last executing test programs: 2.777674681s ago: executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000400)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x28, 0x0, 0x0, 0x7ffff024}, {0x6}]}, 0x10) r2 = dup(r0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000dc0)=@newtfilter={0x34, 0x2c, 0x0, 0x0, 0x0, {}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}}, 0x0) 2.752011875s ago: executing program 3: r0 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'batadv_slave_1\x00', &(0x7f0000000300)=@ethtool_rxnfc={0x30, 0x0, 0x0, {0x0, @ah_ip4_spec={@broadcast, @local}, {0x0, @random='\x00\x00\x00\x00\b\x00'}, @tcp_ip4_spec={@local, @private}, {0x0, @random='z*msrI'}}}}) 2.425408845s ago: executing program 3: r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x12, 0x9, 0x8, 0x2}, 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r0, &(0x7f0000000000), 0x0}, 0x20) 2.385906092s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x5412, &(0x7f0000000080)=0x13) ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x5412, &(0x7f00000006c0)=0x1a) 2.342193039s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x5412, &(0x7f0000000080)=0x13) ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x5412, &(0x7f00000006c0)=0x1a) 2.32895095s ago: executing program 3: r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 1.995968662s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x3, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x20, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 1.984163813s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000780)='sched_switch\x00', r1}, 0x10) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = eventfd(0x0) r5 = eventfd(0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000100)={r6, 0x0, 0x2, r5}) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000040)={r6, 0x0, 0x2, r4}) 1.917735854s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x5412, &(0x7f0000000080)=0x13) ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x5412, &(0x7f00000006c0)=0x1a) 1.892672987s ago: executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000400)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x28, 0x0, 0x0, 0x7ffff024}, {0x6}]}, 0x10) r2 = dup(r0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000dc0)=@newtfilter={0x34, 0x2c, 0x0, 0x0, 0x0, {}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}}, 0x0) 1.866317482s ago: executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$LINK_DETACH(0x22, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r1}, 0x10) close(r2) 1.816294589s ago: executing program 2: r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 1.135530625s ago: executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @empty}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f5, &(0x7f00000001c0)={'syztnl0\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x10, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @broadcast}}}}) 1.076765934s ago: executing program 4: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000a40)) init_module(&(0x7f0000000040)=':]\x18b\x83\a)REk)z\x0e\xcc\fw\x8a\xa5\x0e\xaa\xfc\x00\x00\x101\x03\x02[\xfb\x00{\xe0\x19\xc3\x14', 0xffcd4, &(0x7f0000000080)='[[-\'^%{\x00') ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) r2 = socket(0x1e, 0x1, 0x0) connect$tipc(r2, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1}}}, 0x10) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xdff, 0x7}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000) 1.006589835s ago: executing program 4: socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000080)=0x400000001, 0x4) setsockopt$inet6_tcp_int(r1, 0x6, 0x22, &(0x7f0000356000)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000340)={0xa, 0x0, 0x0, @empty}, 0x1c) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x2, 0xd, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x2, 0x0, 0x0, 0x0, {0x6}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}]}, 0xa0}}, 0x0) sendto$inet6(r0, 0x0, 0x4, 0x0, 0x0, 0x0) 994.682337ms ago: executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r0}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000ebffffffff41050000000000008500000023000000a50000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000080ffff0000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r1}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="300000001c0007"], 0x30}}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0xfffffffffffffde9, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r3}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) futex(&(0x7f000000cffc)=0x100000000000004, 0x0, 0x4, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) mlockall(0x3) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b402000000000000790f000000000000630000c2000000009500050000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000080), 0x10}, 0x23) 937.812705ms ago: executing program 0: mkdir(&(0x7f0000000580)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000400)='./file1/file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x2, 0xc, 0x1008}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18040000000000000000000000400000850000000800000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) setxattr$security_selinux(&(0x7f00000003c0)='./file1/file0\x00', &(0x7f00000004c0), &(0x7f0000000500)='system_u:object_r:systemd_notify_exec_t:s0\x00', 0x2b, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000005c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1/file0'}}]}) 823.994913ms ago: executing program 0: read$FUSE(0xffffffffffffffff, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001180)='memory.events.local\x00', 0x275a, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f000001fb00)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x21404e, &(0x7f00000009c0), 0x1, 0x517, &(0x7f0000000140)="$eJzs3U9vI2cZAPBnJvGS7aYkpRxKpZaKFu1WsPamgTbi0BYJcasEKvclSrwhihNHsdNuQoVS8QGQEIJKnDhxQeIDIKHyDapKK8EdAQIh2MIBIWDQ2OPdxBpvEjW2I/v3k8bzzuuZeZ53HI/nX2YCmFrPRcTrETETES9GxEJRnxZdHHW7fLyP7r+zlnfxQRJv/i2JpKiLTumha8Vkc91eqdbB4dZqo1HfK4Zr7e3dWuvg8Obm9upGfaO+s7y89PLKKysxd2vQLL5znnbm7Xr1a3/68Q9+/vVXf/3Ft39/+y83vpdnPV+8323Ho6UnhmbOFLe7ZCr5ssjd+3dRv3ee5C+xpFi2lXEnAgDAmTwZEZ+KiM91tv8XYiZme2/ZpAMAAIAJkb02H/9JIjIAAABgYr3WuQY2SavF9a3zkabVavca3k/HY2mj2Wp/4U5zf2e9e63sYlTSO5uN+q3ius/FqCT58FKn/HD4pb7h5Yh4IiJ+tHC1M1xdazbWx33wAwAAAKbEtb79/38udPf/AQAAgAmzOO4EAAAAgKEbtP+fjDgPAAAAYHic/wcAAICJ9o033si7rPf86/W3Dva3mm/dXK+3tqrb+2vVtebebnWj2dzo3LNv+7T5NZrN3S/Fzv7dWrveatdaB4e3t5v7O+3bm71HYAMAAACj9sRn3/9dEhFHX7na6XJX8peZARO4VgAmRnqekf84vDyA0Rv0Mw9MvtlxJwCMz1Gxvw9MrRO3+ijZKDh+8c6JYwYfDC8nAADgYl3/TPn5/3wXoDLu5IChOtf5f2CiOP8P06vs/P9vBo/+4TBzAUarYgsApt5pj/oYePOOM5//z7JT5wUAAAzVfL7tfxRRLc4FzkeaVqsRj3f+1b+S3Nls1G9FxCcj4rcLlU/kw0udKROPBwQAAAAAAAAAAAAAAAAAAAAAAACAM8qyJDIAAABgokWkf06K539dX3hhvv/4wJXkXwudfkS8/dM3f3J3td3eW8rr//6gvv1eUf/SOI5gAAAAwNSb7a/o7af39uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CJ9dP+dtV43yrh//WpELJbFn425Tn8uKhHx2D+SmD02XRIRMxcQ/+jdiHiqLH6SpxWLRRb98dOIuDqa+M9kWZZGSfxrFxAfptn7+frn9bLvXxrPdfrl3//Zovu4Bq//0gfrv5kB67/Hzxjj6Xu/rA2M/27E07Pl659e/GRA/OfLZliyUL79rcPDQfGzn0VcL/39SU7EqrW3d2utg8Obm9urG/WN+s7y8tLLK6+sfHnlVu3OZqNevJbG+OEzv/pfX9V/s65O+2NA/MVT2v9CXqgcb0x/mCLYvbv3n+wWK32z6MS/8Xz55//UI+LnfxOfL34H8vev98pH3fJxz/7iw2dLEyvirw9o/2mf/41BM+3z4je//4czjgoAjEDr4HBrtdGo7w298F6WZaOKdWkK2eVI41IU5i5HGgqnFy7iyBYAAHDZPNzoP8dE3x1iQgAAAAAAAAAAAAAAAAAAADCFWgeRDrwN2JWLuZ1Yf8yj8TQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCR/h8AAP//oszk1w==") write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) syz_usb_connect(0x0, 0xb, &(0x7f0000000000)=ANY=[], 0x0) ioctl$BTRFS_IOC_ADD_DEV(r2, 0x41015500, &(0x7f00000000c0)={{}, "c4005a51cf48a456fe399e96793568de827d6e3af15928143f77a2c2bf19506fac2c94a8808e7365569e94b6012f452ddbdb4acaadf3199a4fa57eab4549a87e05bb9a155f3d08704dc753cff79d5128dc113e58ecd5a19e0bc7bef139e74acaed4f126be4cc57e22d44a734c7f2c44b2b2dc3ecfb59318827549e5b2679b3cc4f9e5df2bc30b674fb5f8e181e7dab6cc37989c9911a3d5b32ac444ebf78c76d68c313ed1bcaa4bfcdddc200878c72704b48f4cda8c86a41c703694c1e57aaf73751f45d5ed54010c14c30ea8ca2f620ab57b6ad6bdf3263aeab2de44576b10a1040c6cc84fcf2cb5037e025b227baf26e0c5bda231531365c778ef42bc49fd603b98b7b5173f2f1669834e8cd5167092f5d56e6c2623165710ec863179f143dba38551641ea77676773f3a18e97ada500fe448f172e6e714e16079d8233626d4c5c08c9117c5872c5d815ae0d481c25f2cfd2c76c6723e5ee78d5941b7d49e3d123294dd4c04c2691c5d086393047e3fd027daebf2114d1e9da89a36a49f7a411638060e87593ed8e45fb4292ff888e2eb7b776c9428623a34454eb2f11a47b43707e4b161faa8b8dc0d9cb2a0ac253ab41d0172190749ae06af564cabff5a0ba5df004c44138b49d2e17944f6588839fdedcf6ddef583df85490fa3a956e416e02943d56f734c3d3aa8b4898544e8f417c79bb5532b4ab2393c6723488c627a285686a0dac4cd6df370ab806b80f251256cfc058f8c2c2b46dca533048a18315caca12ad5915f077285ffbe1a4b5f46f2af4e45695348200e1f5a57a698acae6b4f6124fc076af5f40c3461e91b2639a84be51abe62d27cde1642731d31ae1264d20a21011bd221f8d0e4fc9835ccb61405e1ba6fcd48b9d3487909f89a0f40f91abfd3d33876b707d908bd2b076d37f5b2e2d530210e3930cf0418c3a7d8d4ac8cd16b4d2b2d4ebf6134c88813a808d82c86a20b7beb6534bb112b374d5b0a2beacb4e37872a2df879ebd568f0b20ce7d4aeb5ef6c960093b8a3d0e0332d821fdd099269364539d876caf78e60232baf7cc26589453666f17f94ac05fc2b752546a9586f9f18288e5944effa6f912709652113377ee14d949842910b0af467706b42d969908840fe55857f526694cdacb7735f2e0bdc49ca50ca57193aec63535f679e1486185bae007a7cd345bf8d7428e1a2881f6d327ee34ef0bbd67b51d25000fc59ed894c001ca327898dc4a3e7c33e20542772f31e7f125eedec11604b6569f051e643bff91d616284d2ea0f25320c22caba4d681781a13bf341dc22f882540aaab75d5bba9bbfe8aa960705d1d903a7ed8b7a14cc18b2ec9d1640ba3b6cf9c2a6cde4f7b23d1eb42fa57d2b2206c6cd6f84a5b7d682a09064e341c844edd3361f2e457a5057e1c3d97916190d9749adbadb70797f1729cc01c6146a23942e245021fe02748e2235582b36df8236c8b25fa94d1ed7e495f0df447b36f609b17526b2c8c43f1ded38f99344f2553fd911deed701d89fdf92ed6368d74f6f09ce2d26a3916f28eda4fac022f043aff14bab96f3841980533b2f935cfe7e40ad9cc77557d50a32a73aa71ae37a0cece6580887608d028b55fa7a1a1cf214098fe13c1a32ee5890e3d2c9a4d23041f89bac353aa1641df4375080b2181555e9667082a35b041645be39a47298b747eed9d127d8d342b620d0ecd2a48a86bd7dbfa04b3cfad62f5b1055b2259dc64b02d27599fff87c8303b47174e3ee66645d1eaaa05d63bad90ef4fdb97d21b478b37c313571d5776495460b57ba25dc2a5def286c8e81a3fdaa3dfb1dfb9deec86aa3629a03b9722bd95a96972a32552ba5d74f03989c73598b3ba0ef19151631ba4cf90d1bcc35c7cd2fecd6c271564df5ed232581417488454f5878f09523ce1b966162808d13a86872ad04bc777544ae4477459d197c6aaecf52e229a6cc94d151e014b589311f8e5bb7eb57605a80c11a7df2110b70735ae34a21e467f7bd8c3f81c1f9dfcf9464365566786b086637717df597c05b45249b04faa2269ca5a3fca2f1797682f24a34c9f70c27b6dd47fe9f6f006c934481524985afeec903f160c4e2c36c2bbe2081ff33733ca17ca2a2d794fd3af80d5a1adcbfa384e1ba851f4a554433e532f321b332d640513c9df326ddaa4691201f94d1b4b82b82f9bb986e00242fce6588d906cd820640a59707cecf78533496fdc49d90effde5769812ae474ef31adb849542ef23359a640eeeadecf273713a46e96c836823012fc190c8d1dd88d965fbe11074da36375c11fedc648160b55b8b8bc830b72a6f98b1396a72d96f06fab40ddd4729dc162d30e8a34c4041cc22fd62eb501fa685ae7d53376cca12e40f53edd0ae8abbb666c75a6ca8658b4ef8810931158868afb757831d14e81cdadc995fcb98e2da29300480ca03494f81b59985dbe3da8634a3c4a00626d08d6f1f997ccd63a1a103d292d29cdf15b2c4bca2f34ba406a47d9a184ed712356257ec45aa9a8ed8b8daca20f6a2edb1494a2af100000000000000006f1bfeb0edfdb1f10b66753f3fe900b95be3aafbfb5e2976de8b2c6b485243770da0cdc8f4d7384b6f39817f5661429442b20cab08cc28cf814ebf10d7ad4de140241ec169d70781524127a9454e5f1ee9fd5652818683a2f7ff0b11c8fea2ff7398e01df48c8eb62123f2630d561470003d020f4cc8923654fcf65d400ed0792af6bf1876099951e938adc275f47b9ba178b8ae3e9b295fab66c144ad8ad2fd29bced367833b76b2f0ded8dfead5dfccfc9ba2d658688abeb41f53eaf6efa82e5947f8d7a6e1010517032443507f5bd419317324000ca02e49db1cb985f8f11149496bfe54629f3f759c3100e0ab50c95446fd390a87b884930763ac810bdcdaee81b64343b955eba24d34d816bcf3eb5df1b6b44317e033a9015640942da607e3ea61727b97eab7511ff680dc5f4e54fa19e07c0023152272edc066010e661de98f73f913bc04983b325ff62134b41081dce65528af69b5206f9522b3e09f78dea218621e60f5ca9c58212526d96aace431133528b8a5354b213ef4883ef271e488bf629284c277843202bf7a41dbe2616e8338ab14f83bd6da1d1c4a4b50b6372564187a497036f2040f77c099bd0d98d3e4eebd4bf433360c518fc965e966642a22a335f3a9688336bd254dc9fe32632d4c1599c6b72fca290d9cae38548f4ad5d2a165053b7d392276d81ff26e97ebcfa210eddc832240de22bbfc6623929aa2d8bad6c41db54e2125063f9153e98b2316ae5e9d51a3a9efe5a81242f7045dbafa8db63cafad19e32b767dcd5adfd5e5459dce45c71f61a18a3e6a7de43bd61d6015fac48dcecb60795e02b30dc04cc4a408abc2dee10a97fb387a229ba5c07cebc63037c0102c846393b2bf865db38e51ce44b5cede8d530cb6496e5a34b9b0b060b8bd6f98cd53169518a1732d92af494c351f8ce753754f7d944865de345d8520a9232a1c5e516e61f23c39e09bac5d7c70a478e0b7a3208f61f090f69b9ab33da7a8ae16626c3d26f11065fd46851eff2c5968f937e90abe02555cad9e54b4bcaf3ee55aba96406cd457e27c1ad5b9cc640afff1d94d7d5f854fd50a66bf37355c548f840129ae0d81dc23202e4d7921236172d1c4920c1bf5e7bfad21740acd8f5fa278b6de2336276e271045d0ef0a9a566ae988269cb16f7eee941941d3a9f05d754cbb92a27ad9cb374872c3566a9db35920d63f0cfa69ef8dfc41f307f7c1f1ae712e3f6001e57e1de99777212ede107b692182c507b168c77a3824f0cd663f6d2ffe73e3d90587b3444e9a3cb093ddefd2869db927938ecf6cbd16a85d0849b7c829a37b70b24868e7ab1aa2adc012d85a8bf374225281b50882a40e6bed667f0538d8c85768cc9d8537bedfebe64cddf937a150c565e3824a75f5e7a173fed0ed3b3aa8750fde47ce1c219d5fc1977abc24c7a28aa8251e29a17eee3405d4c1f1f5e8b53df9425d6dde4b9de4715097c58062a977637b42974a40f0bf24dcca060871b759e5f42a12da7d89a494468f6c91c47ac17e7bfd61e62872541fd5d3941c0f0ebca3de06ca63cb52b186737fc61ade4eaed0fd5dd1eb4b8e2d2ebb689741fb354c8bbdc9092f68a156952395585113d78254ec826ba49204d76b8dcd854c4cf942c50c38ad5f8db2bf032d5eced178b25e56f9b39961aea03785119cab42fffbbbeaa15f0c21511f441fd72ab25014dbe5a35dfe295486e0d2e5803304deff8736e1d8df7886e4725321bc450c68459f01b5b3014735e81f989945e59b4c5e367976e90124e9cf422cc0f0d624627ab83ccd65ac7c1b91424672ebb3d91d932994c6e215a9d60efb6ed87eb579951668273e9a38f9089179459d2f670a21bd999a97c968891c59402d188dc601ef033fb9af3291b8778f2a38d379913a02d2215f2960f80847afe4d65f1fc7bcd1995e83fc88d87d799af0bf16060780efc8dbd08b041d8c2f646ca18ea18d3d295e172b344b6aea8d2a2620b6379c5c368459fee07bfcc83c83acaf3dc67755bbe8fe58b1a39051ef2327b30c886a0a5183e38c199e32365cb8194deade3262ea5ffa559b789da10f2948e135ce5858e1b016c153b14795a085b5bef350f95487a3f748afa943179d87a1e8828edc33804c2ea49979074fe162a8a36689286c390585d9f83645be3b921c4a6678b8ffd7edfb7a85265d5796ce4f12595b364fcc81b58c267beaa85dd47ad8c55783fe526d6dd0e3cc1f70a7e88d6f826b18aeab8282ff8e2a13ee8f03fab41be97af13c87883f87e6f0bdda04deebc05e35b601a55cc984478a997725d3faab2101cd9596c757c659e6b6c9178f620fbdcb87e399404f4bcd9b57dd1013818e58a785bed0a7fd1f5e5e355816ceba6745a42e10a145c87aedede2e0bed7bc75015a8354ba95a226c87df41d41e4ae368c4e84e8a032c48977601d71eae547f95375746e1f9c86135481bd09a08fee04db26b96cc9327bbde61cec27a56d114cc0e6459170e6cc44d846a2a55046b505e14dbdac32aa759e5d0268fe819a3dc503247b6c24c1607b4742671f5ad63c21812b1904b3c39ec8734fb1ee77a124a29c50154f53c89754f5e4719cc0279c851a63fc33e16f2393e5134568b78126b5680664fcd1fbf9d88f4efdadc120bbb4f21ddd7bf4c445a534631c5f2c4b51d7842743493b4a13bb99f160987284bc7960aaa6d40dbe05e20f42ff48425d1c8166b7fd457d33d808b456b7b11d3d3c1f445a9698ee8a473fb116c5c4824fa224088fa6f031f07f2972e62592d59536dc4cbe3c1cb33e922b0f35f79f1df10ab43e1d3e5dc480bdd8a7039f71ee9c73f976809ec2853ad0c18e4f0ee73fd1361591375d3db6c822e7baae597fc454aae7b426922e9fd9a87fe52a25d5cd03434d7ffb9f319fbeb403c0836f2117cf851bf7660ecb567a6cd918e85190683c1c0a79da1cd92b8527400008f047a436a4859be0e7b9469c6830a81d81f93ea8ba1b614de4386296089c9b34f4b8116ae7afedd43f6a82abf4302e4d8a9fba0b87347df1f5bb676f496bf29bf9ea9e3ea4bd1dd3f3d4feb7609f96424f35035b5a13fd6efd0441dea1c1f17feae7d5a1ef77aa05537fc87cc2021c92d5cbbbd159258a45972e112e123e306ef0daa36e1ff069be815c5d0b74b6b41c6d5b76c04057de0a43c2e40b04fc11b60f0f1e7ff0b88fb600d79e03cc8b73fed0af95601acca"}) 611.110086ms ago: executing program 4: bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0}, 0x90) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0006, &(0x7f0000000140)={[{@jqfmt_vfsold}, {@resgid={'resgid', 0x3d, 0xee00}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xfe, 0x43e, &(0x7f00000004c0)="$eJzs3MtvG0UYAPBv7SR9k1DKo6WFQEFEPJImfdADFxBIHEBCgkMRp5CkVajboCZItIogcAhHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZu6iZ3GiVOX7O8nbTvjHWvm292xZ2e8CaCwBtN/koi9EfFHRPTXs7cXGKz/d3NpfuKfpfmJJKrVt/9OauVuLM1P5EXz9+2pZ6rVLL+jSb2L70WMVypTl7L8yNyFD0dmL195YfrC+Lmpc1MXx06fPnH8SN+psZMdiTON68ahT2YOH3z93atvTpy5+v4v36Xt3Zvtb4yjUwbrR7eppztdWZfta0gnPV1sCG0pR0R6unpr/b8/yrFreV9/vPZ5VxsHbKlqtVpt9v2cWagC21gS3W4B0B35F316/5tvd2nocU+4/nL9BiiN+2a21ff0RCkr07vi/raTBiPizMK/X6dbbNE8BABAox/S8c/zzcZ/pXioodx92RrKQETcHxH7I+KBiDgQEQ9G1Mo+HBGPtFn/yhWS1eOf0rUNBbZO6fjvpWxt6/bxXz76i4FylttXi783OTtdmTqWHZOh6N2R5kfXqOPHV3//stW+xvFfuqX152PBrB3XelZM0E2Oz41vJuZG1z+LONTTLP4k8mWcJCIORsShDdYx/ey3h1vtu3P8a+jAOlP1m4hn6ud/IVbEn0tark+Ovnhq7OTIzqhMHRvJr4rVfv1t8a1W9W8q/g5Iz//uptf/cvwDyc6I2ctXztfWa2fbr2Pxzy9a3tNs9PrvS96ppfuy1z4en5u7NBrRl7yx+vWxW+/N83n5NP6ho837//64dSQejYj0Ij4SEY9FxONZ25+IiCcj4uga8f/8ylMftB//GrPyHZTGP3mn8x+N57/9RPn8T9+3H38uPf8naqmh7JX1fP6tt4GbOXYAAADwf1Gq/QY+KQ0vp0ul4eH6b/gPxO5SZWZ27rmzMx9dnKz/Vn4gekv5TFd/w3zoaDY3nOfHVuSPZ/PGX5V31fLDEzOVyW4HDwW3p0X/T/1V7nbrgC3neS0oLv0fikv/h+LS/6G49H8ormb9/9MutAO4+3z/Q3Hp/1Bc+j8Ul/4PhdTy2fjSph75l9j2iSjdE83Y/omedf8xiw0mdjTd1e1PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM74LwAA//9wiOSH") open(&(0x7f0000000340)='./bus\x00', 0x143142, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef9cc093fce47d85272036dc78388e3dc177e9b496", "f28359738e229a4c66810000000000f300e6d902000000000000000000000001"}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[], 0xffe6) 492.268304ms ago: executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000280)=ANY=[@ANYBLOB="12011003020000082505a1a44000010203010902"], &(0x7f0000000300)={0x0, 0x0, 0xf, 0x0}) 341.318848ms ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) close(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(r0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe15, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffff4b, 0x0}}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2}, 0x0, 0x0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r2, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, &(0x7f0000000040)=""/155, 0x1000000, 0x9b, 0x1}, 0x20) 306.108223ms ago: executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000800000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x31) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00007fd000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f00008d7000/0x2000)=nil) madvise(&(0x7f00003c1000/0x1000)=nil, 0xdfc3efff, 0x14) 252.474961ms ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1, 0xc}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVex:De', 0x0) 242.242753ms ago: executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = dup2(r0, r1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) times(0x0) 233.147774ms ago: executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0) write$binfmt_aout(r0, &(0x7f0000000380)=ANY=[], 0xff2e) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) write$binfmt_script(r0, 0x0, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 172.567703ms ago: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @empty}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f5, &(0x7f00000001c0)={'syztnl0\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x10, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @broadcast}}}}) 119.959522ms ago: executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000218010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000a80)='ext4_free_blocks\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000100), 0x1001) bpf$MAP_CREATE(0x0, &(0x7f00000000c0), 0x48) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000080)='ext4_free_blocks\x00', r2}, 0x10) r3 = open(&(0x7f0000000040)='./file0\x00', 0x40c5, 0x0) r4 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) open(&(0x7f0000000100)='.\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x2d) write$9p(r3, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706235f383e31cf662c95b1e49cfd94871e22720a41535756e419b271276941692bd023dd9c9dbec4f7db1e5c00d8b3be7b8e826a6aadd001edd0dfeb00f8048442b5c48456fd642e629dcb2ff55592665ff491cd832672ce4d999da186db2c3a1f8b6b1f7d3750d7cdb3097954e6e14fb2183ad662c63d4ce8b82dc2487f0fe2ea2827b53a7c6dcced878d2fb29c1d3ff583570e7bc172d1a5c716e0447cb08ce3c468ffdf975da372f3f3eb455aaf5822bc04a51b6cad24a2331369df81c123b009a2381b42e9aeb077f621608d81c12a5f5c6c295d74afd4dd5c051296be0b54c70bf899b347c36bff62f313079983409d7f9cf1242c917985c1b5d0736fe21f8514f63d0369a374c42da40bd5140bc3e602d00c3cb4f8e621863ab47422778d67d72de34753fd72cef80649a1548e4e8dcbcffe4054cc9d8a1f922623a75904cbdaacde768131e587269a4a99d82f7009c1b8ab79aa232a2fd45ad71b603803123f6ba979fa6a87525884b08d721a21400fb1f950b96ead82f408cc4388d3b78fb456616429a520656d5e5a876fd04748498902c86f58d45f4c1b3919eb846a00edf07e7a830bf723e4774f085f15534dd3b5246c0c0970b5ad7bb39b30b156a9430378c5b0aab1261c78d72ac301cd552d5e8dd4b642ec1dc0672745d593bb26d095b5b23576e3cfd6ab580f6e09419d0f0c64250fafaa3759aa1888da48d89c3f7c9454b0b3d0ab40445f5bed4493ef43ab08f31b1345ac4ffd94ad79c9eee53904ed6f572817153190d2e6863f2e39356bb99926419fd314341a536b7e76cae60bf7750a4c29e3f4c7f005530b1d4ee0e25b93b76fcc1108222f0b00de52cf4100e97adfd7b9db1370586ba27e1e183299be00d0df8439c380edf2f79deb441eac59b814b04accdff5e17f02046139f91f0332661676ff506e575f0cb2850bcc9f8666f6d1f69f8f4271cb804a79fccd7016f049d1a494c26a527c437fa0be6d51ec7543d9bd7a2f016194ebe3c99080a6c9b5119863dfe865f8e60cae29f50b67dbfaa0a3c9794d73034485ca1613344c572783db3dfab01b28089c51cda99cefa4c1c881a29e229f04c7e0fd04dc425ae8417852e6e31520c6207e9d4e35285feef2a2cb8a3bceb08a166fa4284a516362621e2c06731a442791f1db063a32cf1f005c914102c7273cb4d7ab1bf567d72f230783d2ea99c43a60e8729132441ee6c5362c33f9b613f84417c3c5549f4e3d9e73c6f83f16c8e57ae22fe5f54515e111fe43ad7c400d214281452bb6141cecad84b23a695f061988d906d03be5d89584634b9e9d9a9b072f8e7cbb47c47719318a2001cafa665dd2c82672d16877ea115bd023fc1975f7c59664bfb06f66a1a5e3f05cb283fb45ea67a2727ee6e10bf35b31fdd03d43ec67b753f6737e0d2f4a5275031595878cefc8f0ca", 0x600) sendfile(r3, r4, 0x0, 0xe065) ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}}) 93.752196ms ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x2}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001040)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) epoll_create(0x3) 71.606609ms ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x12}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000007d00000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x144000, 0x7fe2, 0x1}, 0x48) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r2, &(0x7f0000000180), 0x20000000}, 0x20) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000000)={r2, &(0x7f0000000180), 0x0}, 0x20) 0s ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r2, &(0x7f0000002a00)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f00000000c0)=""/43, 0x2b}}, 0x120) readv(r2, &(0x7f0000002980)=[{&(0x7f0000000700)=""/163, 0xa3}], 0x1) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.185' (ED25519) to the list of known hosts. 2024/06/01 11:57:42 fuzzer started 2024/06/01 11:57:42 dialing manager at 10.128.0.163:30012 [ 22.244704][ T28] audit: type=1400 audit(1717243062.492:66): avc: denied { node_bind } for pid=285 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 22.265162][ T28] audit: type=1400 audit(1717243062.492:67): avc: denied { name_bind } for pid=285 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 22.316028][ T28] audit: type=1400 audit(1717243062.562:68): avc: denied { mounton } for pid=295 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.317151][ T295] cgroup: Unknown subsys name 'net' [ 22.346038][ T28] audit: type=1400 audit(1717243062.562:69): avc: denied { mount } for pid=295 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.368170][ T295] cgroup: Unknown subsys name 'devices' [ 22.368467][ T28] audit: type=1400 audit(1717243062.592:70): avc: denied { setattr } for pid=299 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=166 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.388541][ T296] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 22.396623][ T28] audit: type=1400 audit(1717243062.592:71): avc: denied { unmount } for pid=295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.424879][ T28] audit: type=1400 audit(1717243062.622:72): avc: denied { mounton } for pid=301 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.449399][ T28] audit: type=1400 audit(1717243062.622:73): avc: denied { mount } for pid=301 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 22.458749][ T294] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.472403][ T28] audit: type=1400 audit(1717243062.652:74): avc: denied { relabelto } for pid=296 comm="mkswap" name="swap-file" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.506073][ T28] audit: type=1400 audit(1717243062.652:75): avc: denied { write } for pid=296 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.599283][ T295] cgroup: Unknown subsys name 'hugetlb' [ 22.604730][ T295] cgroup: Unknown subsys name 'rlimit' 2024/06/01 11:57:42 starting 5 executor processes [ 23.153446][ T309] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.160335][ T309] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.167622][ T309] device bridge_slave_0 entered promiscuous mode [ 23.175176][ T309] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.182045][ T309] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.189413][ T309] device bridge_slave_1 entered promiscuous mode [ 23.204340][ T310] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.211227][ T310] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.218376][ T310] device bridge_slave_0 entered promiscuous mode [ 23.225692][ T310] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.232694][ T310] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.239869][ T310] device bridge_slave_1 entered promiscuous mode [ 23.372633][ T314] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.379505][ T314] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.386603][ T314] device bridge_slave_0 entered promiscuous mode [ 23.393537][ T314] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.400407][ T314] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.407599][ T314] device bridge_slave_1 entered promiscuous mode [ 23.435658][ T313] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.442500][ T313] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.449696][ T313] device bridge_slave_0 entered promiscuous mode [ 23.460997][ T309] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.467920][ T309] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.475003][ T309] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.481823][ T309] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.497480][ T313] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.504312][ T313] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.511562][ T313] device bridge_slave_1 entered promiscuous mode [ 23.517859][ T311] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.524686][ T311] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.532018][ T311] device bridge_slave_0 entered promiscuous mode [ 23.538811][ T311] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.545646][ T311] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.553047][ T311] device bridge_slave_1 entered promiscuous mode [ 23.609984][ T310] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.616938][ T310] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.624155][ T310] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.630956][ T310] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.724465][ T314] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.731331][ T314] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.738407][ T314] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.745195][ T314] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.762465][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.770636][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.777944][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.784879][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.794429][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.801758][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.809987][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.817138][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.840514][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.856652][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.864698][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.871525][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.879102][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.887006][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.893758][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.901177][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.927880][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.935687][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.943644][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.968144][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.975855][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.984303][ T332] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.991335][ T332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.998479][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.006389][ T332] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.013136][ T332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.030435][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.038649][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.046381][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.053772][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.067281][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.075645][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.083936][ T333] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.090776][ T333] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.097914][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.105868][ T333] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.112742][ T333] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.120678][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 24.129914][ T310] device veth0_vlan entered promiscuous mode [ 24.138705][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.146804][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.173059][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.181060][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.188802][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.196590][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.207471][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.215338][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.223996][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.231263][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.249763][ T309] device veth0_vlan entered promiscuous mode [ 24.257694][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.264967][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.272451][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.280612][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.289076][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.297094][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.305059][ T332] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.311897][ T332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.319100][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.327149][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.335124][ T332] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.341955][ T332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.349163][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.356976][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.365040][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 24.376806][ T310] device veth1_macvtap entered promiscuous mode [ 24.387855][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.395745][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.403725][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.411762][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.419986][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.427458][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.435319][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.444897][ T314] device veth0_vlan entered promiscuous mode [ 24.452085][ T309] device veth1_macvtap entered promiscuous mode [ 24.460187][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.467672][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.475367][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.483429][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.490846][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.511843][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.519891][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.528071][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.536076][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.558451][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.566325][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.574596][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.584915][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.593417][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.601607][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.609562][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.612037][ T341] loop1: detected capacity change from 0 to 1024 [ 24.617873][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.631734][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.635060][ T341] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 24.640092][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.651144][ T341] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 24.668985][ T313] device veth0_vlan entered promiscuous mode [ 24.679316][ T314] device veth1_macvtap entered promiscuous mode [ 24.691288][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.699544][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.707933][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.715515][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.723397][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.731299][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.739485][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.746824][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.754848][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.763085][ T345] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.770453][ T345] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.785566][ T313] device veth1_macvtap entered promiscuous mode [ 24.805076][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.813076][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.813974][ T350] loop0: detected capacity change from 0 to 1024 [ 24.821481][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.834901][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.843484][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.845171][ T350] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 24.851345][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.861504][ T350] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 24.867508][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.884614][ T311] device veth0_vlan entered promiscuous mode [ 24.903098][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.910408][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.918102][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.926044][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.934261][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.942260][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.959638][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.967656][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.975737][ T311] device veth1_macvtap entered promiscuous mode [ 24.985598][ T354] tmpfs: Unknown parameter 'nolazytime' [ 25.013977][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.020372][ T358] loop3: detected capacity change from 0 to 1024 [ 25.023507][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.038371][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.046802][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.055487][ T358] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 25.078357][ T358] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 25.080010][ T356] syz-executor.4 (356) used greatest stack depth: 21864 bytes left [ 25.131385][ T367] loop2: detected capacity change from 0 to 2048 [ 25.159087][ T367] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 25.195880][ T311] EXT4-fs (loop2): unmounting filesystem. [ 25.444573][ T309] EXT4-fs (loop1): unmounting filesystem. [ 25.832487][ T345] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 25.852869][ T314] EXT4-fs (loop3): unmounting filesystem. [ 25.858876][ T310] EXT4-fs (loop0): unmounting filesystem. [ 26.417484][ T414] loop0: detected capacity change from 0 to 131072 [ 26.428546][ T414] F2FS-fs (loop0): invalid crc value [ 26.446729][ T414] F2FS-fs (loop0): Found nat_bits in checkpoint [ 26.479991][ T414] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 26.507298][ T345] usb 3-1: Using ep0 maxpacket: 8 [ 26.530550][ T427] loop1: detected capacity change from 0 to 1024 [ 26.546670][ T427] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 26.561751][ T429] loop4: detected capacity change from 0 to 2048 [ 26.584533][ T427] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 26.596691][ T429] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 26.625757][ T313] EXT4-fs (loop4): unmounting filesystem. [ 26.738249][ T445] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 26.856990][ T334] kernel read not supported for file inotify (pid: 334 comm: kworker/0:3) [ 26.907391][ T345] usb 3-1: string descriptor 0 read error: -22 [ 26.913407][ T345] usb 3-1: New USB device found, idVendor=13d3, idProduct=3205, bcdDevice=da.e2 [ 26.922473][ T345] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 26.931511][ T345] usb 3-1: config 0 descriptor?? [ 27.242578][ T345] usb 3-1: USB disconnect, device number 2 [ 27.322043][ T473] loop0: detected capacity change from 0 to 256 [ 27.338782][ T28] kauditd_printk_skb: 50 callbacks suppressed [ 27.338793][ T28] audit: type=1400 audit(1717243067.592:126): avc: denied { mount } for pid=472 comm="syz-executor.0" name="/" dev="loop0" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 27.370905][ T309] EXT4-fs (loop1): unmounting filesystem. [ 27.390527][ T28] audit: type=1400 audit(1717243067.632:127): avc: denied { unmount } for pid=310 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 27.440709][ T28] audit: type=1400 audit(1717243067.692:128): avc: denied { create } for pid=481 comm="syz-executor.0" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 27.471516][ T28] audit: type=1400 audit(1717243067.692:129): avc: denied { map } for pid=481 comm="syz-executor.0" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=14758 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 27.496619][ T28] audit: type=1400 audit(1717243067.692:130): avc: denied { read write } for pid=481 comm="syz-executor.0" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=14758 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 27.505107][ T348] kernel read not supported for file inotify (pid: 348 comm: kworker/1:4) [ 27.589969][ T348] kernel read not supported for file inotify (pid: 348 comm: kworker/1:4) [ 28.374212][ T504] loop2: detected capacity change from 0 to 1024 [ 28.416363][ T504] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 28.471464][ T513] serio: Serial port ptm0 [ 28.479640][ T504] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 28.491507][ T516] loop0: detected capacity change from 0 to 512 [ 28.521979][ T516] EXT4-fs: Ignoring removed oldalloc option [ 28.529626][ T348] kernel read not supported for file inotify (pid: 348 comm: kworker/1:4) [ 28.554474][ T516] EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: comm syz-executor.0: Parent and EA inode have the same ino 15 [ 28.579230][ T516] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2810: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 28.607592][ T516] EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: comm syz-executor.0: Parent and EA inode have the same ino 15 [ 28.620232][ T28] audit: type=1400 audit(1717243068.772:131): avc: denied { nlmsg_read } for pid=512 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 28.655379][ T516] EXT4-fs (loop0): 1 orphan inode deleted [ 28.667295][ T516] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 28.698611][ T28] audit: type=1400 audit(1717243068.952:132): avc: denied { remove_name } for pid=514 comm="syz-executor.0" name="file1" dev="loop0" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 28.701540][ T492] loop4: detected capacity change from 0 to 131072 [ 28.731780][ T492] F2FS-fs (loop4): invalid crc value [ 28.750110][ T28] audit: type=1400 audit(1717243068.972:133): avc: denied { rename } for pid=514 comm="syz-executor.0" name="file1" dev="loop0" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 28.776784][ T492] F2FS-fs (loop4): Found nat_bits in checkpoint [ 28.777740][ T310] EXT4-fs (loop0): unmounting filesystem. [ 28.789703][ T28] audit: type=1400 audit(1717243068.972:134): avc: denied { unlink } for pid=514 comm="syz-executor.0" name="bus" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 28.828635][ T28] audit: type=1400 audit(1717243069.072:135): avc: denied { ioctl } for pid=523 comm="syz-executor.3" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=14281 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 28.858255][ T492] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 28.911474][ T533] loop3: detected capacity change from 0 to 256 [ 29.002472][ T538] syz-executor.3[538] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 29.002544][ T538] syz-executor.3[538] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 29.395795][ T311] EXT4-fs (loop2): unmounting filesystem. [ 29.449522][ T551] loop3: detected capacity change from 0 to 512 [ 29.456086][ T551] EXT4-fs: Ignoring removed oldalloc option [ 29.479024][ T553] loop2: detected capacity change from 0 to 512 [ 29.486651][ T551] EXT4-fs error (device loop3): ext4_xattr_inode_iget:400: comm syz-executor.3: Parent and EA inode have the same ino 15 [ 29.491242][ T553] EXT4-fs: Ignoring removed oldalloc option [ 29.509325][ T551] EXT4-fs error (device loop3): ext4_xattr_inode_iget:400: comm syz-executor.3: Parent and EA inode have the same ino 15 [ 29.527707][ T551] EXT4-fs (loop3): 1 orphan inode deleted [ 29.533484][ T551] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 29.552974][ T553] EXT4-fs error (device loop2): ext4_xattr_inode_iget:400: comm syz-executor.2: Parent and EA inode have the same ino 15 [ 29.568465][ T553] EXT4-fs error (device loop2): ext4_xattr_inode_iget:400: comm syz-executor.2: Parent and EA inode have the same ino 15 [ 29.581628][ T553] EXT4-fs (loop2): 1 orphan inode deleted [ 29.587297][ T553] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 29.625037][ T311] EXT4-fs (loop2): unmounting filesystem. [ 29.639779][ T314] EXT4-fs (loop3): unmounting filesystem. [ 30.019174][ T563] loop4: detected capacity change from 0 to 131072 [ 30.028310][ T563] F2FS-fs (loop4): invalid crc value [ 30.113427][ T563] F2FS-fs (loop4): Found nat_bits in checkpoint [ 30.163034][ T563] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 30.341446][ T569] loop2: detected capacity change from 0 to 131072 [ 30.355224][ T569] F2FS-fs (loop2): invalid crc value [ 30.407686][ T569] F2FS-fs (loop2): Found nat_bits in checkpoint [ 30.454397][ T589] syz-executor.3[589] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 30.454463][ T589] syz-executor.3[589] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 30.457385][ T569] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 30.472450][ T592] syz-executor.1[592] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 30.511651][ T592] syz-executor.1[592] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 30.706556][ T620] syz-executor.0[620] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 30.735751][ T627] syz-executor.1[627] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 30.747340][ T620] syz-executor.0[620] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 30.750135][ T625] loop3: detected capacity change from 0 to 512 [ 30.781638][ T627] syz-executor.1[627] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 30.807833][ T625] EXT4-fs: Ignoring removed oldalloc option [ 30.857618][ T625] EXT4-fs error (device loop3): ext4_xattr_inode_iget:400: comm syz-executor.3: Parent and EA inode have the same ino 15 [ 30.920047][ T639] overlayfs: missing 'lowerdir' [ 30.925143][ T625] EXT4-fs error (device loop3): ext4_xattr_inode_iget:400: comm syz-executor.3: Parent and EA inode have the same ino 15 [ 30.952929][ T625] EXT4-fs (loop3): 1 orphan inode deleted [ 30.959060][ T625] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 31.004338][ T314] EXT4-fs (loop3): unmounting filesystem. [ 31.907390][ T674] overlayfs: missing 'lowerdir' [ 32.392820][ T687] overlayfs: missing 'lowerdir' [ 32.470472][ T28] kauditd_printk_skb: 14 callbacks suppressed [ 32.470485][ T28] audit: type=1400 audit(1717243072.722:150): avc: denied { create } for pid=696 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 32.512279][ T28] audit: type=1400 audit(1717243072.732:151): avc: denied { setopt } for pid=696 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 32.532177][ T28] audit: type=1400 audit(1717243072.732:152): avc: denied { ioctl } for pid=696 comm="syz-executor.0" path="socket:[15293]" dev="sockfs" ino=15293 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 32.556907][ T28] audit: type=1400 audit(1717243072.732:153): avc: denied { write } for pid=696 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 32.666041][ T708] loop1: detected capacity change from 0 to 512 [ 32.773697][ T708] EXT4-fs error (device loop1): ext4_orphan_get:1396: inode #15: comm syz-executor.1: casefold flag without casefold feature [ 32.819725][ T708] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #2: comm syz-executor.1: missing EA_INODE flag [ 32.851985][ T708] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor.1: error while reading EA inode 2 err=-117 [ 32.866727][ T712] kvm: emulating exchange as write [ 32.904020][ T708] EXT4-fs (loop1): 1 orphan inode deleted [ 32.927441][ T708] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 32.966949][ T28] audit: type=1400 audit(1717243073.212:154): avc: denied { create } for pid=706 comm="syz-executor.1" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 33.004691][ T309] EXT4-fs (loop1): unmounting filesystem. [ 33.488729][ T28] audit: type=1400 audit(1717243073.742:155): avc: denied { create } for pid=731 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 34.012172][ T741] bpf_get_probe_write_proto: 10 callbacks suppressed [ 34.012201][ T741] syz-executor.2[741] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.026154][ T741] syz-executor.2[741] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.030696][ T743] syz-executor.3[743] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.049249][ T743] syz-executor.3[743] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.156457][ T28] audit: type=1400 audit(1717243074.402:156): avc: denied { bind } for pid=757 comm="syz-executor.1" lport=5 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 34.188482][ T28] audit: type=1400 audit(1717243074.422:157): avc: denied { node_bind } for pid=757 comm="syz-executor.1" saddr=172.20.20.170 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 34.210497][ T28] audit: type=1400 audit(1717243074.442:158): avc: denied { connect } for pid=757 comm="syz-executor.1" laddr=172.20.20.170 lport=5 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 34.238337][ T28] audit: type=1400 audit(1717243074.442:159): avc: denied { write } for pid=757 comm="syz-executor.1" path="socket:[16610]" dev="sockfs" ino=16610 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 35.277278][ T39] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 35.293485][ T797] syz-executor.2[797] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 35.293531][ T797] syz-executor.2[797] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 35.517205][ T39] usb 1-1: Using ep0 maxpacket: 8 [ 35.591417][ T816] loop2: detected capacity change from 0 to 512 [ 35.603359][ T816] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz-executor.2: casefold flag without casefold feature [ 35.616540][ T816] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #2: comm syz-executor.2: missing EA_INODE flag [ 35.628724][ T816] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 2 err=-117 [ 35.641564][ T816] EXT4-fs (loop2): 1 orphan inode deleted [ 35.648798][ T39] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 35.654514][ T816] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.659997][ T39] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 35.681529][ T39] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 35.691191][ T39] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 35.704324][ T311] EXT4-fs (loop2): unmounting filesystem. [ 35.776472][ T839] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 35.777292][ T39] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 35.787519][ T839] device vlan2 entered promiscuous mode [ 35.799849][ T39] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 35.807746][ T839] device bridge0 entered promiscuous mode [ 35.813531][ T39] usb 1-1: SerialNumber: syz [ 35.813553][ T839] device bridge0 left promiscuous mode [ 35.837301][ T778] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 35.857748][ T39] cdc_ether: probe of 1-1:1.0 failed with error -22 [ 35.864364][ T39] usb-storage 1-1:1.0: USB Mass Storage device detected [ 35.872134][ T39] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 35.885024][ T39] scsi host1: usb-storage 1-1:1.0 [ 35.899226][ T848] syz-executor.2[848] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 35.899289][ T848] syz-executor.2[848] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 36.023973][ T861] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.2'. [ 36.062486][ T314] syz-executor.3 (314) used greatest stack depth: 21200 bytes left [ 36.085331][ T312] usb 1-1: USB disconnect, device number 2 [ 36.130233][ T872] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 36.141769][ T872] device vlan2 entered promiscuous mode [ 36.148317][ T872] device bridge0 entered promiscuous mode [ 36.154512][ T872] device bridge0 left promiscuous mode [ 36.162881][ T874] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 36.173286][ T874] device vlan2 entered promiscuous mode [ 36.178795][ T874] device bridge0 entered promiscuous mode [ 36.186588][ T874] device bridge0 left promiscuous mode [ 36.212509][ T866] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.219507][ T866] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.226853][ T866] device bridge_slave_0 entered promiscuous mode [ 36.237424][ T866] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.248536][ T866] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.255812][ T866] device bridge_slave_1 entered promiscuous mode [ 36.280094][ T881] tipc: Started in network mode [ 36.284926][ T881] tipc: Node identity fe80000000000000000000000000003, cluster identity 4711 [ 36.293797][ T881] tipc: Enabling of bearer rejected, failed to enable media [ 36.310478][ T881] Invalid ELF header magic: != ELF [ 36.324914][ T881] loop1: detected capacity change from 0 to 256 [ 36.348244][ T881] FAT-fs (loop1): Directory bread(block 64) failed [ 36.354630][ T881] FAT-fs (loop1): Directory bread(block 65) failed [ 36.361236][ T881] FAT-fs (loop1): Directory bread(block 66) failed [ 36.368024][ T881] FAT-fs (loop1): Directory bread(block 67) failed [ 36.374450][ T881] FAT-fs (loop1): Directory bread(block 68) failed [ 36.381028][ T881] FAT-fs (loop1): Directory bread(block 69) failed [ 36.387575][ T881] FAT-fs (loop1): Directory bread(block 70) failed [ 36.394433][ T881] FAT-fs (loop1): Directory bread(block 71) failed [ 36.401078][ T881] FAT-fs (loop1): Directory bread(block 72) failed [ 36.407700][ T881] FAT-fs (loop1): Directory bread(block 73) failed [ 36.426216][ T866] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.433068][ T866] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.440169][ T866] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.446944][ T866] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.473913][ T345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 36.484164][ T345] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.522687][ T345] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.552530][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 36.563853][ T312] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.570741][ T312] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.580807][ T899] option changes via remount are deprecated (pid=897 comm=syz-executor.1) [ 36.589616][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 36.597891][ T312] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.604723][ T312] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.615993][ T901] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 36.636626][ T901] device vlan2 entered promiscuous mode [ 36.642315][ T901] device bridge0 entered promiscuous mode [ 36.649537][ T901] device bridge0 left promiscuous mode [ 36.668781][ T907] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 36.680102][ T907] device vlan2 entered promiscuous mode [ 36.685492][ T907] device bridge0 entered promiscuous mode [ 36.692169][ T907] device bridge0 left promiscuous mode [ 36.704298][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 36.776237][ T866] device veth0_vlan entered promiscuous mode [ 36.789929][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 36.799184][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 36.810758][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 36.818361][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 36.825501][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 36.869677][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 36.879474][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 36.984449][ T866] device veth1_macvtap entered promiscuous mode [ 37.000596][ T10] device bridge_slave_1 left promiscuous mode [ 37.008451][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.019757][ T10] device bridge_slave_0 left promiscuous mode [ 37.026206][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.039428][ T10] device veth1_macvtap left promiscuous mode [ 37.045507][ T10] device veth0_vlan left promiscuous mode [ 37.090077][ T927] Driver unsupported XDP return value 0 on prog (id 189) dev N/A, expect packet loss! [ 37.166090][ T935] syz-executor.4[935] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 37.166156][ T935] syz-executor.4[935] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 37.215141][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 37.234120][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 37.242539][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 37.305997][ T941] incfs: Error accessing: ./file0/file1. [ 37.311640][ T941] incfs: mount failed -2 [ 37.357425][ T312] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 37.380540][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 37.391489][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 37.597233][ T312] usb 1-1: Using ep0 maxpacket: 8 [ 37.622780][ T28] kauditd_printk_skb: 25 callbacks suppressed [ 37.622792][ T28] audit: type=1400 audit(1717243077.872:185): avc: denied { create } for pid=964 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 37.648985][ T28] audit: type=1400 audit(1717243077.872:186): avc: denied { setopt } for pid=964 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 37.669074][ T28] audit: type=1400 audit(1717243077.902:187): avc: denied { create } for pid=964 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 37.689281][ T28] audit: type=1400 audit(1717243077.902:188): avc: denied { ioctl } for pid=964 comm="syz-executor.4" path="socket:[17752]" dev="sockfs" ino=17752 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 37.716999][ T28] audit: type=1400 audit(1717243077.902:189): avc: denied { bind } for pid=964 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 37.720106][ T967] capability: warning: `syz-executor.4' uses deprecated v2 capabilities in a way that may be insecure [ 37.749333][ T312] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 37.760587][ T312] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 37.770527][ T312] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 37.780224][ T312] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 37.802437][ T28] audit: type=1400 audit(1717243078.052:190): avc: denied { setattr } for pid=970 comm="syz-executor.4" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 37.877670][ T312] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 37.887099][ T28] audit: type=1400 audit(1717243078.132:191): avc: denied { create } for pid=980 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 37.894456][ T312] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 37.914425][ T28] audit: type=1400 audit(1717243078.162:192): avc: denied { connect } for pid=980 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 37.940715][ T312] usb 1-1: SerialNumber: syz [ 37.945131][ T28] audit: type=1400 audit(1717243078.192:193): avc: denied { write } for pid=984 comm="syz-executor.4" name="001" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 37.968881][ T985] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 37.970835][ T929] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 38.012613][ T312] cdc_ether: probe of 1-1:1.0 failed with error -22 [ 38.019727][ T312] usb-storage 1-1:1.0: USB Mass Storage device detected [ 38.035417][ T312] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 38.045998][ T312] scsi host1: usb-storage 1-1:1.0 [ 38.237991][ T334] usb 1-1: USB disconnect, device number 3 [ 38.422913][ T28] audit: type=1400 audit(1717243078.672:194): avc: denied { name_bind } for pid=1033 comm="syz-executor.4" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 38.713913][ T1066] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 38.770586][ T1070] loop2: detected capacity change from 0 to 256 [ 38.881643][ T1079] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 39.287206][ T332] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 39.577201][ T332] usb 3-1: Using ep0 maxpacket: 8 [ 39.727266][ T332] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 39.738169][ T332] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 39.750400][ T1113] loop1: detected capacity change from 0 to 256 [ 39.772810][ T332] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 39.797304][ T332] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 39.798817][ T1117] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 39.897281][ T332] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 39.906220][ T332] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 39.934140][ T332] usb 3-1: SerialNumber: syz [ 39.941608][ T1123] overlayfs: missing 'lowerdir' [ 39.957265][ T1094] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 39.972689][ T1133] loop4: detected capacity change from 0 to 256 [ 39.987615][ T332] cdc_ether: probe of 3-1:1.0 failed with error -22 [ 39.994784][ T332] usb-storage 3-1:1.0: USB Mass Storage device detected [ 40.017799][ T332] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 40.043746][ T332] scsi host1: usb-storage 3-1:1.0 [ 40.227788][ T1146] incfs: Error accessing: ./file0/file1. [ 40.233377][ T1146] incfs: mount failed -2 [ 40.395006][ T348] usb 3-1: USB disconnect, device number 3 [ 40.924990][ T1171] loop4: detected capacity change from 0 to 256 [ 41.000060][ T1183] loop1: detected capacity change from 0 to 256 [ 41.010970][ T1183] ======================================================= [ 41.010970][ T1183] WARNING: The mand mount option has been deprecated and [ 41.010970][ T1183] and is ignored by this kernel. Remove the mand [ 41.010970][ T1183] option from the mount to silence this warning. [ 41.010970][ T1183] ======================================================= [ 41.059886][ T1183] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 41.087502][ T1183] exFAT-fs (loop1): IO charset iso8859d=A$땖Y.c̜*wwH/WZ7s4 W.k0x00000000ffffffffid=0xffffffffffffffff not found [ 42.330674][ T1223] device pim6reg1 entered promiscuous mode [ 42.358891][ T39] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 42.486907][ T1227] incfs: Error accessing: ./file0/file1. [ 42.492621][ T1227] incfs: mount failed -2 [ 42.617253][ T39] usb 4-1: Using ep0 maxpacket: 8 [ 42.857385][ T39] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 42.891031][ T39] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 42.912792][ T1235] incfs: Error accessing: ./file0/file1. [ 42.918419][ T1235] incfs: mount failed -2 [ 42.964648][ T39] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 43.031410][ T39] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 43.117314][ T39] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 43.126290][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 43.134611][ T39] usb 4-1: SerialNumber: syz [ 43.149537][ T1239] overlayfs: missing 'lowerdir' [ 43.187278][ T1213] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 43.208680][ T39] cdc_ether: probe of 4-1:1.0 failed with error -22 [ 43.216410][ T39] usb-storage 4-1:1.0: USB Mass Storage device detected [ 43.229338][ T1249] loop2: detected capacity change from 0 to 256 [ 43.301091][ T39] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 43.309044][ T39] scsi host1: usb-storage 4-1:1.0 [ 44.173764][ T334] usb 4-1: USB disconnect, device number 2 [ 44.193920][ T1267] syz-executor.4[1267] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 44.193990][ T1267] syz-executor.4[1267] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 44.206115][ T1267] syz-executor.4[1267] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 44.217707][ T1267] syz-executor.4[1267] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 44.854582][ T28] kauditd_printk_skb: 16 callbacks suppressed [ 44.854596][ T28] audit: type=1400 audit(1717243085.102:211): avc: denied { write } for pid=1298 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 44.962398][ T1306] device pim6reg1 entered promiscuous mode [ 45.395017][ T1365] syz-executor.2[1365] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.395076][ T1365] syz-executor.2[1365] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.407608][ T1365] syz-executor.2[1365] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.431705][ T1365] syz-executor.2[1365] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.796814][ T28] audit: type=1400 audit(1717243086.042:212): avc: denied { block_suspend } for pid=1396 comm="syz-executor.1" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 46.038853][ T309] syz-executor.1 (309) used greatest stack depth: 20712 bytes left [ 46.049130][ T496] tipc: Left network mode [ 46.111812][ T1413] netlink: 'syz-executor.0': attribute type 20 has an invalid length. [ 46.223586][ T1423] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.230495][ T1423] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.241107][ T1423] device bridge_slave_0 entered promiscuous mode [ 46.250561][ T1423] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.257557][ T1423] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.264841][ T1423] device bridge_slave_1 entered promiscuous mode [ 46.340784][ T1423] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.347736][ T1423] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.354810][ T1423] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.361627][ T1423] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.370515][ T312] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.377975][ T312] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.426985][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 46.446332][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.749138][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.764993][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.777117][ T348] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.784002][ T348] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.805729][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 46.823202][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.837386][ T348] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.844264][ T348] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.876383][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 46.884316][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.892941][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 46.901015][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.908890][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 46.917000][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.936338][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 46.946226][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.963639][ T1423] device veth0_vlan entered promiscuous mode [ 46.977596][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.985989][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 47.001357][ T496] device bridge_slave_1 left promiscuous mode [ 47.017374][ T496] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.024728][ T496] device bridge_slave_0 left promiscuous mode [ 47.037275][ T496] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.047734][ T496] device veth1_macvtap left promiscuous mode [ 47.053577][ T496] device veth0_vlan left promiscuous mode [ 47.108315][ T1441] loop2: detected capacity change from 0 to 40427 [ 47.116184][ T1441] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 47.137453][ T1441] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 47.167547][ T1441] F2FS-fs (loop2): invalid crc value [ 47.230230][ T1441] F2FS-fs (loop2): Found nat_bits in checkpoint [ 47.291562][ T1423] device veth1_macvtap entered promiscuous mode [ 47.298557][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 47.313930][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 47.326511][ T1441] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 47.328850][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 47.333575][ T1441] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 47.387806][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 47.395823][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 47.410913][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 47.419184][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 47.463148][ T1444] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.487249][ T1444] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.494554][ T1444] device bridge_slave_0 entered promiscuous mode [ 47.530196][ T1444] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.537035][ T1444] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.568368][ T1444] device bridge_slave_1 entered promiscuous mode [ 47.718001][ T1444] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.724991][ T1444] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.732121][ T1444] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.738889][ T1444] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.805193][ T28] audit: type=1400 audit(1717243088.052:213): avc: denied { create } for pid=1471 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 47.836495][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.845342][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.854420][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.856807][ T28] audit: type=1400 audit(1717243088.052:214): avc: denied { bind } for pid=1471 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 47.861742][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.901309][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.956648][ T1468] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.963687][ T1468] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.973506][ T1468] device bridge_slave_0 entered promiscuous mode [ 47.987775][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.997624][ T1468] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.005218][ T1468] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.012711][ T1468] device bridge_slave_1 entered promiscuous mode [ 48.032559][ T1444] device veth0_vlan entered promiscuous mode [ 48.051529][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.059601][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 48.066892][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 48.075083][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.123110][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.134797][ T1444] device veth1_macvtap entered promiscuous mode [ 48.178861][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.192464][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.551604][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.558849][ T496] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 48.568379][ T496] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 48.577996][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.602207][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.615068][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.623118][ T19] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.629980][ T19] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.637591][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.645747][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.654012][ T19] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.660877][ T19] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.668219][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.698248][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 48.706779][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.714850][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 48.730740][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.747269][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 48.761753][ T1500] EXT4-fs (sda1): re-mounted. Quota mode: none. [ 48.775499][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.800214][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 48.812936][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.821619][ T1468] device veth0_vlan entered promiscuous mode [ 48.822617][ T1507] loop3: detected capacity change from 0 to 128 [ 48.829155][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 48.854184][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 48.877256][ T1507] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 48.882101][ T1468] device veth1_macvtap entered promiscuous mode [ 48.893029][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 48.901399][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.909615][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 48.922942][ T1507] ext4 filesystem being mounted at /root/syzkaller-testdir2273767755/syzkaller.tGLxQn/3/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 48.962922][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 48.971155][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.980549][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 48.988940][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.023480][ T28] audit: type=1400 audit(1717243089.272:215): avc: denied { read } for pid=1517 comm="syz-executor.4" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 49.047879][ T1444] EXT4-fs (loop3): unmounting filesystem. [ 49.048480][ T1519] binder: BINDER_SET_CONTEXT_MGR already set [ 49.076070][ T1522] binder: 1518:1522 ioctl c0306201 0 returned -14 [ 49.077439][ T1519] binder: 1517:1519 ioctl 4018620d 20000100 returned -16 [ 49.093983][ T28] audit: type=1400 audit(1717243089.302:216): avc: denied { open } for pid=1517 comm="syz-executor.4" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 49.126370][ T28] audit: type=1400 audit(1717243089.302:217): avc: denied { ioctl } for pid=1517 comm="syz-executor.4" path="/dev/binderfs/binder0" dev="binder" ino=13 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 49.172093][ T28] audit: type=1400 audit(1717243089.302:218): avc: denied { set_context_mgr } for pid=1517 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 49.194720][ T28] audit: type=1400 audit(1717243089.402:219): avc: denied { map } for pid=1517 comm="syz-executor.4" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 49.219436][ T28] audit: type=1400 audit(1717243089.402:220): avc: denied { call } for pid=1517 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 49.270191][ T43] device bridge_slave_1 left promiscuous mode [ 49.287381][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.332292][ T43] device bridge_slave_0 left promiscuous mode [ 49.362189][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.388171][ T43] device veth1_macvtap left promiscuous mode [ 49.395588][ T43] device veth0_vlan left promiscuous mode [ 50.022771][ T1549] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.036952][ T1549] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.063084][ T1549] device bridge_slave_0 entered promiscuous mode [ 50.086916][ T1549] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.107984][ T1549] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.131301][ T1549] device bridge_slave_1 entered promiscuous mode [ 50.327786][ T1549] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.334651][ T1549] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.341768][ T1549] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.348535][ T1549] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.748722][ T28] audit: type=1400 audit(1717243091.002:221): avc: denied { connect } for pid=1561 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 50.798045][ T1564] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 50.826064][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.843536][ T333] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.859064][ T333] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.882958][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.896299][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.903252][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.913267][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.922805][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.929683][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.941250][ T1569] loop0: detected capacity change from 0 to 512 [ 50.964476][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.972964][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.980802][ T1569] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 50.996758][ T1549] device veth0_vlan entered promiscuous mode [ 51.019896][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 51.028526][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 51.036808][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 51.046196][ T1569] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 64: padding at end of block bitmap is not set [ 51.090893][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 51.099325][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 51.107601][ T1569] Quota error (device loop0): write_blk: dquota write failed [ 51.114850][ T1569] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 51.126452][ T1569] EXT4-fs (loop0): 1 truncate cleaned up [ 51.132045][ T1569] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 51.138454][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 51.154584][ T1549] device veth1_macvtap entered promiscuous mode [ 51.165765][ T28] audit: type=1400 audit(1717243091.412:222): avc: denied { create } for pid=1568 comm="syz-executor.0" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 51.165907][ T1569] Quota error (device loop0): write_blk: dquota write failed [ 51.206276][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 51.217499][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 51.231014][ T1569] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 51.235412][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 51.275805][ T1569] syz-executor.0 (1569) used greatest stack depth: 19880 bytes left [ 51.285118][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 51.300322][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 51.309221][ T1468] EXT4-fs (loop0): unmounting filesystem. [ 51.317570][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 51.330095][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 51.361176][ T1582] loop0: detected capacity change from 0 to 256 [ 51.732147][ T43] device bridge_slave_1 left promiscuous mode [ 51.744179][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.832993][ T43] device bridge_slave_0 left promiscuous mode [ 51.840172][ T1598] EXT4-fs (sda1): re-mounted. Quota mode: none. [ 51.858542][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.877827][ T43] device bridge_slave_1 left promiscuous mode [ 51.918624][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.941611][ T1607] loop1: detected capacity change from 0 to 512 [ 51.948000][ T43] device bridge_slave_0 left promiscuous mode [ 51.957039][ T28] audit: type=1400 audit(1717243092.202:223): avc: denied { module_load } for pid=1608 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 51.959220][ T1609] Invalid ELF header magic: != ELF [ 51.979063][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.995131][ T1607] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 52.007412][ T43] device veth1_macvtap left promiscuous mode [ 52.017424][ T43] device veth0_vlan left promiscuous mode [ 52.028663][ T43] device veth1_macvtap left promiscuous mode [ 52.045208][ T28] audit: type=1400 audit(1717243092.292:224): avc: denied { connect } for pid=1608 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 52.081699][ T1607] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 64: padding at end of block bitmap is not set [ 52.105550][ T1607] Quota error (device loop1): write_blk: dquota write failed [ 52.113090][ T1607] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 52.123353][ T1607] EXT4-fs (loop1): 1 truncate cleaned up [ 52.129213][ T1607] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 52.182173][ T1423] EXT4-fs (loop1): unmounting filesystem. [ 52.479785][ T1638] Invalid ELF header magic: != ELF [ 52.564322][ T1644] Invalid ELF header magic: != ELF [ 52.577402][ T1647] Invalid ELF header magic: != ELF [ 52.590894][ T1650] loop4: detected capacity change from 0 to 512 [ 52.597689][ T1650] EXT4-fs: Ignoring removed bh option [ 52.611390][ T1650] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 52.620466][ T1619] netlink: 'syz-executor.2': attribute type 5 has an invalid length. [ 52.630855][ T1619] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 52.644129][ T1650] EXT4-fs (loop4): 1 truncate cleaned up [ 52.653036][ T1650] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 52.712986][ T1650] loop4: detected capacity change from 512 to 64 [ 52.772036][ T1650] syz-executor.4: attempt to access beyond end of device [ 52.772036][ T1650] loop4: rw=2049, sector=72, nr_sectors = 24 limit=64 [ 52.830339][ T1650] EXT4-fs warning (device loop4): ext4_end_bio:347: I/O error 10 writing to inode 19 starting block 36) [ 52.841652][ T1650] Buffer I/O error on device loop4, logical block 36 [ 52.848141][ T1650] Buffer I/O error on device loop4, logical block 37 [ 52.854651][ T1650] Buffer I/O error on device loop4, logical block 38 [ 52.861162][ T1650] Buffer I/O error on device loop4, logical block 39 [ 52.868605][ T1650] Buffer I/O error on device loop4, logical block 40 [ 52.875095][ T1650] Buffer I/O error on device loop4, logical block 41 [ 52.881605][ T1650] Buffer I/O error on device loop4, logical block 42 [ 52.888113][ T1650] Buffer I/O error on device loop4, logical block 43 [ 52.896447][ T1650] Buffer I/O error on device loop4, logical block 44 [ 52.902934][ T1650] Buffer I/O error on device loop4, logical block 45 [ 53.018069][ T313] EXT4-fs (loop4): unmounting filesystem. [ 53.019834][ T1672] process 'syz-executor.0' launched './file0' with NULL argv: empty string added [ 53.037223][ T312] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 53.084529][ T1676] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 53.102648][ T1679] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 53.249276][ T1696] Invalid ELF header magic: != ELF [ 53.388957][ T1706] loop0: detected capacity change from 0 to 512 [ 53.415026][ T1706] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 53.417289][ T312] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 53.455961][ T1712] loop1: detected capacity change from 0 to 512 [ 53.475532][ T1712] EXT4-fs: Ignoring removed bh option [ 53.478410][ T1706] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 53.481324][ T1712] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 53.491597][ T1706] ext4 filesystem being mounted at /root/syzkaller-testdir2400760428/syzkaller.6EMMZW/7/file0 supports timestamps until 2038 (0x7fffffff) [ 53.512776][ T1712] EXT4-fs (loop1): 1 truncate cleaned up [ 53.515142][ T1717] : renamed from pim6reg1 [ 53.518916][ T1712] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 53.542594][ T1706] EXT4-fs error (device loop0): ext4_xattr_block_get:546: inode #15: comm syz-executor.0: corrupted xattr block 19 [ 53.554741][ T1706] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 53.563624][ T19] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 53.563786][ T1706] EXT4-fs error (device loop0): ext4_xattr_block_get:546: inode #15: comm syz-executor.0: corrupted xattr block 19 [ 53.583025][ T1706] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 53.592226][ T1712] loop1: detected capacity change from 512 to 64 [ 53.593832][ T1706] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 53.612603][ T312] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 53.622049][ T312] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 53.623523][ T1712] syz-executor.1: attempt to access beyond end of device [ 53.623523][ T1712] loop1: rw=2049, sector=72, nr_sectors = 24 limit=64 [ 53.630150][ T312] usb 4-1: Product: syz [ 53.647743][ T312] usb 4-1: Manufacturer: syz [ 53.650349][ T1712] EXT4-fs warning (device loop1): ext4_end_bio:347: I/O error 10 writing to inode 19 starting block 36) [ 53.652256][ T1706] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2926: inode #15: comm syz-executor.0: corrupted xattr block 19 [ 53.666979][ T1720] Invalid ELF header magic: != ELF [ 53.675709][ T312] usb 4-1: SerialNumber: syz [ 53.696752][ T1706] EXT4-fs warning (device loop0): ext4_evict_inode:299: xattr delete (err -117) [ 53.711955][ T1423] EXT4-fs (loop1): unmounting filesystem. [ 53.723671][ T1468] EXT4-fs (loop0): unmounting filesystem. [ 53.777580][ T1732] SELinux: Context system_u:object_r:systemd_notify_exec_t:s0 is not valid (left unmapped). [ 53.811891][ T1734] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 53.987346][ T19] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 54.035461][ T1750] Invalid ELF header magic: != ELF [ 54.043279][ T1753] loop1: detected capacity change from 0 to 512 [ 54.059582][ T1753] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 54.093344][ T1753] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 54.106502][ T1753] ext4 filesystem being mounted at /root/syzkaller-testdir2306216746/syzkaller.adMYQK/31/file0 supports timestamps until 2038 (0x7fffffff) [ 54.128422][ T1761] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 54.131500][ T1753] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #15: comm syz-executor.1: corrupted xattr block 19 [ 54.156721][ T1753] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop1 ino=15 [ 54.165859][ T1753] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #15: comm syz-executor.1: corrupted xattr block 19 [ 54.178151][ T1753] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop1 ino=15 [ 54.187329][ T19] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 54.187745][ T1753] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 54.205627][ T19] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 54.211092][ T1753] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2926: inode #15: comm syz-executor.1: corrupted xattr block 19 [ 54.230849][ T1753] EXT4-fs warning (device loop1): ext4_evict_inode:299: xattr delete (err -117) [ 54.238194][ T19] usb 3-1: Product: syz [ 54.248429][ T19] usb 3-1: Manufacturer: syz [ 54.256185][ T19] usb 3-1: SerialNumber: syz [ 54.291609][ T1423] EXT4-fs (loop1): unmounting filesystem. [ 54.308974][ T1766] loop0: detected capacity change from 0 to 512 [ 54.338982][ T1766] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 54.351232][ T1766] EXT4-fs (loop0): warning: maximal mount count reached, running e2fsck is recommended [ 54.362129][ T1766] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz-executor.0: inode #15: comm syz-executor.0: iget: illegal inode # [ 54.377464][ T1766] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor.0: couldn't read orphan inode 15 (err -117) [ 54.389754][ T1766] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 54.487916][ T1780] loop4: detected capacity change from 0 to 512 [ 54.494499][ T1780] EXT4-fs: Ignoring removed bh option [ 54.500233][ T1780] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 54.510232][ T1780] EXT4-fs (loop4): 1 truncate cleaned up [ 54.516320][ T1780] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 54.557607][ T1780] loop4: detected capacity change from 512 to 64 [ 54.569983][ T1780] syz-executor.4: attempt to access beyond end of device [ 54.569983][ T1780] loop4: rw=2049, sector=72, nr_sectors = 24 limit=64 [ 54.583655][ T1780] EXT4-fs warning (device loop4): ext4_end_bio:347: I/O error 10 writing to inode 19 starting block 36) [ 54.604060][ T313] EXT4-fs (loop4): unmounting filesystem. [ 54.807256][ T312] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 54.814715][ T312] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 54.822485][ T312] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 54.919574][ T1468] EXT4-fs (loop0): unmounting filesystem. [ 54.928175][ T334] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 55.035539][ T312] cdc_ncm 4-1:1.0: setting tx_max = 184 [ 55.045290][ T312] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 55.058139][ T312] usb 4-1: USB disconnect, device number 3 [ 55.064288][ T312] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 55.100501][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.107810][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.390503][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.407783][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.417435][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.424681][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.431991][ T19] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 55.438239][ T334] usb 5-1: Using ep0 maxpacket: 8 [ 55.443212][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.450427][ T19] cdc_ncm 3-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 55.457810][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x4 [ 55.464987][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.472217][ T19] cdc_ncm 3-1:1.0: setting rx_max = 2048 [ 55.477813][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x2 [ 55.484989][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.492356][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.499585][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.506745][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.513991][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.521263][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.528367][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.535557][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.542800][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.549980][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.557266][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.564374][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.571688][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.578847][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.585985][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.593215][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.600448][ T334] usb 5-1: unable to get BOS descriptor or descriptor too short [ 55.607896][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.615053][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.622342][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.629475][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.636684][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.643973][ T19] cdc_ncm 3-1:1.0: setting tx_max = 184 [ 55.650805][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.658087][ T19] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 55.668738][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.675876][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.684978][ T19] usb 3-1: USB disconnect, device number 4 [ 55.690853][ T19] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM (NO ZLP) [ 55.699970][ T334] usb 5-1: config 0 has no interfaces? [ 55.705292][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.713925][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.721264][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.728550][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.735654][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.743094][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.751461][ T345] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 55.759947][ T332] ================================================================== [ 55.767813][ T332] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 [ 55.775448][ T332] Read of size 8 at addr ffff88811257ccf0 by task kworker/0:2/332 [ 55.783088][ T332] [ 55.785258][ T332] CPU: 0 PID: 332 Comm: kworker/0:2 Not tainted 6.1.78-syzkaller-00133-g74c507aab139 #0 [ 55.794804][ T332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 55.804699][ T332] Workqueue: wg-crypt-wg2 wg_packet_tx_worker [ 55.810599][ T332] Call Trace: [ 55.813728][ T332] [ 55.816502][ T332] dump_stack_lvl+0x151/0x1b7 [ 55.821035][ T332] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 55.826311][ T332] ? _printk+0xd1/0x111 [ 55.830301][ T332] ? __virt_addr_valid+0x242/0x2f0 [ 55.835264][ T332] print_report+0x158/0x4e0 [ 55.839587][ T332] ? __virt_addr_valid+0x242/0x2f0 [ 55.844537][ T332] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 55.850610][ T332] ? __list_del_entry_valid+0xa6/0x130 [ 55.855906][ T332] kasan_report+0x13c/0x170 [ 55.860244][ T332] ? __list_del_entry_valid+0xa6/0x130 [ 55.865540][ T332] __asan_report_load8_noabort+0x14/0x20 [ 55.871007][ T332] __list_del_entry_valid+0xa6/0x130 [ 55.876127][ T332] process_one_work+0x4d7/0xcb0 [ 55.880816][ T332] worker_thread+0xa60/0x1260 [ 55.885349][ T332] kthread+0x26d/0x300 [ 55.889233][ T332] ? worker_clr_flags+0x1a0/0x1a0 [ 55.894094][ T332] ? kthread_blkcg+0xd0/0xd0 [ 55.898520][ T332] ret_from_fork+0x1f/0x30 [ 55.902776][ T332] [ 55.905638][ T332] [ 55.907807][ T332] Allocated by task 19: [ 55.911798][ T332] kasan_set_track+0x4b/0x70 [ 55.916224][ T332] kasan_save_alloc_info+0x1f/0x30 [ 55.921173][ T332] __kasan_kmalloc+0x9c/0xb0 [ 55.925598][ T332] __kmalloc_node+0xb4/0x1e0 [ 55.930025][ T332] kvmalloc_node+0x221/0x640 [ 55.934456][ T332] alloc_netdev_mqs+0x8c/0xf90 [ 55.939051][ T332] alloc_etherdev_mqs+0x36/0x40 [ 55.943741][ T332] usbnet_probe+0x207/0x27c0 [ 55.948163][ T332] usb_probe_interface+0x5b6/0xa90 [ 55.953112][ T332] really_probe+0x2b8/0x920 [ 55.957450][ T332] __driver_probe_device+0x1a0/0x310 [ 55.962571][ T332] driver_probe_device+0x54/0x3d0 [ 55.967439][ T332] __device_attach_driver+0x2e3/0x490 [ 55.972638][ T332] bus_for_each_drv+0x183/0x200 [ 55.977325][ T332] __device_attach+0x312/0x510 [ 55.981925][ T332] device_initial_probe+0x1a/0x20 [ 55.986789][ T332] bus_probe_device+0xbe/0x1e0 [ 55.991389][ T332] device_add+0xb60/0xf10 [ 55.995551][ T332] usb_set_configuration+0x190f/0x1e80 [ 56.000846][ T332] usb_generic_driver_probe+0x8b/0x150 [ 56.006142][ T332] usb_probe_device+0x144/0x260 [ 56.010836][ T332] really_probe+0x2b8/0x920 [ 56.015169][ T332] __driver_probe_device+0x1a0/0x310 [ 56.020288][ T332] driver_probe_device+0x54/0x3d0 [ 56.025148][ T332] __device_attach_driver+0x2e3/0x490 [ 56.030355][ T332] bus_for_each_drv+0x183/0x200 [ 56.035042][ T332] __device_attach+0x312/0x510 [ 56.039642][ T332] device_initial_probe+0x1a/0x20 [ 56.044505][ T332] bus_probe_device+0xbe/0x1e0 [ 56.049106][ T332] device_add+0xb60/0xf10 [ 56.053270][ T332] usb_new_device+0xf32/0x1810 [ 56.057868][ T332] hub_event+0x2db1/0x4830 [ 56.062128][ T332] process_one_work+0x73d/0xcb0 [ 56.066806][ T332] worker_thread+0xa60/0x1260 [ 56.071320][ T332] kthread+0x26d/0x300 [ 56.075225][ T332] ret_from_fork+0x1f/0x30 [ 56.079480][ T332] [ 56.081650][ T332] Freed by task 19: [ 56.085296][ T332] kasan_set_track+0x4b/0x70 [ 56.089723][ T332] kasan_save_free_info+0x2b/0x40 [ 56.094728][ T332] ____kasan_slab_free+0x131/0x180 [ 56.099683][ T332] __kasan_slab_free+0x11/0x20 [ 56.104280][ T332] __kmem_cache_free+0x218/0x3b0 [ 56.109041][ T332] kfree+0x7a/0xf0 [ 56.112600][ T332] kvfree+0x35/0x40 [ 56.116243][ T332] netdev_freemem+0x3f/0x60 [ 56.120582][ T332] netdev_release+0x7f/0xb0 [ 56.124924][ T332] device_release+0x95/0x1c0 [ 56.129354][ T332] kobject_put+0x178/0x260 [ 56.133605][ T332] put_device+0x1f/0x30 [ 56.137593][ T332] free_netdev+0x393/0x480 [ 56.141845][ T332] usbnet_disconnect+0x245/0x390 [ 56.146620][ T332] usb_unbind_interface+0x1fa/0x8c0 [ 56.151654][ T332] device_release_driver_internal+0x53e/0x870 [ 56.157556][ T332] device_release_driver+0x19/0x20 [ 56.162501][ T332] bus_remove_device+0x2fa/0x360 [ 56.167275][ T332] device_del+0x663/0xe90 [ 56.171440][ T332] usb_disable_device+0x380/0x720 [ 56.176303][ T332] usb_disconnect+0x32a/0x890 [ 56.180814][ T332] hub_event+0x1ed8/0x4830 [ 56.185069][ T332] process_one_work+0x73d/0xcb0 [ 56.189781][ T332] worker_thread+0xd71/0x1260 [ 56.194288][ T332] kthread+0x26d/0x300 [ 56.198175][ T332] ret_from_fork+0x1f/0x30 [ 56.202428][ T332] [ 56.204599][ T332] Last potentially related work creation: [ 56.210151][ T332] kasan_save_stack+0x3b/0x60 [ 56.214664][ T332] __kasan_record_aux_stack+0xb4/0xc0 [ 56.219870][ T332] kasan_record_aux_stack_noalloc+0xb/0x10 [ 56.225512][ T332] insert_work+0x56/0x310 [ 56.229682][ T332] __queue_work+0x9b6/0xd70 [ 56.234019][ T332] queue_work_on+0x105/0x170 [ 56.238444][ T332] usbnet_link_change+0xeb/0x100 [ 56.243220][ T332] usbnet_probe+0x1dbe/0x27c0 [ 56.247730][ T332] usb_probe_interface+0x5b6/0xa90 [ 56.252688][ T332] really_probe+0x2b8/0x920 [ 56.257018][ T332] __driver_probe_device+0x1a0/0x310 [ 56.262137][ T332] driver_probe_device+0x54/0x3d0 [ 56.267000][ T332] __device_attach_driver+0x2e3/0x490 [ 56.272218][ T332] bus_for_each_drv+0x183/0x200 [ 56.276892][ T332] __device_attach+0x312/0x510 [ 56.281492][ T332] device_initial_probe+0x1a/0x20 [ 56.286356][ T332] bus_probe_device+0xbe/0x1e0 [ 56.290954][ T332] device_add+0xb60/0xf10 [ 56.295120][ T332] usb_set_configuration+0x190f/0x1e80 [ 56.300501][ T332] usb_generic_driver_probe+0x8b/0x150 [ 56.305795][ T332] usb_probe_device+0x144/0x260 [ 56.310484][ T332] really_probe+0x2b8/0x920 [ 56.314825][ T332] __driver_probe_device+0x1a0/0x310 [ 56.319945][ T332] driver_probe_device+0x54/0x3d0 [ 56.324804][ T332] __device_attach_driver+0x2e3/0x490 [ 56.330011][ T332] bus_for_each_drv+0x183/0x200 [ 56.334700][ T332] __device_attach+0x312/0x510 [ 56.339297][ T332] device_initial_probe+0x1a/0x20 [ 56.344305][ T332] bus_probe_device+0xbe/0x1e0 [ 56.348889][ T332] device_add+0xb60/0xf10 [ 56.353077][ T332] usb_new_device+0xf32/0x1810 [ 56.357652][ T332] hub_event+0x2db1/0x4830 [ 56.361906][ T332] process_one_work+0x73d/0xcb0 [ 56.366593][ T332] worker_thread+0xa60/0x1260 [ 56.371107][ T332] kthread+0x26d/0x300 [ 56.375016][ T332] ret_from_fork+0x1f/0x30 [ 56.379264][ T332] [ 56.381447][ T332] The buggy address belongs to the object at ffff88811257c000 [ 56.381447][ T332] which belongs to the cache kmalloc-4k of size 4096 [ 56.395322][ T332] The buggy address is located 3312 bytes inside of [ 56.395322][ T332] 4096-byte region [ffff88811257c000, ffff88811257d000) [ 56.408612][ T332] [ 56.410777][ T332] The buggy address belongs to the physical page: [ 56.417053][ T332] page:ffffea0004495e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112578 [ 56.427084][ T332] head:ffffea0004495e00 order:3 compound_mapcount:0 compound_pincount:0 [ 56.435245][ T332] flags: 0x4000000000010200(slab|head|zone=1) [ 56.441152][ T332] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100043380 [ 56.449573][ T332] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 56.458001][ T332] page dumped because: kasan: bad access detected [ 56.464239][ T332] page_owner tracks the page as allocated [ 56.469805][ T332] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 111, tgid 111 (udevadm), ts 3899766760, free_ts 0 [ 56.489493][ T332] post_alloc_hook+0x213/0x220 [ 56.494092][ T332] prep_new_page+0x1b/0x110 [ 56.498430][ T332] get_page_from_freelist+0x27ea/0x2870 [ 56.503810][ T332] __alloc_pages+0x3a1/0x780 [ 56.508236][ T332] alloc_slab_page+0x6c/0xf0 [ 56.513271][ T332] new_slab+0x90/0x3e0 [ 56.517177][ T332] ___slab_alloc+0x6f9/0xb80 [ 56.521600][ T332] __slab_alloc+0x5d/0xa0 [ 56.525769][ T332] __kmem_cache_alloc_node+0x1af/0x250 [ 56.531062][ T332] kmalloc_trace+0x2a/0xa0 [ 56.535313][ T332] kernfs_iop_get_link+0x65/0x610 [ 56.540181][ T332] vfs_readlink+0x166/0x390 [ 56.544514][ T332] do_readlinkat+0x27f/0x3a0 [ 56.548941][ T332] __x64_sys_readlink+0x7f/0x90 [ 56.553628][ T332] do_syscall_64+0x3d/0xb0 [ 56.557895][ T332] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.563610][ T332] page_owner free stack trace missing [ 56.568817][ T332] [ 56.570985][ T332] Memory state around the buggy address: [ 56.576455][ T332] ffff88811257cb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.584356][ T332] ffff88811257cc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.592253][ T332] >ffff88811257cc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.600146][ T332] ^ [ 56.607699][ T332] ffff88811257cd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.615598][ T332] ffff88811257cd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.623497][ T332] ================================================================== [ 56.631482][ T332] Disabling lock debugging due to kernel taint 2024/06/01 11:58:16 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 56.650480][ T345] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz0