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000100)='./file0\x00', 0x1000801, &(0x7f0000000040)=ANY=[@ANYRES64=0x0, @ANYRESHEX, @ANYRES8, @ANYRES16], 0x2, 0x21a, &(0x7f00000001c0)="$eJzsmb9rFEEUx78zu9k7g6TTwiYWASOYvd09lShYxF4UElHLw6whupeTyxZJQMhhY+Mf4D9haREbCzsrrS1UECy80kpwZH7dTjarbqJb+T6QyXfezHvzZubuLeyBIIj/lk8fv314enVx5RyA45hDy9i/eMUc7sx//8ybMvL1xsyjPTeWdGEAhChs/h/WDwC8WvKAXR1WCO19/bkenzMxV8CVltwEx1mjb4EhtLkK6w2kYLhjzPcdPThmRJayu4Ns9d56lkayiWWTyKYLiH35j0cMqwDaZgmmh1TCm9s7D3oZMNQiS62YEnadA0OHFXDWK6PyW+K44hyBvK/bTx6PZD/UZvcKEYMjNroLhmWjF9FCGIazppvGzv5P+UV8T18biv3X3Un77w7iUEJmuvDvAtoTPIL7D9HIBoMjXUEzAqIFa+n7QD0vPguUhwLX8hJN5MzKFvmFnlhOjvfeHPT63PwZvq01+VJxUEC9yKpwoeJS3k1n2bVKrxP7LKfd83GE/QRWLeoV9Yn5wBmnPvnOU6GT9x92Nrd3Ftb7vbV0Ld1Iku7F6HwUXUg6qjbrtqr0mfhtVZ+mnfi6UF6eKc8NWICtXp4P4y0gH8aTfqJbp+Iuvxh8nRTO8Yhj/rsQ9vGitt2qzoeZP67+SzXv/TJ5giAIgiAIgiAIgiAIgiCI3yNKryJ3mXoLan7oEtX4yQ01/DMAAP//naJgOQ==") sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) 441.781112ms ago: executing program 6 (id=958): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10) connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendfile(r4, r3, 0x0, 0x20000023893) 268.860571ms ago: executing program 5 (id=959): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) clock_nanosleep(0xfffffffa, 0x0, &(0x7f0000000080)={0x77359400}, &(0x7f0000000000)) 242.561141ms ago: executing program 5 (id=960): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0xd9, 0x72, 0xa4, 0x40, 0x20b7, 0x1540, 0xb75a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000600)={0x44, &(0x7f0000000300)={0x20, 0x8, 0x3, "4d00a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000d80)={0x84, &(0x7f00000008c0)={0x40, 0x7, 0x8, "c00ad5fd84cc01b3"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 222.690281ms ago: executing program 3 (id=961): syz_emit_ethernet(0x32, &(0x7f00000010c0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x33, 0x0, @private, @broadcast}, {0x2, 0x0, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0) 172.832321ms ago: executing program 3 (id=962): r0 = socket$inet(0x2, 0x4000000000000001, 0x100) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10) sendto$inet(r0, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b037511bf746bec66ba", 0x994b6e03113064ae, 0x15, 0x0, 0x0) 172.438221ms ago: executing program 2 (id=963): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto={0x0, 0x0, 0x0, 0xd, 0xa}]}}, &(0x7f0000000f40)=""/4080, 0x26, 0xff0, 0x1, 0x0, 0x0, @void, @value}, 0x28) 172.331391ms ago: executing program 3 (id=964): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000100)=0x3ff, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x2bb7, 0x4) sendmmsg$inet6(r0, &(0x7f0000000280)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0) 167.084591ms ago: executing program 3 (id=965): io_uring_setup(0xaab, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0x20000005) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty}, 0x1c) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x102) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r1 = open(&(0x7f00000004c0)='./bus\x00', 0x143042, 0xe2) ftruncate(r1, 0x3f) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x12, r1, 0x0) 0s ago: executing program 2 (id=966): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) r1 = socket(0x15, 0x5, 0x0) getsockopt(r1, 0x200000000114, 0x2717, 0x0, &(0x7f0000000040)) 0s ago: executing program 0 (id=967): r0 = socket(0x10, 0x803, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x2, {0x0, 0x0, 0x0, r4, {0x0, 0xf}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x40, 0x400, 0x5, 0x80, 0x7}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x0) kernel console output (not intermixed with test programs): sysadm_r:sysadm_t pid=2540 comm="syz.5.540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 178.557629][ T30] audit: type=1326 audit(2000000036.499:2073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2540 comm="syz.5.540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 178.581039][ T30] audit: type=1326 audit(2000000036.499:2074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2540 comm="syz.5.540" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 179.273185][ T2558] incfs: Backing dir is not set, filesystem can't be mounted. [ 179.280695][ T2558] incfs: mount failed -2 [ 179.318229][ T2564] loop3: detected capacity change from 0 to 512 [ 179.389425][ T2564] EXT4-fs error (device loop3): ext4_do_update_inode:5205: inode #3: comm syz.3.546: corrupted inode contents [ 179.406408][ T2564] EXT4-fs error (device loop3): ext4_dirty_inode:6041: inode #3: comm syz.3.546: mark_inode_dirty error [ 179.433443][ T2564] EXT4-fs error (device loop3): ext4_do_update_inode:5205: inode #3: comm syz.3.546: corrupted inode contents [ 179.515092][ T2567] binder: 2566:2567 ioctl c0306201 200004c0 returned -14 [ 179.528478][ T2564] EXT4-fs error (device loop3): __ext4_ext_dirty:183: inode #3: comm syz.3.546: mark_inode_dirty error [ 179.542305][ T2564] EXT4-fs error (device loop3): ext4_acquire_dquot:6188: comm syz.3.546: Failed to acquire dquot type 0 [ 179.565659][ T2564] EXT4-fs (loop3): 1 orphan inode deleted [ 179.575652][ T2564] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 179.593053][ T2564] ext4 filesystem being mounted at /118/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 180.060227][ T2581] netlink: 8 bytes leftover after parsing attributes in process `syz.2.550'. [ 181.008728][ T2577] loop1: detected capacity change from 0 to 40427 [ 181.058043][ T2589] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 181.079119][ T2589] kvm: pic: level sensitive irq not supported [ 181.079182][ T2589] kvm: pic: non byte read [ 181.100183][ T2589] kvm: pic: level sensitive irq not supported [ 181.100236][ T2589] kvm: pic: non byte read [ 181.102884][ T2577] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 181.106342][ T2589] kvm: pic: level sensitive irq not supported [ 181.117712][ T2577] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 181.118325][ T2589] kvm: pic: non byte read [ 181.132709][ T2577] F2FS-fs (loop1): invalid crc value [ 181.141547][ T2589] kvm: pic: level sensitive irq not supported [ 181.141596][ T2589] kvm: pic: non byte read [ 181.168494][ T2577] F2FS-fs (loop1): Found nat_bits in checkpoint [ 181.293814][ T2604] loop5: detected capacity change from 0 to 512 [ 181.470611][ T2607] loop2: detected capacity change from 0 to 512 [ 181.702464][ T2604] EXT4-fs (loop5): Unrecognized mount option "=" or missing value [ 181.842468][ T2607] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.556: inode #1: comm syz.2.556: iget: illegal inode # [ 181.891724][ T2607] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.556: error while reading EA inode 1 err=-117 [ 181.959060][ T2607] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.556: inode #1: comm syz.2.556: iget: illegal inode # [ 181.973881][ T2607] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.556: error while reading EA inode 1 err=-117 [ 181.987554][ T2607] EXT4-fs (loop2): 1 orphan inode deleted [ 181.993138][ T2607] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000048000,debug_want_extra_isize=0x000000000000005c,minixdf,max_batch_time=0x0000000000000007,delalloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 182.060789][ T30] kauditd_printk_skb: 42 callbacks suppressed [ 182.060853][ T30] audit: type=1326 audit(2000000039.989:2115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2601 comm="syz.2.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff8673dd29 code=0x7ffc0000 [ 182.236473][ T2577] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 182.243345][ T2577] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 182.353619][ T30] audit: type=1326 audit(2000000039.989:2116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2601 comm="syz.2.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff8673dd29 code=0x7ffc0000 [ 182.465627][ T30] audit: type=1326 audit(2000000039.989:2117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2601 comm="syz.2.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7eff8673dd29 code=0x7ffc0000 [ 182.559594][ T30] audit: type=1326 audit(2000000039.989:2118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2601 comm="syz.2.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff8673dd29 code=0x7ffc0000 [ 182.583422][ T292] attempt to access beyond end of device [ 182.583422][ T292] loop1: rw=2049, want=40968, limit=40427 [ 182.596095][ T30] audit: type=1326 audit(2000000039.989:2119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2601 comm="syz.2.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff8673dd29 code=0x7ffc0000 [ 182.619431][ T30] audit: type=1326 audit(2000000039.989:2120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2601 comm="syz.2.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=92 compat=0 ip=0x7eff8673dd29 code=0x7ffc0000 [ 182.642490][ T30] audit: type=1326 audit(2000000039.989:2121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2601 comm="syz.2.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff8673dd29 code=0x7ffc0000 [ 182.666120][ T30] audit: type=1326 audit(2000000039.989:2122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2601 comm="syz.2.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff8673dd29 code=0x7ffc0000 [ 182.696773][ T30] audit: type=1326 audit(2000000039.989:2123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2601 comm="syz.2.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=194 compat=0 ip=0x7eff8673dd29 code=0x7ffc0000 [ 182.732852][ T30] audit: type=1326 audit(2000000039.989:2124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2601 comm="syz.2.556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff8673dd29 code=0x7ffc0000 [ 182.965987][ T715] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 183.020663][ T2634] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 183.026068][ T406] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 183.354832][ T2640] loop1: detected capacity change from 0 to 256 [ 183.386229][ T715] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 183.396196][ T715] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 183.418173][ T2640] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 183.476008][ T715] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 183.494199][ T715] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 183.502343][ T715] usb 3-1: SerialNumber: syz [ 183.557008][ T715] usb 3-1: 0:2 : does not exist [ 183.646009][ T406] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 183.655971][ T406] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 183.736002][ T406] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 183.748483][ T406] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 183.756975][ T406] usb 4-1: SerialNumber: syz [ 183.799038][ T406] usb 4-1: 0:2 : does not exist [ 183.915512][ T2667] loop1: detected capacity change from 0 to 512 [ 185.046346][ T2667] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.574: inode #1: comm syz.1.574: iget: illegal inode # [ 185.061044][ T2678] binder_alloc: binder_alloc_mmap_handler: 2674 20ffd000-21000000 already mapped failed -16 [ 185.061310][ T2667] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.574: error while reading EA inode 1 err=-117 [ 185.096845][ T2667] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.574: inode #1: comm syz.1.574: iget: illegal inode # [ 185.097340][ T2676] binder_alloc: 2674: binder_alloc_buf, no vma [ 185.118354][ T2667] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.574: error while reading EA inode 1 err=-117 [ 185.146275][ T2667] EXT4-fs (loop1): 1 orphan inode deleted [ 185.146525][ T2677] binder_alloc: 2674: binder_alloc_buf, no vma [ 185.160077][ T2675] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 185.163226][ T2667] EXT4-fs (loop1): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000048000,debug_want_extra_isize=0x000000000000005c,minixdf,max_batch_time=0x0000000000000007,delalloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 185.445162][ T2687] loop5: detected capacity change from 0 to 512 [ 185.488595][ T2687] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 185.508294][ T2687] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 185.522447][ T2687] System zones: 0-1, 15-15, 18-18, 34-34 [ 185.528673][ T2687] EXT4-fs (loop5): orphan cleanup on readonly fs [ 185.534920][ T2687] EXT4-fs warning (device loop5): ext4_enable_quotas:6423: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 185.549503][ T2687] EXT4-fs (loop5): Cannot turn on quotas: error -22 [ 185.559547][ T2687] EXT4-fs error (device loop5): ext4_orphan_get:1427: comm syz.5.580: bad orphan inode 16 [ 185.569431][ T2687] ext4_test_bit(bit=15, block=18) = 1 [ 185.574821][ T2687] is_bad_inode(inode)=0 [ 185.578875][ T2687] NEXT_ORPHAN(inode)=0 [ 185.582734][ T2687] max_ino=32 [ 185.585786][ T2687] i_nlink=2 [ 185.588774][ T2687] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 185.666411][ T2697] xt_hashlimit: max too large, truncated to 1048576 [ 185.688120][ T384] usb 3-1: USB disconnect, device number 13 [ 185.841242][ T2704] loop2: detected capacity change from 0 to 512 [ 185.930319][ T2704] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.584: invalid indirect mapped block 10 (level 1) [ 185.948533][ T2704] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.584: invalid indirect mapped block 8 (level 1) [ 185.966206][ T2704] EXT4-fs (loop2): 1 truncate cleaned up [ 185.971712][ T2704] EXT4-fs (loop2): mounted filesystem without journal. Opts: acl,user_xattr,,errors=continue. Quota mode: none. [ 186.183977][ T384] usb 4-1: USB disconnect, device number 12 [ 186.848956][ T2713] loop2: detected capacity change from 0 to 512 [ 186.963995][ T2713] EXT4-fs error (device loop2): ext4_do_update_inode:5205: inode #3: comm syz.2.589: corrupted inode contents [ 186.976527][ T2713] EXT4-fs error (device loop2): ext4_dirty_inode:6041: inode #3: comm syz.2.589: mark_inode_dirty error [ 186.989776][ T2713] EXT4-fs error (device loop2): ext4_do_update_inode:5205: inode #3: comm syz.2.589: corrupted inode contents [ 187.198652][ T2713] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #3: comm syz.2.589: mark_inode_dirty error [ 187.351977][ T2713] __quota_error: 85 callbacks suppressed [ 187.352047][ T2713] Quota error (device loop2): write_blk: dquota write failed [ 187.448175][ T2713] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 187.844608][ T2713] EXT4-fs error (device loop2): ext4_acquire_dquot:6188: comm syz.2.589: Failed to acquire dquot type 0 [ 187.880072][ T2727] loop1: detected capacity change from 0 to 512 [ 187.907332][ T2713] EXT4-fs (loop2): 1 orphan inode deleted [ 187.912881][ T2713] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 187.929441][ T2713] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 187.944124][ T30] audit: type=1400 audit(2000000045.909:2209): avc: denied { execute } for pid=2728 comm="syz.5.592" name="kmem_cache_free" dev="tmpfs" ino=130 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 187.967410][ T2727] SELinux: security_context_str_to_sid(unconfined_u) failed for (dev ?, type ?) errno=-22 [ 187.974021][ T30] audit: type=1400 audit(2000000045.939:2210): avc: denied { execute_no_trans } for pid=2728 comm="syz.5.592" path="/21/kmem_cache_free" dev="tmpfs" ino=130 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 188.002058][ T2729] loop5: detected capacity change from 0 to 1024 [ 188.062990][ T2727] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 188.070415][ T2727] EXT4-fs (loop1): Unrecognized mount option "audit" or missing value [ 188.079998][ T2729] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 188.089360][ T2729] EXT4-fs (loop5): The Hurd can't support 64-bit file systems [ 188.377301][ T2740] loop3: detected capacity change from 0 to 128 [ 188.390280][ T715] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 188.436807][ T2740] EXT4-fs (loop3): Test dummy encryption mode enabled [ 188.461822][ T2740] EXT4-fs (loop3): mounted filesystem without journal. Opts: test_dummy_encryption,,errors=continue. Quota mode: none. [ 188.484265][ T2740] ext4 filesystem being mounted at /127/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 188.614625][ T2750] loop2: detected capacity change from 0 to 1024 [ 188.772683][ T2750] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue. Quota mode: none. [ 189.631594][ T30] audit: type=1400 audit(2000000047.599:2211): avc: denied { create } for pid=2754 comm="syz.1.600" dev="anon_inodefs" ino=25399 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 189.655313][ T30] audit: type=1400 audit(2000000047.629:2212): avc: denied { ioctl } for pid=2754 comm="syz.1.600" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=25399 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 189.689642][ T30] audit: type=1400 audit(2000000047.629:2213): avc: denied { read } for pid=2754 comm="syz.1.600" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=25399 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 189.762632][ T2755] ------------[ cut here ]------------ [ 189.791155][ T2764] loop3: detected capacity change from 0 to 512 [ 189.800665][ T2755] trace type BPF program uses run-time allocation [ 189.913508][ T2755] WARNING: CPU: 0 PID: 2755 at kernel/bpf/verifier.c:11701 check_map_prog_compatibility+0x6f1/0x890 [ 189.948829][ T2764] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.599: invalid indirect mapped block 10 (level 1) [ 189.962409][ T2764] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.599: invalid indirect mapped block 8 (level 1) [ 189.977723][ T2764] EXT4-fs (loop3): 1 truncate cleaned up [ 189.983203][ T2764] EXT4-fs (loop3): mounted filesystem without journal. Opts: acl,user_xattr,,errors=continue. Quota mode: none. [ 190.180445][ T30] audit: type=1326 audit(2000000048.119:2214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2754 comm="syz.1.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7d729bd29 code=0x7ffc0000 [ 190.370277][ T2755] Modules linked in: [ 190.410060][ T30] audit: type=1326 audit(2000000048.149:2215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2754 comm="syz.1.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc7d729bd29 code=0x7ffc0000 [ 190.458597][ T2755] CPU: 0 PID: 2755 Comm: syz.1.600 Not tainted 5.15.175-syzkaller-00803-g19092c8155b4 #0 [ 190.600708][ T2765] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 190.618034][ T30] audit: type=1326 audit(2000000048.149:2216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2754 comm="syz.1.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7d729bd29 code=0x7ffc0000 [ 190.645071][ T2755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 190.655509][ T2755] RIP: 0010:check_map_prog_compatibility+0x6f1/0x890 [ 190.662143][ T2755] Code: db e9 f9 fc ff ff e8 ee 32 ed ff 31 db e9 ed fc ff ff e8 e2 32 ed ff c6 05 4e 56 a3 05 01 48 c7 c7 80 f4 87 85 e8 7f 78 be ff <0f> 0b e9 5a fb ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 84 f9 ff [ 190.681690][ T2755] RSP: 0018:ffffc90001237328 EFLAGS: 00010246 [ 190.687599][ T2755] RAX: 7f8e5ffcb35b1d00 RBX: 0000000000000001 RCX: 0000000000080000 [ 190.695382][ T2755] RDX: ffffc9000171c000 RSI: 0000000000000f6f RDI: 0000000000000f70 [ 190.703400][ T2755] RBP: ffffc90001237370 R08: ffffffff8157a565 R09: ffffed103ee065e8 [ 190.715774][ T2755] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000011 [ 190.723761][ T715] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 190.730366][ T2769] device syzkaller0 entered promiscuous mode [ 190.733692][ T715] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 190.756150][ T2755] R13: ffff888111ff6800 R14: ffffc90000281000 R15: dffffc0000000000 [ 190.785941][ T2755] FS: 00007fc7d590d6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 190.796027][ T2755] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 190.805344][ T2755] CR2: 000000000000000b CR3: 000000010c73f000 CR4: 00000000003526a0 [ 190.807213][ T2760] loop2: detected capacity change from 0 to 40427 [ 190.826146][ T2755] DR0: 0000000000000000 DR1: 000000000000000a DR2: 0000000000000000 [ 190.833943][ T2755] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 190.846296][ T715] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 190.865469][ T2755] Call Trace: [ 190.868801][ T2755] [ 190.871542][ T2755] ? show_regs+0x58/0x60 [ 190.875663][ T715] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 190.883491][ T715] usb 1-1: SerialNumber: syz [ 190.895944][ T2755] ? __warn+0x160/0x2f0 [ 190.900353][ T2755] ? check_map_prog_compatibility+0x6f1/0x890 [ 190.906545][ T2755] ? report_bug+0x3d9/0x5b0 [ 190.920470][ T2755] ? check_map_prog_compatibility+0x6f1/0x890 [ 190.926760][ T2760] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 190.932664][ T2755] ? handle_bug+0x41/0x70 [ 190.939175][ T715] usb 1-1: 0:2 : does not exist [ 190.944310][ T2755] ? exc_invalid_op+0x1b/0x50 [ 190.948047][ T2760] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 190.952182][ T2755] ? asm_exc_invalid_op+0x1b/0x20 [ 190.973334][ T2755] ? __wake_up_klogd+0xd5/0x110 [ 190.978137][ T2755] ? check_map_prog_compatibility+0x6f1/0x890 [ 190.984376][ T2755] ? check_map_prog_compatibility+0x6f1/0x890 [ 190.991120][ T2760] F2FS-fs (loop2): invalid crc value [ 190.991812][ T2755] resolve_pseudo_ldimm64+0x682/0x1240 [ 191.001932][ T2755] ? check_attach_btf_id+0xef0/0xef0 [ 191.009381][ T2760] F2FS-fs (loop2): Found nat_bits in checkpoint [ 191.021795][ T2755] ? bpf_check+0x2c52/0x12c60 [ 191.026363][ T2755] ? bpf_check+0x2d3f/0x12c60 [ 191.030808][ T2755] ? bpf_check+0x2e2a/0x12c60 [ 191.043870][ T2755] bpf_check+0x3190/0x12c60 [ 191.050544][ T2755] ? __schedule+0xcd4/0x1590 [ 191.054973][ T2755] ? release_firmware_map_entry+0x190/0x190 [ 191.064966][ T715] usb 1-1: USB disconnect, device number 8 [ 191.085485][ T2760] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 191.091026][ T2755] ? __kasan_check_read+0x11/0x20 [ 191.095569][ T2760] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 191.138617][ T2760] overlayfs: missing 'workdir' [ 191.176002][ T2755] ? __kasan_check_write+0x14/0x20 [ 191.180951][ T2755] ? bpf_get_btf_vmlinux+0x60/0x60 [ 191.185905][ T2755] ? compat_start_thread+0x20/0x20 [ 191.199726][ T2755] ? kvm_sched_clock_read+0x18/0x40 [ 191.206191][ T2755] ? sched_clock+0x9/0x10 [ 191.619103][ T2755] ? native_set_ldt+0x360/0x360 [ 191.661918][ T2755] ? _raw_spin_unlock+0x4d/0x70 [ 191.683074][ T2755] ? finish_task_switch+0x167/0x7b0 [ 191.688174][ T2755] ? __schedule+0xcd4/0x1590 [ 191.692572][ T2755] ? release_firmware_map_entry+0x190/0x190 [ 191.698308][ T2755] ? __kasan_check_read+0x11/0x20 [ 191.703151][ T2755] ? preempt_schedule_irq+0xe7/0x140 [ 191.708307][ T2755] ? __cond_resched+0x20/0x20 [ 191.712798][ T2755] ? irqentry_exit_cond_resched+0x2a/0x30 [ 191.718391][ T2755] ? irqentry_exit+0x30/0x40 [ 191.721602][ T2790] loop3: detected capacity change from 0 to 512 [ 191.722768][ T2755] ? sysvec_reschedule_ipi+0x8c/0x160 [ 191.734377][ T2755] ? asm_sysvec_reschedule_ipi+0x1b/0x20 [ 191.739871][ T2755] ? __check_object_size+0x73/0x3d0 [ 191.744860][ T2755] ? memset+0x35/0x40 [ 191.750080][ T2755] ? bpf_obj_name_cpy+0x196/0x1e0 [ 191.755000][ T2755] bpf_prog_load+0x12ac/0x1b50 [ 191.760164][ T2755] ? map_freeze+0x370/0x370 [ 191.764537][ T2755] ? selinux_bpf+0xcb/0x100 [ 191.769324][ T2755] ? security_bpf+0x82/0xb0 [ 191.774091][ T2755] __sys_bpf+0x4bc/0x760 [ 191.778349][ T2755] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 191.783605][ T2755] ? __kasan_check_write+0x14/0x20 [ 191.789037][ T2755] ? switch_fpu_return+0x15f/0x2e0 [ 191.794089][ T2755] __x64_sys_bpf+0x7c/0x90 [ 191.799471][ T2755] x64_sys_call+0x87f/0x9a0 [ 191.805227][ T407] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 191.805258][ T2755] do_syscall_64+0x3b/0xb0 [ 191.820125][ T2755] ? clear_bhb_loop+0x35/0x90 [ 191.825158][ T2755] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 191.825859][ T407] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 191.831485][ T2755] RIP: 0033:0x7fc7d729bd29 [ 191.844582][ T2790] EXT4-fs error (device loop3): ext4_do_update_inode:5205: inode #3: comm syz.3.608: corrupted inode contents [ 191.845416][ T2755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.876566][ T2790] EXT4-fs error (device loop3): ext4_dirty_inode:6041: inode #3: comm syz.3.608: mark_inode_dirty error [ 191.882463][ T2755] RSP: 002b:00007fc7d590d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 191.904259][ T2755] RAX: ffffffffffffffda RBX: 00007fc7d748bfa0 RCX: 00007fc7d729bd29 [ 191.904335][ T2790] EXT4-fs error (device loop3): ext4_do_update_inode:5205: inode #3: comm syz.3.608: corrupted inode contents [ 191.975967][ T2755] RDX: 0000000000000090 RSI: 00000000200000c0 RDI: 0000000000000005 [ 191.984036][ T2755] RBP: 00007fc7d7317b08 R08: 0000000000000000 R09: 0000000000000000 [ 191.996006][ T2790] EXT4-fs error (device loop3): __ext4_ext_dirty:183: inode #3: comm syz.3.608: mark_inode_dirty error [ 192.046027][ T2755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 192.053827][ T2755] R13: 0000000000000000 R14: 00007fc7d748bfa0 R15: 00007ffd68148e48 [ 192.078071][ T2790] EXT4-fs error (device loop3): ext4_acquire_dquot:6188: comm syz.3.608: Failed to acquire dquot type 0 [ 192.086003][ T2755] [ 192.091898][ T2755] ---[ end trace df7f50b27b2fb4be ]--- [ 192.094394][ T2790] EXT4-fs (loop3): 1 orphan inode deleted [ 192.108790][ T2790] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 192.127165][ T2790] ext4 filesystem being mounted at /130/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 192.371732][ T30] kauditd_printk_skb: 2226 callbacks suppressed [ 192.371754][ T30] audit: type=1326 audit(2000000050.229:4441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2777 comm="syz.5.606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x50000 [ 192.432416][ T30] audit: type=1326 audit(2000000050.379:4442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2777 comm="syz.5.606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x50000 [ 192.470705][ T30] audit: type=1326 audit(2000000050.379:4443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2777 comm="syz.5.606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x50000 [ 192.527719][ T30] audit: type=1326 audit(2000000050.379:4444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2777 comm="syz.5.606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x50000 [ 192.768339][ T2810] loop2: detected capacity change from 0 to 256 [ 193.264296][ T30] audit: type=1326 audit(2000000050.379:4445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2777 comm="syz.5.606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x50000 [ 193.310498][ T2809] netlink: 16 bytes leftover after parsing attributes in process `syz.2.612'. [ 193.319465][ T30] audit: type=1326 audit(2000000050.379:4446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2777 comm="syz.5.606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x50000 [ 193.319501][ T30] audit: type=1326 audit(2000000050.379:4447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2777 comm="syz.5.606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x50000 [ 193.319522][ T30] audit: type=1326 audit(2000000050.379:4448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2777 comm="syz.5.606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x50000 [ 193.319543][ T30] audit: type=1326 audit(2000000050.379:4449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2777 comm="syz.5.606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x50000 [ 193.319563][ T30] audit: type=1326 audit(2000000050.379:4450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2777 comm="syz.5.606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x50000 [ 193.517824][ T2817] syz.3.614[2817] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 193.517891][ T2817] syz.3.614[2817] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 193.592548][ T2816] tc_dump_action: action bad kind [ 193.648972][ T2822] @: renamed from bond_slave_0 [ 193.879138][ T26] kernel write not supported for file /uhid (pid: 26 comm: kworker/1:0) [ 194.030767][ T2841] loop3: detected capacity change from 0 to 256 [ 194.036974][ T731] usb 3-1: new full-speed USB device number 14 using dummy_hcd [ 194.045426][ T2839] netlink: 100 bytes leftover after parsing attributes in process `syz.5.623'. [ 194.207505][ T2842] loop1: detected capacity change from 0 to 16 [ 194.312357][ T2839] loop5: detected capacity change from 0 to 4096 [ 194.324223][ T2841] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 194.349154][ T2842] erofs: (device loop1): mounted with root inode @ nid 36. [ 194.405316][ T2839] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 194.407169][ T2845] loop3: detected capacity change from 0 to 512 [ 194.464039][ T2845] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.624: inode #1: comm syz.3.624: iget: illegal inode # [ 194.478356][ T2845] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.624: error while reading EA inode 1 err=-117 [ 194.490728][ T2845] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.624: inode #1: comm syz.3.624: iget: illegal inode # [ 194.503516][ T2845] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.624: error while reading EA inode 1 err=-117 [ 194.516089][ T2845] EXT4-fs (loop3): 1 orphan inode deleted [ 194.521627][ T2845] EXT4-fs (loop3): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000048000,debug_want_extra_isize=0x000000000000005c,minixdf,max_batch_time=0x0000000000000007,delalloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 194.556125][ T731] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 194.566133][ T731] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 194.698855][ T731] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 194.707981][ T731] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 194.716173][ T731] usb 3-1: SerialNumber: syz [ 194.816278][ T2853] loop3: detected capacity change from 0 to 16 [ 194.839114][ T731] usb 3-1: 0:2 : does not exist [ 194.857953][ T2853] erofs: (device loop3): mounted with root inode @ nid 36. [ 195.148161][ T2860] loop1: detected capacity change from 0 to 512 [ 195.421314][ T2860] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.627: inode #1: comm syz.1.627: iget: illegal inode # [ 195.442443][ T2860] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.627: error while reading EA inode 1 err=-117 [ 195.472035][ T2869] tipc: Enabled bearer , priority 0 [ 195.486906][ T2860] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.627: inode #1: comm syz.1.627: iget: illegal inode # [ 195.509205][ T2871] futex_wake_op: syz.3.631 tries to shift op by 32; fix this program [ 195.539344][ T2869] device batadv_slave_1 entered promiscuous mode [ 195.546480][ T2860] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.627: error while reading EA inode 1 err=-117 [ 195.572439][ T2860] EXT4-fs (loop1): 1 orphan inode deleted [ 195.585762][ T2868] tipc: Disabling bearer [ 195.591377][ T2860] EXT4-fs (loop1): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000048000,debug_want_extra_isize=0x000000000000005c,minixdf,max_batch_time=0x0000000000000007,delalloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 195.715866][ T2879] loop3: detected capacity change from 0 to 128 [ 195.766624][ T2879] EXT4-fs (loop3): Test dummy encryption mode enabled [ 195.774460][ T2879] EXT4-fs (loop3): mounted filesystem without journal. Opts: test_dummy_encryption,,errors=continue. Quota mode: none. [ 195.786841][ T2879] ext4 filesystem being mounted at /141/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 197.200503][ T2891] loop5: detected capacity change from 0 to 512 [ 197.525453][ T2891] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.637: inode #1: comm syz.5.637: iget: illegal inode # [ 197.538912][ T2891] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.637: error while reading EA inode 1 err=-117 [ 197.553239][ T2891] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.637: inode #1: comm syz.5.637: iget: illegal inode # [ 197.567156][ T2891] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.637: error while reading EA inode 1 err=-117 [ 197.580322][ T2891] EXT4-fs (loop5): 1 orphan inode deleted [ 197.585890][ T2891] EXT4-fs (loop5): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000048000,debug_want_extra_isize=0x000000000000005c,minixdf,max_batch_time=0x0000000000000007,delalloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 197.768292][ T30] kauditd_printk_skb: 800 callbacks suppressed [ 197.768320][ T30] audit: type=1326 audit(2000000055.669:5251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2885 comm="syz.5.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 198.382910][ T30] audit: type=1326 audit(2000000055.669:5252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2885 comm="syz.5.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 198.406756][ T30] audit: type=1326 audit(2000000055.669:5253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2885 comm="syz.5.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 198.430288][ T30] audit: type=1326 audit(2000000055.679:5254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2885 comm="syz.5.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 198.454745][ T30] audit: type=1326 audit(2000000055.679:5255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2885 comm="syz.5.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 198.464137][ T26] usb 3-1: USB disconnect, device number 14 [ 198.485363][ T30] audit: type=1326 audit(2000000055.699:5256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2885 comm="syz.5.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=92 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 198.513527][ T30] audit: type=1326 audit(2000000055.699:5257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2885 comm="syz.5.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 198.540738][ T30] audit: type=1326 audit(2000000055.699:5258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2885 comm="syz.5.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 198.572745][ T30] audit: type=1326 audit(2000000055.709:5259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2885 comm="syz.5.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=194 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 198.604446][ T2907] loop3: detected capacity change from 0 to 256 [ 198.637913][ T30] audit: type=1326 audit(2000000055.709:5260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2885 comm="syz.5.637" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 198.669047][ T2902] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 198.677883][ T2907] exfat: Unknown parameter '18446744073709551615' [ 198.754446][ T2922] loop5: detected capacity change from 0 to 512 [ 198.812163][ T2929] loop1: detected capacity change from 0 to 1024 [ 198.828523][ T2922] EXT4-fs error (device loop5): ext4_do_update_inode:5205: inode #3: comm syz.5.649: corrupted inode contents [ 198.844072][ T2922] EXT4-fs error (device loop5): ext4_dirty_inode:6041: inode #3: comm syz.5.649: mark_inode_dirty error [ 198.856866][ T2922] EXT4-fs error (device loop5): ext4_do_update_inode:5205: inode #3: comm syz.5.649: corrupted inode contents [ 198.860539][ T2934] netlink: 40 bytes leftover after parsing attributes in process `syz.3.652'. [ 198.877549][ T2922] EXT4-fs error (device loop5): __ext4_ext_dirty:183: inode #3: comm syz.5.649: mark_inode_dirty error [ 198.889102][ T2922] EXT4-fs error (device loop5): ext4_acquire_dquot:6188: comm syz.5.649: Failed to acquire dquot type 0 [ 198.901376][ T2922] EXT4-fs (loop5): 1 orphan inode deleted [ 198.908609][ T2929] loop1: detected capacity change from 0 to 16 [ 198.910403][ T2922] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 198.925688][ T2929] erofs: (device loop1): mounted with root inode @ nid 36. [ 198.925807][ T2922] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 199.672059][ T2952] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 199.739007][ T2955] netlink: 28 bytes leftover after parsing attributes in process `syz.2.658'. [ 199.748278][ T2955] netlink: 28 bytes leftover after parsing attributes in process `syz.2.658'. [ 199.760198][ T2957] loop5: detected capacity change from 0 to 512 [ 199.786812][ T2956] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 199.886884][ T2957] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.656: inode #1: comm syz.5.656: iget: illegal inode # [ 199.899970][ T2957] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.656: error while reading EA inode 1 err=-117 [ 199.912275][ T2957] EXT4-fs error (device loop5): ext4_xattr_inode_iget:404: comm syz.5.656: inode #1: comm syz.5.656: iget: illegal inode # [ 199.926228][ T2957] EXT4-fs error (device loop5): ext4_xattr_inode_iget:409: comm syz.5.656: error while reading EA inode 1 err=-117 [ 199.938694][ T2957] EXT4-fs (loop5): 1 orphan inode deleted [ 199.944238][ T2957] EXT4-fs (loop5): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000048000,debug_want_extra_isize=0x000000000000005c,minixdf,max_batch_time=0x0000000000000007,delalloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 200.020224][ T2959] loop3: detected capacity change from 0 to 40427 [ 200.045975][ T26] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 200.076061][ T715] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 200.076797][ T2959] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 200.091102][ T2959] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 200.099994][ T2959] F2FS-fs (loop3): invalid crc value [ 200.107168][ T2959] F2FS-fs (loop3): Found nat_bits in checkpoint [ 200.130392][ T2959] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 200.137337][ T2959] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 200.340515][ T2978] loop3: detected capacity change from 0 to 40427 [ 200.426395][ T2978] F2FS-fs (loop3): Invalid SB checksum offset: 0 [ 200.432646][ T2978] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 200.442589][ T2978] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 200.453680][ T26] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 200.464787][ T26] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 200.475691][ T715] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 200.486527][ T26] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 200.499332][ T26] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 200.595647][ T2986] loop5: detected capacity change from 0 to 128 [ 200.602456][ T26] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 200.611366][ T26] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 200.619232][ T26] usb 2-1: Manufacturer: syz [ 200.624032][ T26] usb 2-1: config 0 descriptor?? [ 200.629736][ T2986] EXT4-fs (loop5): Test dummy encryption mode enabled [ 200.637609][ T2986] EXT4-fs (loop5): mounted filesystem without journal. Opts: test_dummy_encryption,,errors=continue. Quota mode: none. [ 200.650106][ T2986] ext4 filesystem being mounted at /33/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 200.686050][ T715] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 200.695066][ T715] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.702859][ T715] usb 3-1: Product: syz [ 200.706876][ T715] usb 3-1: Manufacturer: syz [ 200.712458][ T715] usb 3-1: SerialNumber: syz [ 200.768249][ T2996] tipc: Enabling of bearer rejected, failed to enable media [ 201.128020][ T2961] loop1: detected capacity change from 0 to 512 [ 201.166595][ T2961] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 201.177382][ T2961] EXT4-fs (loop1): 1 truncate cleaned up [ 201.182837][ T2961] EXT4-fs (loop1): mounted filesystem without journal. Opts: debug_want_extra_isize=0x000000000000002e,min_batch_time=0x0000000000000fff,inode_readahead_blks=0x0000000000000080,stripe=0x0000000000004000,errors=remount-ro,max_batch_time=0x0000000000000004,. Quota mode: none. [ 201.209494][ T2961] netlink: 8 bytes leftover after parsing attributes in process `syz.1.660'. [ 201.235991][ T731] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 201.451265][ T3005] loop5: detected capacity change from 0 to 512 [ 201.495959][ T731] usb 4-1: Using ep0 maxpacket: 8 [ 201.516503][ T3005] EXT4-fs (loop5): Ignoring removed bh option [ 201.527289][ T3005] EXT4-fs error (device loop5): ext4_quota_enable:6379: comm syz.5.672: inode #33554432: comm syz.5.672: iget: illegal inode # [ 201.540485][ T3005] EXT4-fs (loop5): Remounting filesystem read-only [ 201.546830][ T3005] EXT4-fs error (device loop5): ext4_quota_enable:6382: comm syz.5.672: Bad quota inode: 33554432, type: 2 [ 201.558240][ T3005] EXT4-fs (loop5): Remounting filesystem read-only [ 201.564556][ T3005] EXT4-fs warning (device loop5): ext4_enable_quotas:6423: Failed to enable quota tracking (type=2, err=-117, ino=33554432). Please run e2fsck to fix. [ 201.580064][ T3005] EXT4-fs (loop5): mount failed [ 201.617969][ T3010] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 201.626178][ T731] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 201.635582][ T731] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.650806][ T731] usb 4-1: config 0 descriptor?? [ 201.726618][ T3005] loop5: detected capacity change from 0 to 256 [ 201.796121][ T26] usbhid 2-1:0.0: can't add hid device: -71 [ 201.803300][ T26] usbhid: probe of 2-1:0.0 failed with error -71 [ 201.810384][ T26] usb 2-1: USB disconnect, device number 9 [ 201.827957][ T3005] exFAT-fs (loop5): failed to read sector(0x300090) [ 201.827957][ T3005] [ 201.836749][ T3005] exFAT-fs (loop5): failed to load upcase table [ 201.843094][ T3005] exFAT-fs (loop5): failed to recognize exfat type [ 201.843743][ T3023] xt_hashlimit: max too large, truncated to 1048576 [ 201.857396][ T715] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 201.863648][ T715] cdc_ncm 3-1:1.0: setting tx_max = 32 [ 201.871482][ T715] cdc_ncm 3-1:1.0 eth1: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM, 42:42:42:42:42:42 [ 201.912630][ T3026] loop1: detected capacity change from 0 to 512 [ 201.925632][ T3026] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.678: inode #1: comm syz.1.678: iget: illegal inode # [ 201.946182][ T731] asix 4-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 201.996285][ T3026] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.678: error while reading EA inode 1 err=-117 [ 202.008581][ T3026] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.678: inode #1: comm syz.1.678: iget: illegal inode # [ 202.027346][ T3026] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.678: error while reading EA inode 1 err=-117 [ 202.039802][ T3026] EXT4-fs (loop1): 1 orphan inode deleted [ 202.045395][ T3026] EXT4-fs (loop1): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000048000,debug_want_extra_isize=0x000000000000005c,minixdf,max_batch_time=0x0000000000000007,delalloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 202.075211][ T384] usb 3-1: USB disconnect, device number 15 [ 202.081778][ T384] cdc_ncm 3-1:1.0 eth1: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM [ 202.217112][ T3061] FAULT_INJECTION: forcing a failure. [ 202.217112][ T3061] name failslab, interval 1, probability 0, space 0, times 0 [ 202.230007][ T3061] CPU: 0 PID: 3061 Comm: syz.1.680 Tainted: G W 5.15.175-syzkaller-00803-g19092c8155b4 #0 [ 202.241024][ T3061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 202.250923][ T3061] Call Trace: [ 202.254045][ T3061] [ 202.256817][ T3061] dump_stack_lvl+0x151/0x1c0 [ 202.261328][ T3061] ? io_uring_drop_tctx_refs+0x190/0x190 [ 202.266795][ T3061] ? kasan_quarantine_put+0x34/0x1a0 [ 202.271916][ T3061] ? kmem_cache_free+0x115/0x330 [ 202.276699][ T3061] ? ____kasan_slab_free+0x131/0x160 [ 202.281817][ T3061] dump_stack+0x15/0x20 [ 202.285807][ T3061] should_fail+0x3c6/0x510 [ 202.290063][ T3061] __should_failslab+0xa4/0xe0 [ 202.294669][ T3061] should_failslab+0x9/0x20 [ 202.298996][ T3061] slab_pre_alloc_hook+0x37/0xd0 [ 202.303770][ T3061] kmem_cache_alloc_trace+0x48/0x270 [ 202.308890][ T3061] ? kobject_uevent_env+0x269/0x700 [ 202.313925][ T3061] kobject_uevent_env+0x269/0x700 [ 202.318788][ T3061] kobject_uevent+0x1f/0x30 [ 202.323123][ T3061] __kobject_del+0xee/0x300 [ 202.327464][ T3061] kobject_put+0x1cc/0x260 [ 202.331714][ T3061] netdev_queue_update_kobjects+0x390/0x400 [ 202.337446][ T3061] ? skb_queue_purge+0x19b/0x1b0 [ 202.342217][ T3061] netif_set_real_num_tx_queues+0x16b/0x7c0 [ 202.347946][ T3061] __tun_detach+0xb78/0x1510 [ 202.352372][ T3061] __tun_chr_ioctl+0xb7c/0x2290 [ 202.357059][ T3061] ? tun_flow_create+0x320/0x320 [ 202.361837][ T3061] ? __fget_files+0x31e/0x380 [ 202.366350][ T3061] tun_chr_ioctl+0x2a/0x40 [ 202.370598][ T3061] ? tun_chr_poll+0x6d0/0x6d0 [ 202.375111][ T3061] __se_sys_ioctl+0x114/0x190 [ 202.379626][ T3061] __x64_sys_ioctl+0x7b/0x90 [ 202.384049][ T3061] x64_sys_call+0x98/0x9a0 [ 202.388304][ T3061] do_syscall_64+0x3b/0xb0 [ 202.392555][ T3061] ? clear_bhb_loop+0x35/0x90 [ 202.397069][ T3061] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 202.402797][ T3061] RIP: 0033:0x7fc7d729bd29 [ 202.407054][ T3061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 202.426493][ T3061] RSP: 002b:00007fc7d590d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 202.434741][ T3061] RAX: ffffffffffffffda RBX: 00007fc7d748bfa0 RCX: 00007fc7d729bd29 [ 202.442547][ T3061] RDX: 0000000020000100 RSI: 00000000400454d9 RDI: 0000000000000007 [ 202.450358][ T3061] RBP: 00007fc7d590d090 R08: 0000000000000000 R09: 0000000000000000 [ 202.458172][ T3061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 202.466068][ T3061] R13: 0000000000000000 R14: 00007fc7d748bfa0 R15: 00007ffd68148e48 [ 202.473884][ T3061] [ 202.766972][ T3068] loop5: detected capacity change from 0 to 256 [ 202.781142][ T3070] loop1: detected capacity change from 0 to 512 [ 207.639109][ T3075] netem: change failed [ 207.672058][ T30] kauditd_printk_skb: 208 callbacks suppressed [ 207.672073][ T30] audit: type=1326 audit(2000000060.589:5467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3058 comm="syz.5.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 207.701197][ T731] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 207.711729][ T731] asix: probe of 4-1:0.0 failed with error -71 [ 207.720057][ T731] usb 4-1: USB disconnect, device number 13 [ 207.727516][ T30] audit: type=1326 audit(2000000060.589:5468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3058 comm="syz.5.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 207.750786][ T30] audit: type=1326 audit(2000000060.599:5469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3058 comm="syz.5.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 207.774299][ T30] audit: type=1326 audit(2000000060.609:5470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3058 comm="syz.5.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 207.800770][ T3086] loop1: detected capacity change from 0 to 128 [ 207.808816][ T30] audit: type=1326 audit(2000000060.609:5471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3058 comm="syz.5.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 207.832550][ T30] audit: type=1326 audit(2000000060.629:5472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3058 comm="syz.5.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 207.878580][ T3089] loop2: detected capacity change from 0 to 128 [ 207.886794][ T30] audit: type=1326 audit(2000000060.629:5473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3058 comm="syz.5.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 207.920166][ T3086] EXT4-fs (loop1): Test dummy encryption mode enabled [ 207.926998][ T3089] EXT4-fs (loop2): Test dummy encryption mode enabled [ 207.973072][ T3086] EXT4-fs (loop1): mounted filesystem without journal. Opts: test_dummy_encryption,,errors=continue. Quota mode: none. [ 207.977435][ T3089] EXT4-fs (loop2): mounted filesystem without journal. Opts: test_dummy_encryption,,errors=continue. Quota mode: none. [ 207.985421][ T3086] ext4 filesystem being mounted at /139/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 207.997916][ T3089] ext4 filesystem being mounted at /111/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 208.067321][ T30] audit: type=1326 audit(2000000060.629:5474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3058 comm="syz.5.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 208.086734][ T3097] xt_TCPMSS: Only works on TCP SYN packets [ 208.122410][ T30] audit: type=1326 audit(2000000060.669:5475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3058 comm="syz.5.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 208.172980][ T30] audit: type=1326 audit(2000000060.669:5476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3058 comm="syz.5.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22f760d29 code=0x7ffc0000 [ 208.241820][ T3085] netlink: 36 bytes leftover after parsing attributes in process `syz.0.688'. [ 208.535960][ T731] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 208.622451][ T3100] loop1: detected capacity change from 0 to 128 [ 208.696510][ T3100] EXT4-fs: failed to create workqueue [ 208.707937][ T3100] EXT4-fs (loop1): mount failed [ 208.912671][ T3108] loop1: detected capacity change from 0 to 256 [ 208.926101][ T731] usb 1-1: config 1 has an invalid descriptor of length 154, skipping remainder of the config [ 208.946399][ T731] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 2 [ 208.986204][ T3108] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 209.005880][ T3108] FAT-fs (loop1): Directory bread(block 64) failed [ 209.012488][ T3108] FAT-fs (loop1): Directory bread(block 65) failed [ 209.018863][ T3108] FAT-fs (loop1): Directory bread(block 66) failed [ 209.025159][ T3108] FAT-fs (loop1): Directory bread(block 67) failed [ 209.031567][ T3108] FAT-fs (loop1): Directory bread(block 68) failed [ 209.037838][ T3108] FAT-fs (loop1): Directory bread(block 69) failed [ 209.044195][ T3108] FAT-fs (loop1): Directory bread(block 70) failed [ 209.050527][ T3108] FAT-fs (loop1): Directory bread(block 71) failed [ 209.056888][ T3108] FAT-fs (loop1): Directory bread(block 72) failed [ 209.063175][ T3108] FAT-fs (loop1): Directory bread(block 73) failed [ 209.146015][ T731] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 209.154875][ T731] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.175522][ T731] usb 1-1: Product: syz [ 209.195948][ T731] usb 1-1: Manufacturer: syz [ 209.200369][ T731] usb 1-1: SerialNumber: syz [ 209.441516][ T3125] loop5: detected capacity change from 0 to 512 [ 209.565208][ T3125] EXT4-fs error (device loop5): ext4_validate_block_bitmap:429: comm syz.5.697: bg 0: block 5: invalid block bitmap [ 209.577483][ T3125] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6183: Corrupt filesystem [ 209.631333][ T3125] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #11: comm syz.5.697: invalid indirect mapped block 3 (level 2) [ 209.757297][ T3125] EXT4-fs (loop5): 1 orphan inode deleted [ 209.759716][ T3137] loop1: detected capacity change from 0 to 512 [ 209.769029][ T3125] EXT4-fs (loop5): 1 truncate cleaned up [ 209.769049][ T3125] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 209.787674][ T3137] EXT4-fs (loop1): Ignoring removed bh option [ 209.817986][ T3137] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.703: inode #11614: comm syz.1.703: iget: illegal inode # [ 209.836434][ T3137] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.703: error while reading EA inode 11614 err=-117 [ 209.849098][ T3137] EXT4-fs (loop1): 1 truncate cleaned up [ 209.854594][ T3137] EXT4-fs (loop1): mounted filesystem without journal. Opts: bh,errors=continue,debug_want_extra_isize=0x000000000000005e,barrier=0x0000000000000008,delalloc,jqfmt=vfsv0,usrjquota=,,errors=continue. Quota mode: none. [ 209.957675][ T292] EXT4-fs error (device loop1): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 209.978109][ T292] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #11: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic e, entries 0, max 15(0), depth 0(0) [ 209.995662][ T292] EXT4-fs error (device loop1): ext4_ext_check_inode:501: inode #11: comm syz-executor: pblk 0 bad header/extent: invalid magic - magic e, entries 0, max 15(0), depth 0(0) [ 210.056053][ T1065] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 210.108214][ T45] tipc: Disabling bearer [ 210.120550][ T45] tipc: Left network mode [ 210.305945][ T1065] usb 3-1: Using ep0 maxpacket: 16 [ 210.317678][ T3148] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.324573][ T3148] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.331924][ T3148] device bridge_slave_0 entered promiscuous mode [ 210.339914][ T3148] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.346822][ T3148] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.355868][ T3148] device bridge_slave_1 entered promiscuous mode [ 210.486001][ T1065] usb 3-1: config 0 has an invalid interface number: 2 but max is 0 [ 210.495109][ T1065] usb 3-1: config 0 has no interface number 0 [ 210.517848][ T1065] usb 3-1: config 0 interface 2 altsetting 0 endpoint 0xB has invalid maxpacket 43743, setting to 1024 [ 210.546044][ T1065] usb 3-1: config 0 interface 2 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 210.686082][ T1065] usb 3-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= 0.88 [ 210.695325][ T1065] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 210.703561][ T1065] usb 3-1: Product: syz [ 210.708196][ T1065] usb 3-1: SerialNumber: syz [ 210.710400][ T819] usb 1-1: USB disconnect, device number 9 [ 210.740324][ T1065] usb 3-1: config 0 descriptor?? [ 210.776679][ T3134] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 210.785022][ T45] device bridge_slave_1 left promiscuous mode [ 210.792063][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.818874][ T45] device bridge_slave_0 left promiscuous mode [ 210.830640][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.122433][ T3163] loop5: detected capacity change from 0 to 1024 [ 213.169902][ T3163] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue. Quota mode: none. [ 213.254850][ T3148] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.261751][ T3148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.268858][ T3148] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.275720][ T3148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.303879][ T1066] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.313188][ T1066] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.430226][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 213.436688][ T1065] usb 3-1: invalid MIDI in EP 0 [ 213.437984][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 213.442257][ T1065] snd-usb-audio: probe of 3-1:0.2 failed with error -22 [ 213.460588][ T1065] usb 3-1: USB disconnect, device number 16 [ 213.466474][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 213.474785][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 213.485972][ T30] kauditd_printk_skb: 24 callbacks suppressed [ 213.485986][ T30] audit: type=1400 audit(2000000071.459:5501): avc: denied { create } for pid=3171 comm="syz.5.712" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 213.522585][ T3172] loop5: detected capacity change from 0 to 256 [ 213.523446][ T403] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.535521][ T403] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.543786][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 213.552170][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 213.560357][ T403] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.567219][ T403] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.588055][ T3148] device veth0_vlan entered promiscuous mode [ 213.601160][ T3148] device veth1_macvtap entered promiscuous mode [ 213.641584][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 213.656239][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 213.664054][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 213.672222][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 213.680478][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 213.688944][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 213.697047][ T3177] loop3: detected capacity change from 0 to 256 [ 213.697626][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 213.711032][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 213.719092][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 213.727304][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 213.727377][ T3177] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 213.757191][ T3177] FAT-fs (loop3): Directory bread(block 64) failed [ 213.763526][ T3177] FAT-fs (loop3): Directory bread(block 65) failed [ 213.769961][ T3177] FAT-fs (loop3): Directory bread(block 66) failed [ 213.776303][ T3177] FAT-fs (loop3): Directory bread(block 67) failed [ 213.782842][ T3177] FAT-fs (loop3): Directory bread(block 68) failed [ 213.789250][ T3177] FAT-fs (loop3): Directory bread(block 69) failed [ 213.795642][ T3177] FAT-fs (loop3): Directory bread(block 70) failed [ 213.802047][ T3177] FAT-fs (loop3): Directory bread(block 71) failed [ 213.808451][ T3177] FAT-fs (loop3): Directory bread(block 72) failed [ 213.814810][ T3177] FAT-fs (loop3): Directory bread(block 73) failed [ 213.830206][ T3181] loop6: detected capacity change from 0 to 128 [ 213.863560][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 213.890286][ T3181] EXT4-fs (loop6): Test dummy encryption mode enabled [ 213.910349][ T819] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 213.945729][ T3181] EXT4-fs (loop6): mounted filesystem without journal. Opts: test_dummy_encryption,,errors=continue. Quota mode: none. [ 213.958507][ T3181] ext4 filesystem being mounted at /0/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 214.152501][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 214.273294][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 214.335449][ T3185] loop5: detected capacity change from 0 to 1024 [ 214.361787][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 214.832913][ T3189] loop2: detected capacity change from 0 to 512 [ 214.926109][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 214.939079][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 214.947437][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 215.125500][ T3189] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.716: inode #1: comm syz.2.716: iget: illegal inode # [ 215.138837][ T3189] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.716: error while reading EA inode 1 err=-117 [ 215.151039][ T3189] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.716: inode #1: comm syz.2.716: iget: illegal inode # [ 215.164160][ T3189] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.716: error while reading EA inode 1 err=-117 [ 215.176454][ T3189] EXT4-fs (loop2): 1 orphan inode deleted [ 215.181993][ T3189] EXT4-fs (loop2): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000048000,debug_want_extra_isize=0x000000000000005c,minixdf,max_batch_time=0x0000000000000007,delalloc,nodioread_nolock,,errors=continue. Quota mode: none. [ 215.220366][ T30] audit: type=1326 audit(2000000073.179:5502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3186 comm="syz.2.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff8673dd29 code=0x7ffc0000 [ 215.252323][ T30] audit: type=1326 audit(2000000073.179:5503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3186 comm="syz.2.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff8673dd29 code=0x7ffc0000 [ 215.276104][ T30] audit: type=1326 audit(2000000073.179:5504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3186 comm="syz.2.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7eff8673dd29 code=0x7ffc0000 [ 215.348042][ T30] audit: type=1326 audit(2000000073.179:5505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3186 comm="syz.2.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff8673dd29 code=0x7ffc0000 [ 215.401799][ T30] audit: type=1326 audit(2000000073.179:5506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3186 comm="syz.2.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff8673dd29 code=0x7ffc0000 [ 215.425201][ T819] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 215.445540][ T819] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 215.465405][ T30] audit: type=1326 audit(2000000073.179:5507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3186 comm="syz.2.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7eff8673dd29 code=0x7ffc0000 [ 215.491664][ T30] audit: type=1326 audit(2000000073.179:5508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3186 comm="syz.2.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff8673dd29 code=0x7ffc0000 [ 215.515176][ T30] audit: type=1326 audit(2000000073.179:5509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3186 comm="syz.2.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff8673dd29 code=0x7ffc0000 [ 215.555566][ T3195] loop6: detected capacity change from 0 to 512 [ 215.560977][ T3192] loop3: detected capacity change from 0 to 40427 [ 215.561857][ T819] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 215.571897][ T30] audit: type=1326 audit(2000000073.179:5510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3186 comm="syz.2.716" exe="/root/syz-executor" sig=0 arch=c000003e syscall=92 compat=0 ip=0x7eff8673dd29 code=0x7ffc0000 [ 215.583362][ T819] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 215.610249][ T3192] F2FS-fs (loop3): invalid crc value [ 215.621073][ T3185] loop5: detected capacity change from 0 to 512 [ 215.621085][ T3192] F2FS-fs (loop3): Found nat_bits in checkpoint [ 215.656361][ T3195] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 215.668906][ T3192] F2FS-fs (loop3): Start checkpoint disabled! [ 215.678271][ T3195] EXT4-fs (loop6): 1 truncate cleaned up [ 215.683729][ T3195] EXT4-fs (loop6): mounted filesystem without journal. Opts: errors=remount-ro,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,resgid=0x0000000000000000,block_validity,quota,. Quota mode: writeback. [ 215.694182][ T819] usb 1-1: SerialNumber: syz [ 215.709487][ T3192] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 215.717050][ T3185] EXT4-fs (loop5): Mount option "nojournal_checksum" incompatible with ext2 [ 215.788755][ T819] usb 1-1: 0:2 : does not exist [ 215.862969][ T3203] loop2: detected capacity change from 0 to 512 [ 216.245015][ T3203] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm syz.2.719: bg 0: block 5: invalid block bitmap [ 216.292647][ T3203] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6183: Corrupt filesystem [ 216.339442][ T3203] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.719: invalid indirect mapped block 3 (level 2) [ 216.440110][ T3211] loop5: detected capacity change from 0 to 16 [ 216.508312][ T3203] EXT4-fs (loop2): 1 orphan inode deleted [ 216.525751][ T3203] EXT4-fs (loop2): 1 truncate cleaned up [ 216.544672][ T3203] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 216.888157][ T45] attempt to access beyond end of device [ 216.888157][ T45] loop3: rw=2049, want=40976, limit=40427 [ 216.926039][ T3211] erofs: (device loop5): mounted with root inode @ nid 36. [ 217.204598][ T3221] netlink: 12 bytes leftover after parsing attributes in process `syz.6.724'. [ 217.792090][ T3224] loop5: detected capacity change from 0 to 1024 [ 218.522600][ T819] usb 1-1: USB disconnect, device number 10 [ 218.597400][ T3224] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue. Quota mode: none. [ 218.917427][ T3235] loop6: detected capacity change from 0 to 512 [ 219.027387][ T3235] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 219.039239][ T3235] ext4 filesystem being mounted at /5/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 219.059968][ T30] kauditd_printk_skb: 17 callbacks suppressed [ 219.059983][ T30] audit: type=1400 audit(2000000077.029:5528): avc: denied { mount } for pid=3238 comm="syz.3.729" name="/" dev="ramfs" ino=27545 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 219.132751][ T3243] loop5: detected capacity change from 0 to 512 [ 219.160708][ T30] audit: type=1400 audit(2000000077.109:5529): avc: denied { execute } for pid=3238 comm="syz.3.729" name="file1" dev="ramfs" ino=26412 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 219.182832][ T30] audit: type=1400 audit(2000000077.129:5530): avc: denied { execute_no_trans } for pid=3238 comm="syz.3.729" path="/156/file1/file1" dev="ramfs" ino=26412 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 219.278795][ T3243] EXT4-fs error (device loop5): ext4_do_update_inode:5205: inode #3: comm syz.5.727: corrupted inode contents [ 219.290887][ T3243] EXT4-fs error (device loop5): ext4_dirty_inode:6041: inode #3: comm syz.5.727: mark_inode_dirty error [ 219.302725][ T3243] EXT4-fs error (device loop5): ext4_do_update_inode:5205: inode #3: comm syz.5.727: corrupted inode contents [ 219.314715][ T3243] EXT4-fs error (device loop5): __ext4_ext_dirty:183: inode #3: comm syz.5.727: mark_inode_dirty error [ 219.327285][ T3243] Quota error (device loop5): write_blk: dquota write failed [ 219.334659][ T3243] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 219.337478][ T3239] loop3: detected capacity change from 0 to 40427 [ 219.344881][ T3243] EXT4-fs error (device loop5): ext4_acquire_dquot:6188: comm syz.5.727: Failed to acquire dquot type 0 [ 219.354610][ T30] audit: type=1400 audit(2000000077.329:5531): avc: denied { mounton } for pid=3238 comm="syz.3.729" path="/156/file1/bus" dev="ramfs" ino=27554 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1 [ 219.363397][ T3243] EXT4-fs (loop5): 1 orphan inode deleted [ 219.390856][ T3243] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 219.393186][ T3246] loop2: detected capacity change from 0 to 512 [ 219.410276][ T3243] ext4 filesystem being mounted at /48/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 219.489114][ T3239] F2FS-fs (loop3): Unrecognized mount option "0xffffffffffffffff" or missing value [ 219.501462][ T3246] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm syz.2.730: bg 0: block 5: invalid block bitmap [ 219.514985][ T3246] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6183: Corrupt filesystem [ 219.524479][ T3246] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.730: invalid indirect mapped block 3 (level 2) [ 219.537809][ T3246] EXT4-fs (loop2): 1 orphan inode deleted [ 219.543498][ T3246] EXT4-fs (loop2): 1 truncate cleaned up [ 219.549010][ T3246] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 219.893934][ T30] audit: type=1400 audit(2000000077.859:5532): avc: denied { unmount } for pid=295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 220.103572][ T3266] netem: change failed [ 220.586064][ T30] audit: type=1400 audit(2000000078.509:5533): avc: denied { bind } for pid=3269 comm="syz.2.735" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 220.696664][ T30] audit: type=1400 audit(2000000078.509:5534): avc: denied { listen } for pid=3269 comm="syz.2.735" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 221.205562][ T3288] loop2: detected capacity change from 0 to 512 [ 221.337645][ T3288] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 221.376602][ T3288] ext4 filesystem being mounted at /120/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 221.615246][ T3280] loop5: detected capacity change from 0 to 128 [ 221.710172][ T3280] FAT-fs (loop5): bogus number of reserved sectors [ 221.723669][ T3280] FAT-fs (loop5): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 221.759050][ T3280] FAT-fs (loop5): Can't find a valid FAT filesystem [ 221.955958][ T819] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 222.013825][ T3306] loop5: detected capacity change from 0 to 512 [ 222.076443][ T3306] EXT4-fs (loop5): Ignoring removed mblk_io_submit option [ 222.083429][ T3306] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 222.117733][ T3306] EXT4-fs (loop5): 1 truncate cleaned up [ 222.138039][ T3306] EXT4-fs (loop5): mounted filesystem without journal. Opts: i_version,mblk_io_submit,discard,journal_ioprio=0x0000000000000003,block_validity,data_err=abort,,errors=continue. Quota mode: none. [ 222.176715][ T30] audit: type=1400 audit(2000000080.149:5535): avc: denied { watch watch_reads } for pid=3305 comm="syz.5.746" path="/50/file0" dev="loop5" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 222.207600][ T3306] EXT4-fs (loop5): resizing filesystem from 256 to 1 blocks [ 222.225099][ T3306] EXT4-fs warning (device loop5): ext4_resize_fs:2004: can't shrink FS - resize aborted [ 222.399556][ T3313] loop5: detected capacity change from 0 to 512 [ 222.456010][ T819] usb 7-1: config 3 has an invalid interface number: 227 but max is 1 [ 222.465432][ T3313] EXT4-fs error (device loop5): ext4_do_update_inode:5205: inode #3: comm syz.5.747: corrupted inode contents [ 222.474264][ T819] usb 7-1: config 3 contains an unexpected descriptor of type 0x2, skipping [ 222.488003][ T3313] EXT4-fs error (device loop5): ext4_dirty_inode:6041: inode #3: comm syz.5.747: mark_inode_dirty error [ 222.506435][ T3313] EXT4-fs error (device loop5): ext4_do_update_inode:5205: inode #3: comm syz.5.747: corrupted inode contents [ 222.541854][ T3313] EXT4-fs error (device loop5): __ext4_ext_dirty:183: inode #3: comm syz.5.747: mark_inode_dirty error [ 222.554920][ T819] usb 7-1: config 3 has an invalid interface number: 31 but max is 1 [ 222.578368][ T819] usb 7-1: config 3 contains an unexpected descriptor of type 0x2, skipping [ 222.593325][ T3313] EXT4-fs error (device loop5): ext4_acquire_dquot:6188: comm syz.5.747: Failed to acquire dquot type 0 [ 222.615261][ T819] usb 7-1: config 3 has an invalid descriptor of length 238, skipping remainder of the config [ 222.639152][ T3313] EXT4-fs (loop5): 1 orphan inode deleted [ 222.651994][ T819] usb 7-1: config 3 has no interface number 0 [ 222.662371][ T3313] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 222.681296][ T819] usb 7-1: config 3 has no interface number 1 [ 222.696120][ T3313] ext4 filesystem being mounted at /51/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 222.698951][ T819] usb 7-1: config 3 interface 227 altsetting 254 endpoint 0x6 has an invalid bInterval 40, changing to 7 [ 222.788678][ T3318] netlink: 60 bytes leftover after parsing attributes in process `syz.0.748'. [ 222.797517][ T3318] netlink: 60 bytes leftover after parsing attributes in process `syz.0.748'. [ 222.798884][ T819] usb 7-1: config 3 interface 227 altsetting 254 has a duplicate endpoint with address 0x6, skipping [ 222.816941][ T819] usb 7-1: config 3 interface 227 altsetting 254 has a duplicate endpoint with address 0xE, skipping [ 222.827602][ T819] usb 7-1: config 3 interface 227 altsetting 254 has an invalid endpoint with address 0x0, skipping [ 222.871793][ T819] usb 7-1: config 3 interface 227 altsetting 254 endpoint 0x8 has invalid maxpacket 23480, setting to 64 [ 222.883001][ T819] usb 7-1: config 3 interface 227 altsetting 254 has a duplicate endpoint with address 0x1, skipping [ 222.894140][ T819] usb 7-1: config 3 interface 227 altsetting 254 has a duplicate endpoint with address 0x1, skipping [ 222.982029][ T819] usb 7-1: config 3 interface 227 altsetting 254 endpoint 0xB has invalid maxpacket 1023, setting to 64 [ 222.993097][ T819] usb 7-1: config 3 interface 227 altsetting 254 has a duplicate endpoint with address 0xA, skipping [ 223.003931][ T819] usb 7-1: config 3 interface 31 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 11 [ 223.068742][ T819] usb 7-1: config 3 interface 227 has no altsetting 0 [ 223.170727][ T819] usb 7-1: config 3 interface 31 has no altsetting 0 [ 223.207192][ T3325] loop3: detected capacity change from 0 to 512 [ 223.227475][ T3325] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 223.238412][ T3325] ext4 filesystem being mounted at /162/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 223.312875][ T3328] overlayfs: overlapping lowerdir path [ 223.396150][ T819] usb 7-1: New USB device found, idVendor=0582, idProduct=0159, bcdDevice=f4.6d [ 223.555885][ T819] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.604855][ T819] usb 7-1: Product: ቫ붴乪暨硝좻騯꾚魄샅氟搥뷙参ᄼ૮㙂葧☷ࣳ톈铏暘푾嚙੧⫇䎟괙쓭ᴀ꧋甩닅؝傎굋쵇챕룸﮸ﲼ슋舱뛱鶊饁铺䀶ণ脥⛣ౄ蕾ꅲꐑ梊歜듅嬖␮벌퇣ଜ엒ᰙ뜼슬ᇪⳞ柎쵂 [ 223.629926][ T819] usb 7-1: Manufacturer: ఉ [ 223.634420][ T819] usb 7-1: SerialNumber: ⠉ [ 223.718977][ T3335] loop2: detected capacity change from 0 to 512 [ 224.178474][ T3303] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 224.269335][ T3335] EXT4-fs error (device loop2): ext4_do_update_inode:5205: inode #16: comm syz.2.751: corrupted inode contents [ 224.282064][ T3335] EXT4-fs error (device loop2): ext4_dirty_inode:6041: inode #16: comm syz.2.751: mark_inode_dirty error [ 224.295142][ T3335] EXT4-fs error (device loop2): ext4_do_update_inode:5205: inode #16: comm syz.2.751: corrupted inode contents [ 224.307603][ T3335] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #16: comm syz.2.751: mark_inode_dirty error [ 224.320207][ T3335] EXT4-fs error (device loop2): ext4_do_update_inode:5205: inode #16: comm syz.2.751: corrupted inode contents [ 224.332782][ T3335] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 224.342269][ T3335] EXT4-fs error (device loop2): ext4_do_update_inode:5205: inode #16: comm syz.2.751: corrupted inode contents [ 224.354771][ T3335] EXT4-fs error (device loop2): ext4_truncate:4303: inode #16: comm syz.2.751: mark_inode_dirty error [ 224.366438][ T3335] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 224.377945][ T3335] EXT4-fs (loop2): 1 truncate cleaned up [ 224.383436][ T3335] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 224.394587][ T3335] ext4 filesystem being mounted at /121/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 224.766024][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 224.766040][ T30] audit: type=1400 audit(2000000082.729:5538): avc: denied { listen } for pid=3302 comm="syz.6.744" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 224.968976][ T3353] loop5: detected capacity change from 0 to 128 [ 225.581847][ T3353] EXT4-fs (loop5): Test dummy encryption mode enabled [ 225.590118][ T3353] EXT4-fs (loop5): mounted filesystem without journal. Opts: test_dummy_encryption,,errors=continue. Quota mode: none. [ 225.602732][ T3353] ext4 filesystem being mounted at /54/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 225.768042][ T3362] loop2: detected capacity change from 0 to 16 [ 225.904318][ T3362] erofs: (device loop2): mounted with root inode @ nid 36. [ 225.985418][ T819] usb 7-1: USB disconnect, device number 2 [ 226.024180][ T3366] loop3: detected capacity change from 0 to 512 [ 226.050199][ T3366] EXT4-fs error (device loop3): ext4_do_update_inode:5205: inode #3: comm syz.3.759: corrupted inode contents [ 226.106195][ T3366] EXT4-fs error (device loop3): ext4_dirty_inode:6041: inode #3: comm syz.3.759: mark_inode_dirty error [ 226.117996][ T3366] EXT4-fs error (device loop3): ext4_do_update_inode:5205: inode #3: comm syz.3.759: corrupted inode contents [ 226.131196][ T3366] EXT4-fs error (device loop3): __ext4_ext_dirty:183: inode #3: comm syz.3.759: mark_inode_dirty error [ 226.143924][ T3366] Quota error (device loop3): write_blk: dquota write failed [ 226.151966][ T3366] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 226.162382][ T3366] EXT4-fs error (device loop3): ext4_acquire_dquot:6188: comm syz.3.759: Failed to acquire dquot type 0 [ 226.174743][ T3366] EXT4-fs (loop3): 1 orphan inode deleted [ 226.180531][ T3366] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 226.191883][ T3366] ext4 filesystem being mounted at /163/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 226.803022][ T3387] loop2: detected capacity change from 0 to 512 [ 226.827314][ T30] audit: type=1326 audit(2000000084.799:5539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3367 comm="syz.6.761" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f452b572d29 code=0x0 [ 226.937899][ T30] audit: type=1400 audit(2000000084.909:5540): avc: denied { write } for pid=3367 comm="syz.6.761" name="uinput" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 226.968463][ T3387] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm syz.2.763: bg 0: block 5: invalid block bitmap [ 226.981606][ T3387] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6183: Corrupt filesystem [ 226.990410][ T3387] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.763: invalid indirect mapped block 3 (level 2) [ 227.003811][ T3387] EXT4-fs (loop2): 1 orphan inode deleted [ 227.007590][ T3392] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.009437][ T3387] EXT4-fs (loop2): 1 truncate cleaned up [ 227.021816][ T3387] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 227.118933][ T3397] FAULT_INJECTION: forcing a failure. [ 227.118933][ T3397] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 227.159827][ T3397] CPU: 1 PID: 3397 Comm: syz.5.766 Tainted: G W 5.15.175-syzkaller-00803-g19092c8155b4 #0 [ 227.170965][ T3397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 227.180867][ T3397] Call Trace: [ 227.183985][ T3397] [ 227.186761][ T3397] dump_stack_lvl+0x151/0x1c0 [ 227.191278][ T3397] ? io_uring_drop_tctx_refs+0x190/0x190 [ 227.196750][ T3397] ? bpf_get_stack+0x31/0x40 [ 227.201261][ T3397] dump_stack+0x15/0x20 [ 227.205247][ T3397] should_fail+0x3c6/0x510 [ 227.209501][ T3397] should_fail_alloc_page+0x5a/0x80 [ 227.214533][ T3397] prepare_alloc_pages+0x15c/0x700 [ 227.219484][ T3397] ? __alloc_pages_bulk+0xd80/0xd80 [ 227.224514][ T3397] ? __kasan_check_write+0x14/0x20 [ 227.229461][ T3397] ? _raw_spin_trylock+0xcd/0x1a0 [ 227.234324][ T3397] __alloc_pages+0x18c/0x8f0 [ 227.238750][ T3397] ? prep_new_page+0x110/0x110 [ 227.243349][ T3397] ? lru_cache_add+0x279/0x540 [ 227.247950][ T3397] handle_pte_fault+0xe7e/0x25c0 [ 227.252722][ T3397] ? fault_around_bytes_set+0xc0/0xc0 [ 227.257935][ T3397] ? do_handle_mm_fault+0x159f/0x2400 [ 227.263134][ T3397] ? memcpy+0x56/0x70 [ 227.266953][ T3397] do_handle_mm_fault+0x20bc/0x2400 [ 227.271993][ T3397] ? numa_migrate_prep+0xe0/0xe0 [ 227.276762][ T3397] ? memset+0x35/0x40 [ 227.280591][ T3397] ? get_unmapped_area+0x31d/0x380 [ 227.285528][ T3397] ? userfaultfd_unmap_prep+0x4a0/0x4a0 [ 227.290915][ T3397] ? down_read_trylock+0x3d6/0x7d0 [ 227.295858][ T3397] ? debug_smp_processor_id+0x17/0x20 [ 227.301066][ T3397] ? exc_page_fault+0x222/0x7f0 [ 227.305752][ T3397] ? access_error+0x246/0x270 [ 227.310266][ T3397] exc_page_fault+0x26f/0x7f0 [ 227.314783][ T3397] asm_exc_page_fault+0x27/0x30 [ 227.319466][ T3397] RIP: 0033:0x7fc22f623ba3 [ 227.323717][ T3397] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 227.343163][ T3397] RSP: 002b:00007fc22ddd14a0 EFLAGS: 00010206 [ 227.349062][ T3397] RAX: 0000000000002000 RBX: 00007fc22ddd1540 RCX: 00007fc2259b2000 [ 227.356876][ T3397] RDX: 00007fc22ddd16e0 RSI: 000000000000001f RDI: 00007fc22ddd15e0 [ 227.364681][ T3397] RBP: 0000000000000048 R08: 0000000000000009 R09: 00000000000001ad [ 227.372493][ T3397] R10: 00000000000001b6 R11: 00007fc22ddd1540 R12: 0000000000000801 [ 227.380302][ T3397] R13: 00007fc22f7f4040 R14: 00000000000000ed R15: 00007fc22ddd15e0 [ 227.388118][ T3397] [ 227.554045][ T3399] loop6: detected capacity change from 0 to 512 [ 227.614796][ T3397] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 227.621277][ T3399] EXT4-fs (loop6): Ignoring removed orlov option [ 227.624202][ T3397] loop5: detected capacity change from 0 to 512 [ 227.630556][ T3399] EXT4-fs (loop6): Test dummy encryption mode enabled [ 227.641641][ T3399] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 227.654071][ T3399] EXT4-fs (loop6): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 227.664864][ T3399] EXT4-fs (loop6): group descriptors corrupted! [ 227.673165][ T3397] EXT4-fs (loop5): Ignoring removed orlov option [ 227.686127][ T3397] EXT4-fs (loop5): Test dummy encryption mode enabled [ 227.692727][ T3397] EXT4-fs (loop5): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 227.704651][ T30] audit: type=1400 audit(2000000085.659:5541): avc: denied { ioctl } for pid=3401 comm="syz.2.768" path="socket:[27859]" dev="sockfs" ino=27859 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 227.704848][ T10] Bluetooth: hci0: Frame reassembly failed (-84) [ 227.731419][ T3397] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 227.747171][ T3397] EXT4-fs (loop5): group descriptors corrupted! [ 227.872314][ T3408] loop6: detected capacity change from 0 to 512 [ 227.970587][ T3408] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 227.982011][ T3408] ext4 filesystem being mounted at /11/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 228.044922][ T3412] loop5: detected capacity change from 0 to 256 [ 228.123455][ T3414] binder: 3413:3414 ioctl c0306201 0 returned -14 [ 228.238598][ T3412] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 228.256170][ T3412] FAT-fs (loop5): Directory bread(block 64) failed [ 228.262537][ T3412] FAT-fs (loop5): Directory bread(block 65) failed [ 228.268917][ T3412] FAT-fs (loop5): Directory bread(block 66) failed [ 228.275177][ T3412] FAT-fs (loop5): Directory bread(block 67) failed [ 228.281606][ T3412] FAT-fs (loop5): Directory bread(block 68) failed [ 228.287861][ T3412] FAT-fs (loop5): Directory bread(block 69) failed [ 228.353041][ T3417] binder: 3413:3417 ioctl 4b71 0 returned -22 [ 229.183305][ T3412] FAT-fs (loop5): Directory bread(block 70) failed [ 229.189688][ T3412] FAT-fs (loop5): Directory bread(block 71) failed [ 229.196286][ T3412] FAT-fs (loop5): Directory bread(block 72) failed [ 229.202616][ T3412] FAT-fs (loop5): Directory bread(block 73) failed [ 229.417184][ T3423] loop3: detected capacity change from 0 to 128 [ 229.454286][ T30] audit: type=1400 audit(2000000087.419:5542): avc: denied { create } for pid=3425 comm="syz.0.775" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 229.530909][ T3423] EXT4-fs (loop3): Test dummy encryption mode enabled [ 229.544920][ T3423] EXT4-fs (loop3): mounted filesystem without journal. Opts: test_dummy_encryption,,errors=continue. Quota mode: none. [ 229.557895][ T3423] ext4 filesystem being mounted at /165/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 229.766256][ T819] Bluetooth: hci0: command 0x1003 tx timeout [ 229.772761][ T704] Bluetooth: hci0: sending frame failed (-49) [ 229.938247][ T30] audit: type=1400 audit(2000000087.909:5543): avc: denied { create } for pid=3435 comm="syz.5.776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 229.957692][ T3436] loop5: detected capacity change from 0 to 1024 [ 230.016330][ T3436] EXT4-fs (loop5): Ignoring removed orlov option [ 230.022584][ T3436] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option [ 230.037149][ T3436] EXT4-fs (loop5): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 230.065518][ T30] audit: type=1400 audit(2000000088.029:5544): avc: denied { unlink } for pid=3435 comm="syz.5.776" name="file0" dev="loop5" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 230.152060][ T30] audit: type=1400 audit(2000000088.119:5545): avc: denied { ioctl } for pid=3443 comm="syz.6.778" path="socket:[27923]" dev="sockfs" ino=27923 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 230.156002][ T3444] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 230.185037][ T3444] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 230.194506][ T3444] overlayfs: missing 'lowerdir' [ 230.965093][ T3449] loop3: detected capacity change from 0 to 512 [ 230.982232][ T3454] tipc: Enabling of bearer rejected, failed to enable media [ 231.007079][ T3449] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm syz.3.779: bg 0: block 5: invalid block bitmap [ 231.022957][ T3457] netlink: 'syz.0.781': attribute type 32 has an invalid length. [ 231.025041][ T3449] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6183: Corrupt filesystem [ 231.037993][ T3457] netlink: 52 bytes leftover after parsing attributes in process `syz.0.781'. [ 231.039522][ T3449] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.779: invalid indirect mapped block 3 (level 2) [ 231.049189][ T3457] bridge_slave_0: default FDB implementation only supports local addresses [ 231.061541][ T3449] EXT4-fs (loop3): 1 orphan inode deleted [ 231.074708][ T3449] EXT4-fs (loop3): 1 truncate cleaned up [ 231.080403][ T3449] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 231.398928][ T3463] loop3: detected capacity change from 0 to 256 [ 231.516860][ T3463] exFAT-fs (loop3): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 231.607087][ T3465] loop6: detected capacity change from 0 to 256 [ 231.883925][ T1065] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 231.891250][ T2246] Bluetooth: hci0: command 0x1001 tx timeout [ 231.938191][ T30] audit: type=1326 audit(2000000089.909:5546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3464 comm="syz.6.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f452b572d29 code=0x7ffc0000 [ 231.991768][ T704] Bluetooth: hci0: sending frame failed (-49) [ 232.136979][ T30] audit: type=1326 audit(2000000089.909:5547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3464 comm="syz.6.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f452b572d29 code=0x7ffc0000 [ 232.215043][ T30] audit: type=1326 audit(2000000089.909:5548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3464 comm="syz.6.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f452b572d29 code=0x7ffc0000 [ 232.238602][ T30] audit: type=1326 audit(2000000089.909:5549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3464 comm="syz.6.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f452b572d29 code=0x7ffc0000 [ 232.262207][ T30] audit: type=1326 audit(2000000089.909:5550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3464 comm="syz.6.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f452b572d29 code=0x7ffc0000 [ 232.287297][ T30] audit: type=1326 audit(2000000089.909:5551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3464 comm="syz.6.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f452b572d29 code=0x7ffc0000 [ 232.311259][ T30] audit: type=1326 audit(2000000089.909:5552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3464 comm="syz.6.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f452b572d29 code=0x7ffc0000 [ 232.362954][ T3476] loop5: detected capacity change from 0 to 256 [ 232.385950][ T1065] usb 1-1: Using ep0 maxpacket: 16 [ 232.393897][ T3471] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 232.406451][ T3476] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 232.427357][ T3471] kvm: pic: level sensitive irq not supported [ 232.427420][ T3471] kvm: pic: non byte read [ 232.438023][ T3471] kvm: pic: level sensitive irq not supported [ 232.438100][ T3471] kvm: pic: non byte read [ 232.455982][ T368] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 232.464150][ T3476] FAT-fs (loop5): Directory bread(block 64) failed [ 232.470791][ T3476] FAT-fs (loop5): Directory bread(block 65) failed [ 232.477234][ T3476] FAT-fs (loop5): Directory bread(block 66) failed [ 232.483589][ T3476] FAT-fs (loop5): Directory bread(block 67) failed [ 232.489967][ T3476] FAT-fs (loop5): Directory bread(block 68) failed [ 232.496275][ T3476] FAT-fs (loop5): Directory bread(block 69) failed [ 232.502623][ T3476] FAT-fs (loop5): Directory bread(block 70) failed [ 232.508966][ T3476] FAT-fs (loop5): Directory bread(block 71) failed [ 232.515303][ T3476] FAT-fs (loop5): Directory bread(block 72) failed [ 232.521611][ T3476] FAT-fs (loop5): Directory bread(block 73) failed [ 232.539830][ T3471] kvm: pic: level sensitive irq not supported [ 232.539909][ T3471] kvm: pic: non byte read [ 232.550771][ T3471] kvm: pic: level sensitive irq not supported [ 232.550820][ T3471] kvm: pic: non byte read [ 232.731851][ T3481] loop3: detected capacity change from 0 to 1024 [ 232.786153][ T1065] usb 1-1: New USB device found, idVendor=067b, idProduct=aaa8, bcdDevice=c3.0c [ 232.818143][ T3481] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue. Quota mode: none. [ 232.874455][ T1065] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.884041][ T1065] usb 1-1: Product: syz [ 232.891515][ T1065] usb 1-1: Manufacturer: syz [ 232.897574][ T1065] usb 1-1: SerialNumber: syz [ 232.965587][ T368] usb 7-1: device descriptor read/64, error -71 [ 233.032689][ T1065] usb 1-1: config 0 descriptor?? [ 233.131001][ T1065] pl2303 1-1:0.0: required endpoints missing [ 233.187730][ T3487] loop5: detected capacity change from 0 to 512 [ 233.314748][ T3487] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 233.341538][ T1065] usb 1-1: USB disconnect, device number 11 [ 233.393802][ T3487] ext4 filesystem being mounted at /64/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 233.404496][ T368] usb 7-1: device descriptor read/64, error -71 [ 233.695949][ T368] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 233.816212][ T3493] loop3: detected capacity change from 0 to 1024 [ 233.973558][ T3493] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue. Quota mode: none. [ 234.162306][ T368] usb 7-1: device descriptor read/64, error -71 [ 234.326372][ T2246] Bluetooth: hci0: command 0x1009 tx timeout [ 234.983248][ T3511] netlink: 44 bytes leftover after parsing attributes in process `syz.5.794'. [ 236.145978][ T819] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 236.218116][ T3522] loop6: detected capacity change from 0 to 256 [ 236.256829][ T3522] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 236.273794][ T3522] FAT-fs (loop6): Directory bread(block 64) failed [ 236.280184][ T3522] FAT-fs (loop6): Directory bread(block 65) failed [ 236.286513][ T3522] FAT-fs (loop6): Directory bread(block 66) failed [ 236.292788][ T3522] FAT-fs (loop6): Directory bread(block 67) failed [ 236.299165][ T3522] FAT-fs (loop6): Directory bread(block 68) failed [ 236.305581][ T3522] FAT-fs (loop6): Directory bread(block 69) failed [ 236.311987][ T3522] FAT-fs (loop6): Directory bread(block 70) failed [ 236.318259][ T3522] FAT-fs (loop6): Directory bread(block 71) failed [ 236.324608][ T3522] FAT-fs (loop6): Directory bread(block 72) failed [ 236.330930][ T3522] FAT-fs (loop6): Directory bread(block 73) failed [ 236.383766][ T3527] loop5: detected capacity change from 0 to 1024 [ 236.517461][ T3527] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,lazytime,noblock_validity,,errors=continue. Quota mode: none. [ 237.495302][ T3548] device syzkaller0 entered promiscuous mode [ 237.605962][ T819] usb 4-1: device descriptor read/64, error -71 [ 237.627201][ T3561] loop6: detected capacity change from 0 to 256 [ 237.655372][ T3561] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 237.687239][ T30] kauditd_printk_skb: 31 callbacks suppressed [ 237.688264][ T30] audit: type=1400 audit(2000000095.649:5584): avc: denied { remove_name } for pid=3560 comm="syz.6.810" name="file0" dev="loop6" ino=1048660 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 237.721498][ T3564] loop5: detected capacity change from 0 to 256 [ 237.764494][ T3564] exFAT-fs (loop5): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 237.988658][ T3564] loop5: detected capacity change from 0 to 512 [ 238.076338][ T819] usb 4-1: device descriptor read/64, error -71 [ 238.169892][ T3564] EXT4-fs (loop5): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 238.182450][ T3564] ext4 filesystem being mounted at /68/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 238.289493][ T30] audit: type=1400 audit(2000000095.659:5585): avc: denied { rename } for pid=3560 comm="syz.6.810" name="file0" dev="loop6" ino=1048660 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 238.406157][ T819] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 238.558289][ T30] audit: type=1400 audit(2000000095.719:5586): avc: denied { rmdir } for pid=3560 comm="syz.6.810" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop6" ino=1048660 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 238.796019][ T819] usb 4-1: device descriptor read/64, error -71 [ 238.916125][ T20] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 239.585968][ T20] usb 6-1: Using ep0 maxpacket: 8 [ 239.660565][ T3594] loop3: detected capacity change from 0 to 40427 [ 239.673453][ T30] audit: type=1326 audit(2000000097.639:5587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3603 comm="syz.0.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ca244ad29 code=0x7ffc0000 [ 239.738925][ T30] audit: type=1326 audit(2000000097.639:5588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3603 comm="syz.0.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ca244ad29 code=0x7ffc0000 [ 239.747502][ T3594] F2FS-fs (loop3): invalid crc value [ 239.768945][ T30] audit: type=1326 audit(2000000097.669:5589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3603 comm="syz.0.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f4ca244ad29 code=0x7ffc0000 [ 239.772164][ T3590] loop2: detected capacity change from 0 to 40427 [ 239.819320][ T3594] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 239.852992][ T3590] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 239.859392][ T30] audit: type=1326 audit(2000000097.669:5590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3603 comm="syz.0.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f4ca244ad63 code=0x7ffc0000 [ 239.896115][ T3590] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 239.896245][ T20] usb 6-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 239.937546][ T3590] F2FS-fs (loop2): invalid crc value [ 239.938731][ T20] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 239.968899][ T30] audit: type=1326 audit(2000000097.669:5591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3603 comm="syz.0.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f4ca244ad63 code=0x7ffc0000 [ 239.974795][ T3594] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 240.005721][ T20] usb 6-1: Product: syz [ 240.010174][ T20] usb 6-1: Manufacturer: syz [ 240.014638][ T20] usb 6-1: SerialNumber: syz [ 240.022520][ T30] audit: type=1326 audit(2000000097.669:5592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3603 comm="syz.0.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ca244ad29 code=0x7ffc0000 [ 240.046509][ T20] usb 6-1: config 0 descriptor?? [ 240.047560][ T3590] F2FS-fs (loop2): Found nat_bits in checkpoint [ 240.058896][ T30] audit: type=1326 audit(2000000097.669:5593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3603 comm="syz.0.824" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ca244ad29 code=0x7ffc0000 [ 240.135962][ T3626] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 240.147986][ T3626] overlayfs: conflicting options: userxattr,redirect_dir=follow [ 240.152030][ T3590] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 240.163794][ T3590] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 240.293401][ T3590] attempt to access beyond end of device [ 240.293401][ T3590] loop2: rw=2049, want=45104, limit=40427 [ 240.328872][ T3590] attempt to access beyond end of device [ 240.328872][ T3590] loop2: rw=2049, want=40968, limit=40427 [ 240.409176][ T45] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 240.440830][ T45] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 240.562654][ T3641] loop3: detected capacity change from 0 to 256 [ 240.646279][ T3641] FAT-fs (loop3): Directory bread(block 64) failed [ 240.654270][ T3641] FAT-fs (loop3): Directory bread(block 65) failed [ 240.662383][ T3641] FAT-fs (loop3): Directory bread(block 66) failed [ 240.669722][ T3641] FAT-fs (loop3): Directory bread(block 67) failed [ 240.677651][ T3649] loop6: detected capacity change from 0 to 16 [ 240.684366][ T3641] FAT-fs (loop3): Directory bread(block 68) failed [ 240.691195][ T3641] FAT-fs (loop3): Directory bread(block 69) failed [ 240.698401][ T3641] FAT-fs (loop3): Directory bread(block 70) failed [ 240.704907][ T3641] FAT-fs (loop3): Directory bread(block 71) failed [ 240.726578][ T3649] erofs: (device loop6): mounted with root inode @ nid 36. [ 240.734898][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 87 @ nid 36 [ 240.743791][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 86 @ nid 36 [ 240.752756][ T3649] erofs: (device loop6): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 240.761923][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 83 @ nid 36 [ 240.770754][ T3649] erofs: (device loop6): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 240.779858][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 82 @ nid 36 [ 240.788735][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 81 @ nid 36 [ 240.797596][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 80 @ nid 36 [ 240.806449][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 79 @ nid 36 [ 240.815253][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 78 @ nid 36 [ 240.824123][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 77 @ nid 36 [ 240.833067][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 76 @ nid 36 [ 240.841956][ T3649] erofs: (device loop6): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 240.851067][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 75 @ nid 36 [ 240.859923][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 74 @ nid 36 [ 240.868834][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 73 @ nid 36 [ 240.877749][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 72 @ nid 36 [ 240.886579][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 71 @ nid 36 [ 240.895406][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 70 @ nid 36 [ 240.904405][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 61 @ nid 36 [ 240.913288][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 60 @ nid 36 [ 240.922145][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 59 @ nid 36 [ 240.931094][ T3649] erofs: (device loop6): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 240.940237][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 58 @ nid 36 [ 240.949093][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 57 @ nid 36 [ 240.957934][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 56 @ nid 36 [ 240.966798][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 55 @ nid 36 [ 240.975621][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 54 @ nid 36 [ 240.984527][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 53 @ nid 36 [ 240.993409][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 52 @ nid 36 [ 241.002213][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 51 @ nid 36 [ 241.011060][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 50 @ nid 36 [ 241.019906][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 49 @ nid 36 [ 241.028826][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 48 @ nid 36 [ 241.037707][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 47 @ nid 36 [ 241.046611][ T3649] erofs: (device loop6): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 241.055647][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 46 @ nid 36 [ 241.064532][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 45 @ nid 36 [ 241.073380][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 44 @ nid 36 [ 241.082226][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 43 @ nid 36 [ 241.091107][ T3649] erofs: (device loop6): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 241.100196][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 42 @ nid 36 [ 241.109242][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 41 @ nid 36 [ 241.118775][ T3649] erofs: (device loop6): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 241.127994][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 40 @ nid 36 [ 241.136909][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 39 @ nid 36 [ 241.145704][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 38 @ nid 36 [ 241.154710][ T3649] erofs: (device loop6): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 241.163863][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 31 @ nid 36 [ 241.172782][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 27 @ nid 36 [ 241.181691][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 26 @ nid 36 [ 241.190538][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 25 @ nid 36 [ 241.199432][ T3649] erofs: (device loop6): z_erofs_readahead: readahead error at page 24 @ nid 36 [ 241.208609][ T3649] attempt to access beyond end of device [ 241.208609][ T3649] loop6: rw=524288, want=848, limit=16 [ 241.219509][ T3649] attempt to access beyond end of device [ 241.219509][ T3649] loop6: rw=524288, want=13478624104, limit=16 [ 241.231183][ T3649] attempt to access beyond end of device [ 241.231183][ T3649] loop6: rw=524288, want=13478624080, limit=16 [ 241.242756][ T3649] attempt to access beyond end of device [ 241.242756][ T3649] loop6: rw=524288, want=96, limit=16 [ 241.253625][ T3649] attempt to access beyond end of device [ 241.253625][ T3649] loop6: rw=524288, want=32, limit=16 [ 241.264370][ T3649] attempt to access beyond end of device [ 241.264370][ T3649] loop6: rw=524288, want=14425508776, limit=16 [ 241.284922][ T3641] FAT-fs (loop3): Directory bread(block 72) failed [ 241.296165][ T3641] FAT-fs (loop3): Directory bread(block 73) failed [ 241.648585][ T3661] loop6: detected capacity change from 0 to 8192 [ 241.751666][ T60] usb 6-1: USB disconnect, device number 2 [ 241.786523][ T3661] loop6: p1 p2 p3 [ 241.790595][ T3661] loop6: p1 size 67108864 extends beyond EOD, truncated [ 241.807310][ T3661] loop6: p2 start 98631679 is beyond EOD, truncated [ 241.824072][ T3661] loop6: p3 size 423702036 extends beyond EOD, truncated [ 241.908518][ T349] udevd[349]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory [ 241.926036][ T370] udevd[370]: inotify_add_watch(7, /dev/loop6p3, 10) failed: No such file or directory [ 242.216029][ T715] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 242.485979][ T715] usb 3-1: Using ep0 maxpacket: 16 [ 242.555976][ T2246] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 242.563333][ T60] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 242.595965][ T26] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 242.615989][ T715] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 242.625951][ T715] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 242.744476][ T3713] loop3: detected capacity change from 0 to 512 [ 242.806044][ T715] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 242.814961][ T2246] usb 6-1: Using ep0 maxpacket: 16 [ 242.820872][ T60] usb 1-1: Using ep0 maxpacket: 16 [ 242.828363][ T715] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 242.836244][ T26] usb 7-1: Using ep0 maxpacket: 16 [ 242.837246][ T3713] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpjquota=,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 242.841142][ T715] usb 3-1: Product: syz [ 242.855350][ T3713] ext4 filesystem being mounted at /178/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 242.859611][ T715] usb 3-1: Manufacturer: syz [ 242.878932][ T715] usb 3-1: SerialNumber: syz [ 242.941207][ T3720] netlink: 4 bytes leftover after parsing attributes in process `syz.3.869'. [ 242.957657][ T26] usb 7-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping [ 242.958476][ T3722] netlink: 'syz.3.870': attribute type 32 has an invalid length. [ 242.968151][ T2246] usb 6-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping [ 242.986132][ T60] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping [ 243.156183][ T60] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 243.165137][ T26] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 243.173915][ T2246] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 243.182794][ T26] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.190559][ T60] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.198564][ T715] usb 3-1: 0:2 : does not exist [ 243.203796][ T2246] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.213917][ T715] usb 3-1: USB disconnect, device number 17 [ 243.226053][ T26] usb 7-1: Product: syz [ 243.230035][ T26] usb 7-1: Manufacturer: syz [ 243.234453][ T26] usb 7-1: SerialNumber: syz [ 243.238926][ T60] usb 1-1: Product: syz [ 243.242871][ T60] usb 1-1: Manufacturer: syz [ 243.247517][ T2246] usb 6-1: Product: syz [ 243.251479][ T2246] usb 6-1: Manufacturer: syz [ 243.257176][ T60] usb 1-1: SerialNumber: syz [ 243.263549][ T60] usb 1-1: config 0 descriptor?? [ 243.268353][ T2246] usb 6-1: SerialNumber: syz [ 243.272975][ T26] usb 7-1: config 0 descriptor?? [ 243.278069][ T2246] usb 6-1: config 0 descriptor?? [ 243.296084][ T819] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 243.545935][ T819] usb 4-1: Using ep0 maxpacket: 16 [ 243.651244][ T3732] loop2: detected capacity change from 0 to 256 [ 243.666300][ T819] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 243.676573][ T3732] exfat: Deprecated parameter 'namecase' [ 243.677090][ T819] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 243.677122][ T819] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 243.700951][ T819] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.711507][ T3732] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xc2dc8e67, utbl_chksum : 0xe619d30d) [ 243.716434][ T819] usb 4-1: config 0 descriptor?? [ 244.086062][ T819] usbhid 4-1:0.0: can't add hid device: -71 [ 244.092062][ T819] usbhid: probe of 4-1:0.0 failed with error -71 [ 244.105530][ T819] usb 4-1: USB disconnect, device number 16 [ 244.602428][ T20] usb 1-1: USB disconnect, device number 12 [ 244.612987][ T3746] loop2: detected capacity change from 0 to 2048 [ 244.628187][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 244.628200][ T30] audit: type=1400 audit(2000000102.599:5600): avc: denied { map } for pid=3750 comm="syz.0.878" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 244.632740][ T384] usb 7-1: USB disconnect, device number 5 [ 244.677759][ T368] usb 6-1: USB disconnect, device number 3 [ 244.686939][ T3746] loop2: p4 < > [ 244.750103][ T30] audit: type=1400 audit(2000000102.719:5601): avc: denied { write } for pid=3745 comm="syz.2.876" name="loop2p4" dev="devtmpfs" ino=1160 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 244.778172][ T3744] loop3: detected capacity change from 0 to 40427 [ 244.784539][ T30] audit: type=1400 audit(2000000102.719:5602): avc: denied { open } for pid=3745 comm="syz.2.876" path="/dev/loop2p4" dev="devtmpfs" ino=1160 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 244.844210][ T3758] loop5: detected capacity change from 0 to 40427 [ 244.868954][ T349] udevd[349]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 244.878549][ T3744] F2FS-fs (loop3): fault_injection options not supported [ 244.886383][ T3758] F2FS-fs (loop5): fault_injection options not supported [ 244.896934][ T3744] F2FS-fs (loop3): invalid crc value [ 244.903095][ T3758] F2FS-fs (loop5): invalid crc value [ 244.903505][ T349] udevd[349]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 244.918862][ T3744] F2FS-fs (loop3): Found nat_bits in checkpoint [ 244.938503][ T3758] F2FS-fs (loop5): Found nat_bits in checkpoint [ 244.988216][ T3744] F2FS-fs (loop3): Start checkpoint disabled! [ 244.995093][ T3744] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 245.014239][ T3758] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 245.024120][ T3744] attempt to access beyond end of device [ 245.024120][ T3744] loop3: rw=524288, want=45072, limit=40427 [ 245.035954][ T384] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 245.040307][ T3744] attempt to access beyond end of device [ 245.040307][ T3744] loop3: rw=0, want=45072, limit=40427 [ 245.505992][ T384] usb 7-1: Using ep0 maxpacket: 32 [ 246.425968][ T384] usb 7-1: config 0 has an invalid interface number: 184 but max is 0 [ 246.433962][ T384] usb 7-1: config 0 has no interface number 0 [ 246.452783][ T384] usb 7-1: config 0 interface 184 has no altsetting 0 [ 246.599395][ T30] audit: type=1400 audit(2000000104.569:5603): avc: denied { connect } for pid=3816 comm="syz.0.902" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 246.602192][ T3822] netlink: 64 bytes leftover after parsing attributes in process `syz.5.904'. [ 246.627553][ T30] audit: type=1400 audit(2000000104.569:5604): avc: denied { write } for pid=3816 comm="syz.0.902" path="socket:[29484]" dev="sockfs" ino=29484 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 246.652303][ T384] usb 7-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 246.652735][ T30] audit: type=1400 audit(2000000104.629:5605): avc: denied { shutdown } for pid=3816 comm="syz.0.902" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 246.677590][ T384] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.716459][ T384] usb 7-1: Product: syz [ 246.726976][ T384] usb 7-1: Manufacturer: syz [ 246.731446][ T384] usb 7-1: SerialNumber: syz [ 246.748325][ T3833] loop5: detected capacity change from 0 to 16 [ 246.758506][ T384] usb 7-1: config 0 descriptor?? [ 246.796569][ T3833] erofs: (device loop5): mounted with root inode @ nid 36. [ 246.806457][ T384] smsc75xx v1.0.0 [ 247.036366][ T819] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 247.275970][ T819] usb 1-1: Using ep0 maxpacket: 16 [ 247.406257][ T819] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping [ 247.454300][ T3841] loop5: detected capacity change from 0 to 40427 [ 247.615869][ T3841] F2FS-fs (loop5): invalid crc value [ 247.629128][ T3841] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 248.327561][ T3841] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 248.447691][ T819] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 248.456634][ T819] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.464411][ T819] usb 1-1: Product: syz [ 248.505978][ T384] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71 [ 248.507438][ T819] usb 1-1: Manufacturer: syz [ 248.525217][ T819] usb 1-1: SerialNumber: syz [ 248.539354][ T384] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 248.544933][ T819] usb 1-1: config 0 descriptor?? [ 248.586563][ T384] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 248.597900][ T384] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 248.607893][ T384] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 248.618974][ T384] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 248.629621][ T384] smsc75xx: probe of 7-1:0.184 failed with error -71 [ 248.638118][ T384] usb 7-1: USB disconnect, device number 6 [ 248.653041][ T30] audit: type=1400 audit(2000000106.619:5606): avc: denied { sys_module } for pid=3874 comm="syz.3.923" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 248.759913][ T30] audit: type=1400 audit(2000000106.729:5607): avc: denied { create } for pid=3885 comm="syz.3.928" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 248.782407][ T30] audit: type=1400 audit(2000000106.729:5608): avc: denied { write } for pid=3885 comm="syz.3.928" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 248.803055][ T30] audit: type=1400 audit(2000000106.729:5609): avc: denied { read } for pid=3885 comm="syz.3.928" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 248.985997][ T384] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 249.230722][ T384] usb 7-1: Using ep0 maxpacket: 16 [ 249.346615][ T384] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 238, changing to 11 [ 249.374233][ T384] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 249.387536][ T384] usb 7-1: New USB device found, idVendor=046d, idProduct=c71c, bcdDevice= 0.00 [ 249.396798][ T384] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.407319][ T384] usb 7-1: config 0 descriptor?? [ 249.481704][ T3895] loop2: detected capacity change from 0 to 128 [ 249.557769][ T3895] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 249.568345][ T3895] ext4 filesystem being mounted at /150/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 249.606119][ T3902] netlink: 104 bytes leftover after parsing attributes in process `syz.5.934'. [ 249.936335][ T30] kauditd_printk_skb: 24 callbacks suppressed [ 249.936353][ T30] audit: type=1400 audit(2000000107.839:5634): avc: denied { mount } for pid=3912 comm="syz.3.938" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 249.956547][ T3909] loop2: detected capacity change from 0 to 40427 [ 249.985562][ T715] usb 1-1: USB disconnect, device number 13 [ 249.985976][ T384] usbhid 7-1:0.0: can't add hid device: -71 [ 249.993341][ T30] audit: type=1326 audit(2000000107.839:5635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3912 comm="syz.3.938" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efe1263cd29 code=0x0 [ 250.009508][ T384] usbhid: probe of 7-1:0.0 failed with error -71 [ 250.034126][ T384] usb 7-1: USB disconnect, device number 7 [ 250.045378][ T30] audit: type=1400 audit(2000000108.009:5636): avc: denied { unmount } for pid=295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 250.046857][ T3909] F2FS-fs (loop2): fault_injection options not supported [ 250.078324][ T3909] F2FS-fs (loop2): invalid crc value [ 250.084617][ T3909] F2FS-fs (loop2): Found nat_bits in checkpoint [ 250.120561][ T3909] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 250.145041][ T294] handle_bad_sector: 1 callbacks suppressed [ 250.145057][ T294] attempt to access beyond end of device [ 250.145057][ T294] loop2: rw=2049, want=45104, limit=40427 [ 250.349098][ T3932] loop2: detected capacity change from 0 to 256 [ 250.369013][ T3932] exfat: Unknown parameter 'keep_last_dots' [ 250.401992][ T30] audit: type=1400 audit(2000000108.369:5637): avc: denied { create } for pid=3933 comm="syz.3.945" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 250.459121][ T3944] netlink: 52 bytes leftover after parsing attributes in process `syz.3.947'. [ 250.476425][ T3942] loop6: detected capacity change from 0 to 8192 [ 250.517064][ T715] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 250.535508][ T3952] loop3: detected capacity change from 0 to 128 [ 251.837318][ T3971] loop2: detected capacity change from 0 to 16 [ 251.885946][ T715] usb 1-1: Using ep0 maxpacket: 32 [ 251.901977][ T3971] erofs: (device loop2): mounted with root inode @ nid 36. [ 252.592656][ T30] audit: type=1400 audit(2000000109.969:5638): avc: denied { listen } for pid=3966 comm="syz.5.956" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 252.629319][ T3971] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 252.724267][ T3971] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -47 in[61, 4035] out[1851] [ 252.743628][ T3971] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117] [ 252.757124][ T3976] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 252.766729][ T3976] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -47 in[61, 4035] out[1851] [ 252.785637][ T3976] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117] [ 252.794255][ T715] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 253.047049][ T715] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 253.083596][ T715] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.093649][ T715] usb 1-1: Product: syz [ 253.115936][ T819] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 253.137384][ T715] usb 1-1: Manufacturer: syz [ 253.139624][ T4000] ================================================================== [ 253.149782][ T4000] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0xb9d/0x3430 [ 253.157764][ T4000] Read of size 8 at addr ffff888115631cc0 by task syz.0.967/4000 [ 253.165313][ T4000] [ 253.167488][ T4000] CPU: 0 PID: 4000 Comm: syz.0.967 Tainted: G W 5.15.175-syzkaller-00803-g19092c8155b4 #0 [ 253.178511][ T4000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 253.181012][ T715] usb 1-1: config 0 descriptor?? [ 253.188407][ T4000] Call Trace: [ 253.188418][ T4000] [ 253.188427][ T4000] dump_stack_lvl+0x151/0x1c0 [ 253.188452][ T4000] ? io_uring_drop_tctx_refs+0x190/0x190 [ 253.196646][ T715] usb 1-1: can't set config #0, error -71 [ 253.199080][ T4000] ? panic+0x760/0x760 [ 253.210125][ T715] usb 1-1: USB disconnect, device number 14 [ 253.214705][ T4000] print_address_description+0x87/0x3b0 [ 253.229724][ T4000] kasan_report+0x179/0x1c0 [ 253.234054][ T4000] ? tc_setup_flow_action+0xb9d/0x3430 [ 253.239347][ T4000] ? tc_setup_flow_action+0xb9d/0x3430 [ 253.244646][ T4000] __asan_report_load8_noabort+0x14/0x20 [ 253.250112][ T4000] tc_setup_flow_action+0xb9d/0x3430 [ 253.255243][ T4000] mall_replace_hw_filter+0x394/0xc20 [ 253.260440][ T4000] ? mall_set_parms+0x4b0/0x4b0 [ 253.265130][ T4000] ? tcf_exts_destroy+0xb0/0xb0 [ 253.269811][ T4000] ? pcpu_memcg_post_alloc_hook+0x1b1/0x260 [ 253.275544][ T4000] ? pcpu_alloc+0xda0/0x13e0 [ 253.279985][ T4000] ? mall_set_parms+0x1c3/0x4b0 [ 253.284661][ T4000] mall_change+0x56e/0x780 [ 253.288908][ T4000] ? mall_get+0xb0/0xb0 [ 253.292900][ T4000] ? tcf_chain_tp_insert_unique+0xa90/0xbb0 [ 253.298628][ T4000] ? nla_strcmp+0xed/0x120 [ 253.302879][ T4000] ? mall_get+0xb0/0xb0 [ 253.306871][ T4000] tc_new_tfilter+0x151a/0x1c00 [ 253.311571][ T4000] ? tcf_gate_entry_destructor+0x20/0x20 [ 253.317028][ T4000] ? security_capable+0x87/0xb0 [ 253.321713][ T4000] ? ns_capable+0x89/0xe0 [ 253.325887][ T4000] ? netlink_net_capable+0x125/0x160 [ 253.331000][ T4000] ? tcf_gate_entry_destructor+0x20/0x20 [ 253.336469][ T4000] rtnetlink_rcv_msg+0x776/0xc40 [ 253.341251][ T4000] ? rtnetlink_bind+0x80/0x80 [ 253.345754][ T4000] ? stack_trace_save+0x1c0/0x1c0 [ 253.350618][ T4000] ? __kernel_text_address+0x9b/0x110 [ 253.355826][ T4000] ? unwind_get_return_address+0x4d/0x90 [ 253.361291][ T4000] ? avc_has_perm_noaudit+0x348/0x430 [ 253.366496][ T4000] ? memcpy+0x56/0x70 [ 253.370317][ T4000] ? avc_has_perm_noaudit+0x2dd/0x430 [ 253.375524][ T4000] ? avc_denied+0x1b0/0x1b0 [ 253.379864][ T4000] ? avc_has_perm+0x16f/0x260 [ 253.384375][ T4000] ? ____kasan_kmalloc+0xed/0x110 [ 253.389237][ T4000] ? avc_has_perm_noaudit+0x430/0x430 [ 253.394444][ T4000] ? x64_sys_call+0x16a/0x9a0 [ 253.398961][ T4000] netlink_rcv_skb+0x1cf/0x410 [ 253.403557][ T4000] ? rtnetlink_bind+0x80/0x80 [ 253.408072][ T4000] ? netlink_ack+0xb10/0xb10 [ 253.412504][ T4000] ? __netlink_lookup+0x37b/0x3a0 [ 253.417365][ T4000] rtnetlink_rcv+0x1c/0x20 [ 253.421610][ T4000] netlink_unicast+0x8df/0xac0 [ 253.426211][ T4000] ? netlink_detachskb+0x90/0x90 [ 253.430983][ T4000] ? security_netlink_send+0x7b/0xa0 [ 253.436104][ T4000] netlink_sendmsg+0xa0a/0xd20 [ 253.440705][ T4000] ? netlink_getsockopt+0x560/0x560 [ 253.445737][ T4000] ? security_socket_sendmsg+0x82/0xb0 [ 253.451034][ T4000] ? netlink_getsockopt+0x560/0x560 [ 253.456065][ T4000] ____sys_sendmsg+0x59e/0x8f0 [ 253.460667][ T4000] ? __sys_sendmsg_sock+0x40/0x40 [ 253.465532][ T4000] ? import_iovec+0xe5/0x120 [ 253.469957][ T4000] ___sys_sendmsg+0x252/0x2e0 [ 253.474467][ T4000] ? __sys_sendmsg+0x260/0x260 [ 253.479068][ T4000] ? check_stack_object+0xf4/0x130 [ 253.484016][ T4000] ? __fdget+0x1bc/0x240 [ 253.488091][ T4000] __se_sys_sendmsg+0x19a/0x260 [ 253.492779][ T4000] ? __x64_sys_sendmsg+0x90/0x90 [ 253.497553][ T4000] ? __kasan_check_write+0x14/0x20 [ 253.502498][ T4000] ? switch_fpu_return+0x15f/0x2e0 [ 253.507446][ T4000] __x64_sys_sendmsg+0x7b/0x90 [ 253.512045][ T4000] x64_sys_call+0x16a/0x9a0 [ 253.516387][ T4000] do_syscall_64+0x3b/0xb0 [ 253.520642][ T4000] ? clear_bhb_loop+0x35/0x90 [ 253.525151][ T4000] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 253.530880][ T4000] RIP: 0033:0x7f4ca244ad29 [ 253.535133][ T4000] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 253.554578][ T4000] RSP: 002b:00007f4ca0abc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 253.562822][ T4000] RAX: ffffffffffffffda RBX: 00007f4ca263afa0 RCX: 00007f4ca244ad29 [ 253.570633][ T4000] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000003 [ 253.578441][ T4000] RBP: 00007f4ca24c6b08 R08: 0000000000000000 R09: 0000000000000000 [ 253.586250][ T4000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 253.594069][ T4000] R13: 0000000000000000 R14: 00007f4ca263afa0 R15: 00007ffd2d3c7c88 [ 253.601880][ T4000] [ 253.604744][ T4000] [ 253.606910][ T4000] Allocated by task 4000: [ 253.611075][ T4000] ____kasan_kmalloc+0xdb/0x110 [ 253.615763][ T4000] __kasan_kmalloc+0x9/0x10 [ 253.620099][ T4000] __kmalloc+0x13f/0x2c0 [ 253.624180][ T4000] tcf_idr_create+0x5f/0x780 [ 253.628605][ T4000] tcf_idr_create_from_flags+0x5f/0x70 [ 253.633904][ T4000] tcf_gact_init+0x3cd/0x6e0 [ 253.638330][ T4000] tcf_action_init_1+0x50f/0x7f0 [ 253.643100][ T4000] tcf_action_init+0x306/0x840 [ 253.647703][ T4000] tcf_exts_validate+0x236/0x520 [ 253.652472][ T4000] mall_set_parms+0x44/0x4b0 [ 253.656899][ T4000] mall_change+0x495/0x780 [ 253.661153][ T4000] tc_new_tfilter+0x151a/0x1c00 [ 253.665853][ T4000] rtnetlink_rcv_msg+0x776/0xc40 [ 253.670614][ T4000] netlink_rcv_skb+0x1cf/0x410 [ 253.675212][ T4000] rtnetlink_rcv+0x1c/0x20 [ 253.679465][ T4000] netlink_unicast+0x8df/0xac0 [ 253.684066][ T4000] netlink_sendmsg+0xa0a/0xd20 [ 253.688666][ T4000] ____sys_sendmsg+0x59e/0x8f0 [ 253.693265][ T4000] ___sys_sendmsg+0x252/0x2e0 [ 253.697778][ T4000] __se_sys_sendmsg+0x19a/0x260 [ 253.702469][ T4000] __x64_sys_sendmsg+0x7b/0x90 [ 253.707065][ T4000] x64_sys_call+0x16a/0x9a0 [ 253.711406][ T4000] do_syscall_64+0x3b/0xb0 [ 253.715657][ T4000] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 253.721385][ T4000] [ 253.723556][ T4000] The buggy address belongs to the object at ffff888115631c00 [ 253.723556][ T4000] which belongs to the cache kmalloc-192 of size 192 [ 253.737442][ T4000] The buggy address is located 0 bytes to the right of [ 253.737442][ T4000] 192-byte region [ffff888115631c00, ffff888115631cc0) [ 253.750896][ T4000] The buggy address belongs to the page: [ 253.756380][ T4000] page:ffffea0004558c40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115631 [ 253.766431][ T4000] flags: 0x4000000000000200(slab|zone=1) [ 253.771903][ T4000] raw: 4000000000000200 ffffea000452b7c0 0000000400000004 ffff888100042c00 [ 253.780324][ T4000] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 253.788736][ T4000] page dumped because: kasan: bad access detected [ 253.794995][ T4000] page_owner tracks the page as allocated [ 253.800540][ T4000] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 3402, ts 227825106910, free_ts 227696291870 [ 253.816611][ T4000] post_alloc_hook+0x1a3/0x1b0 [ 253.821214][ T4000] prep_new_page+0x1b/0x110 [ 253.825551][ T4000] get_page_from_freelist+0x3550/0x35d0 [ 253.830933][ T4000] __alloc_pages+0x27e/0x8f0 [ 253.835357][ T4000] new_slab+0x9a/0x4e0 [ 253.839260][ T4000] ___slab_alloc+0x39e/0x830 [ 253.843687][ T4000] __slab_alloc+0x4a/0x90 [ 253.847853][ T4000] kmem_cache_alloc_trace+0x147/0x270 [ 253.853061][ T4000] alloc_pipe_info+0xe7/0x4b0 [ 253.857574][ T4000] fifo_open+0x111/0xa90 [ 253.861654][ T4000] do_dentry_open+0x81c/0xfd0 [ 253.866164][ T4000] vfs_open+0x73/0x80 [ 253.869985][ T4000] path_openat+0x26f0/0x2f40 [ 253.874410][ T4000] do_filp_open+0x21c/0x460 [ 253.878751][ T4000] do_sys_openat2+0x13f/0x820 [ 253.883264][ T4000] __x64_sys_openat+0x243/0x290 [ 253.887950][ T4000] page last free stack trace: [ 253.892465][ T4000] free_unref_page_prepare+0x7c8/0x7d0 [ 253.897758][ T4000] free_unref_page+0xe8/0x750 [ 253.902272][ T4000] __put_page+0xb0/0xe0 [ 253.906263][ T4000] skb_release_data+0x405/0xa80 [ 253.910950][ T4000] consume_skb+0xac/0x250 [ 253.915118][ T4000] validate_xmit_skb+0x331/0xc10 [ 253.919889][ T4000] __dev_queue_xmit+0x1267/0x2e80 [ 253.924750][ T4000] dev_queue_xmit+0x17/0x20 [ 253.929090][ T4000] packet_sendmsg+0x47a9/0x6350 [ 253.933777][ T4000] __sys_sendto+0x564/0x720 [ 253.938116][ T4000] __x64_sys_sendto+0xe5/0x100 [ 253.942719][ T4000] x64_sys_call+0x15c/0x9a0 [ 253.947062][ T4000] do_syscall_64+0x3b/0xb0 [ 253.951313][ T4000] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 253.957043][ T4000] [ 253.959207][ T4000] Memory state around the buggy address: [ 253.964678][ T4000] ffff888115631b80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 253.971796][ T4004] binder: BINDER_SET_CONTEXT_MGR already set [ 253.972581][ T4000] ffff888115631c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 253.978487][ T4004] binder: 4003:4004 ioctl 4018620d 20000040 returned -16 [ 253.986295][ T4000] >ffff888115631c80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 253.986306][ T4000] ^ [ 253.986316][ T4000] ffff888115631d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 253.986328][ T4000] ffff888115631d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 254.022829][ T4000] ================================================================== [ 254.030727][ T4000] Disabling lock debugging due to kernel taint [ 254.225993][ T819] usb 6-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 254.234855][ T819] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 254.242817][ T819] usb 6-1: Product: syz [ 254.246803][ T819] usb 6-1: Manufacturer: syz [ 254.251207][ T819] usb 6-1: SerialNumber: syz [ 254.256473][ T819] usb 6-1: config 0 descriptor?? [ 254.305940][ T715] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 254.726253][ T715] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 254.736942][ T715] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 254.746495][ T715] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 254.755440][ T715] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.764057][ T715] usb 3-1: config 0 descriptor?? [ 255.560335][ T384] usb 6-1: USB disconnect, device number 4 [ 255.755988][ T715] uclogic 0003:256C:006D.000B: failed retrieving Huion firmware version: -71 [ 255.764601][ T715] uclogic 0003:256C:006D.000B: failed probing parameters: -71 [ 255.771903][ T715] uclogic: probe of 0003:256C:006D.000B failed with error -71 [ 255.780182][ T715] usb 3-1: USB disconnect, device number 18