1464 bytes left Warning: Permanently added '10.128.1.116' (ED25519) to the list of known hosts. 2024/05/08 12:00:54 fuzzer started 2024/05/08 12:00:54 dialing manager at 10.128.0.163:30000 [ 21.525084][ T23] audit: type=1400 audit(1715169654.170:66): avc: denied { node_bind } for pid=343 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 21.545430][ T23] audit: type=1400 audit(1715169654.170:67): avc: denied { name_bind } for pid=343 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 21.670089][ T23] audit: type=1400 audit(1715169654.320:68): avc: denied { mounton } for pid=353 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.672149][ T353] cgroup1: Unknown subsys name 'net' [ 21.692656][ T23] audit: type=1400 audit(1715169654.320:69): avc: denied { mount } for pid=353 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.698014][ T353] cgroup1: Unknown subsys name 'net_prio' [ 21.725368][ T353] cgroup1: Unknown subsys name 'devices' [ 21.731750][ T23] audit: type=1400 audit(1715169654.380:70): avc: denied { unmount } for pid=353 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.903250][ T353] cgroup1: Unknown subsys name 'hugetlb' [ 21.908926][ T353] cgroup1: Unknown subsys name 'rlimit' [ 22.063480][ T23] audit: type=1400 audit(1715169654.710:71): avc: denied { mounton } for pid=353 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.088145][ T23] audit: type=1400 audit(1715169654.710:72): avc: denied { mount } for pid=353 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 22.111151][ T23] audit: type=1400 audit(1715169654.710:73): avc: denied { setattr } for pid=353 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.118374][ T354] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 22.143067][ T23] audit: type=1400 audit(1715169654.790:74): avc: denied { relabelto } for pid=354 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.168316][ T23] audit: type=1400 audit(1715169654.790:75): avc: denied { write } for pid=354 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" 2024/05/08 12:00:54 code coverage: enabled 2024/05/08 12:00:54 comparison tracing: enabled 2024/05/08 12:00:54 extra coverage: enabled 2024/05/08 12:00:54 delay kcov mmap: mmap returned an invalid pointer 2024/05/08 12:00:54 setuid sandbox: enabled 2024/05/08 12:00:54 namespace sandbox: enabled 2024/05/08 12:00:54 Android sandbox: enabled 2024/05/08 12:00:54 fault injection: enabled 2024/05/08 12:00:54 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2024/05/08 12:00:54 net packet injection: enabled 2024/05/08 12:00:54 net device setup: enabled 2024/05/08 12:00:54 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2024/05/08 12:00:54 devlink PCI setup: PCI device 0000:00:10.0 is not available 2024/05/08 12:00:54 NIC VF setup: PCI device 0000:00:11.0 is not available 2024/05/08 12:00:54 USB emulation: enabled 2024/05/08 12:00:54 hci packet injection: /dev/vhci does not exist 2024/05/08 12:00:54 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 2024/05/08 12:00:54 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 2024/05/08 12:00:54 swap file: enabled 2024/05/08 12:00:54 starting 5 executor processes [ 22.220829][ T353] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.762287][ T364] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.769126][ T364] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.776491][ T364] device bridge_slave_0 entered promiscuous mode [ 22.801180][ T364] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.808042][ T364] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.815370][ T364] device bridge_slave_1 entered promiscuous mode [ 22.895968][ T368] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.902918][ T368] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.910205][ T368] device bridge_slave_0 entered promiscuous mode [ 22.920238][ T368] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.927061][ T368] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.934384][ T368] device bridge_slave_1 entered promiscuous mode [ 22.949925][ T370] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.956849][ T370] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.964096][ T370] device bridge_slave_0 entered promiscuous mode [ 22.974092][ T370] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.981032][ T370] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.988282][ T370] device bridge_slave_1 entered promiscuous mode [ 23.013299][ T367] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.020162][ T367] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.027395][ T367] device bridge_slave_0 entered promiscuous mode [ 23.037353][ T367] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.044291][ T367] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.051719][ T367] device bridge_slave_1 entered promiscuous mode [ 23.152799][ T369] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.159719][ T369] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.167261][ T369] device bridge_slave_0 entered promiscuous mode [ 23.183415][ T369] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.190254][ T369] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.197544][ T369] device bridge_slave_1 entered promiscuous mode [ 23.270451][ T364] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.277294][ T364] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.284417][ T364] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.291186][ T364] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.314435][ T370] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.321281][ T370] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.328388][ T370] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.335261][ T370] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.361011][ T367] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.367842][ T367] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.374976][ T367] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.381754][ T367] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.404718][ T368] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.411570][ T368] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.418656][ T368] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.425473][ T368] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.489373][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.496967][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.504337][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.511435][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.518390][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.525404][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.532368][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.539464][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.547397][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.554672][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.564741][ T104] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.592744][ T104] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.601165][ T104] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.607983][ T104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.615701][ T104] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.623912][ T104] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.630752][ T104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.637860][ T104] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.645816][ T104] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.652654][ T104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.659761][ T104] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.667748][ T104] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.674573][ T104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.702128][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.709596][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.717239][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.725745][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.738385][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.746734][ T371] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.753571][ T371] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.760894][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.768874][ T371] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.775702][ T371] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.808325][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.816780][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.825514][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.835238][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.843282][ T371] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.850114][ T371] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.857239][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.865167][ T371] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.872007][ T371] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.886617][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.894081][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.901623][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 23.909727][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.918354][ T371] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.925193][ T371] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.932544][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 23.958214][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.966238][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.974077][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 23.982494][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.990336][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.998126][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.006104][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.014079][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.021902][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.030013][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.038309][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.046480][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.054518][ T389] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.061434][ T389] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.091153][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.098854][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.107331][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.116057][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.124219][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.132250][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.139937][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.148178][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.156386][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.164134][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.171929][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.179560][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.196219][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.204486][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.213318][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.221398][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.263364][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.271555][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.279648][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.288194][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.297272][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.305506][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.313598][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.321813][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.329798][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.338334][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.346535][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.354850][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.362997][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.371110][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.378787][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.386613][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.394658][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.402961][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready executing program 2: r0 = socket(0x28, 0x5, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000004c0)={'ip6tnl0\x00', &(0x7f0000000440)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000900)={'syztnl1\x00', &(0x7f0000000880)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @loopback}}}}) executing program 2: fsmount(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0006, &(0x7f0000000140)={[{@jqfmt_vfsold}, {@resgid={'resgid', 0x3d, 0xee00}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xfe, 0x43e, &(0x7f00000004c0)="$eJzs3MtvG0UYAPBv7SR9k1DKo6WFQEFEPJImfdADFxBIHEBCgkMRp5CkVajboCZItIogcAhHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZu6iZ3GiVOX7O8nbTvjHWvm292xZ2e8CaCwBtN/koi9EfFHRPTXs7cXGKz/d3NpfuKfpfmJJKrVt/9OauVuLM1P5EXz9+2pZ6rVLL+jSb2L70WMVypTl7L8yNyFD0dmL195YfrC+Lmpc1MXx06fPnH8SN+psZMdiTON68ahT2YOH3z93atvTpy5+v4v36Xt3Zvtb4yjUwbrR7eppztdWZfta0gnPV1sCG0pR0R6unpr/b8/yrFreV9/vPZ5VxsHbKlqtVpt9v2cWagC21gS3W4B0B35F316/5tvd2nocU+4/nL9BiiN+2a21ff0RCkr07vi/raTBiPizMK/X6dbbNE8BABAox/S8c/zzcZ/pXioodx92RrKQETcHxH7I+KBiDgQEQ9G1Mo+HBGPtFn/yhWS1eOf0rUNBbZO6fjvpWxt6/bxXz76i4FylttXi783OTtdmTqWHZOh6N2R5kfXqOPHV3//stW+xvFfuqX152PBrB3XelZM0E2Oz41vJuZG1z+LONTTLP4k8mWcJCIORsShDdYx/ey3h1vtu3P8a+jAOlP1m4hn6ud/IVbEn0tark+Ovnhq7OTIzqhMHRvJr4rVfv1t8a1W9W8q/g5Iz//uptf/cvwDyc6I2ctXztfWa2fbr2Pxzy9a3tNs9PrvS96ppfuy1z4en5u7NBrRl7yx+vWxW+/N83n5NP6ho837//64dSQejYj0Ij4SEY9FxONZ25+IiCcj4uga8f/8ylMftB//GrPyHZTGP3mn8x+N57/9RPn8T9+3H38uPf8naqmh7JX1fP6tt4GbOXYAAADwf1Gq/QY+KQ0vp0ul4eH6b/gPxO5SZWZ27rmzMx9dnKz/Vn4gekv5TFd/w3zoaDY3nOfHVuSPZ/PGX5V31fLDEzOVyW4HDwW3p0X/T/1V7nbrgC3neS0oLv0fikv/h+LS/6G49H8ormb9/9MutAO4+3z/Q3Hp/1Bc+j8Ul/4PhdTy2fjSph75l9j2iSjdE83Y/omedf8xiw0mdjTd1e1PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM74LwAA//9wiOSH") creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) rename(&(0x7f0000000200)='./file0\x00', &(0x7f0000000f00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') creat(&(0x7f0000000e00)='./file0\x00', 0x0) executing program 1: r0 = syz_usb_connect$hid(0x0, 0x90, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x44e, 0x1215, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x3}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000440)={0x2c, &(0x7f0000000140)={0x0, 0x0, 0x6, {0x6, 0x0, "ee8f409e"}}, 0x0, 0x0, &(0x7f00000003c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x0, 0x0, 0x0, "3d268821", "9897b10d"}}, 0x0}, 0x0) [ 24.411212][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.441118][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.449345][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000080)={0x7b, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000009c0)={0x84, 0x0, 0x0, 0x0, &(0x7f00000005c0)={0x20, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000740)={0x2c, &(0x7f0000000600)={0x0, 0x0, 0x4, "25c18c8e"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000240)={0x2c, &(0x7f0000000200)={0x0, 0x0, 0x4, "6a066857"}, 0x0, 0x0, 0x0, 0x0}) [ 24.488053][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.499886][ T393] EXT4-fs (loop2): Ignoring removed bh option [ 24.502193][ T389] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.513623][ T393] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 24.530271][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready executing program 2: prctl$PR_GET_CHILD_SUBREAPER(0x4) [ 24.538386][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.549037][ T393] EXT4-fs (loop2): 1 truncate cleaned up [ 24.554624][ T393] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue [ 24.570415][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.578563][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.599689][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.607719][ T371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.629424][ T104] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.637631][ T104] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready executing program 3: r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x1e, 0x305, 0x0, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @typed={0x8, 0xe, 0x0, 0x0, @uid}]}, 0x24}}, 0x0) executing program 4: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x50, 0xa5, 0x9b, 0x20, 0x46d, 0x8b7, 0x99db, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x6b, 0x7e, 0x7c}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) executing program 2: r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000900)={0x41}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) sendmsg$tipc(r3, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) executing program 3: mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) add_key$user(&(0x7f0000000300), &(0x7f0000001000)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) [ 24.645857][ T104] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.654224][ T104] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program 2: r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_usb_connect(0x0, 0x36, 0x0, 0x0) close(r0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x6) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xb, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000680)={{r0}, &(0x7f0000000540), &(0x7f0000000580)='%pI4 \x00'}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x100006, 0x220100, 0xe2a4, 0x1}, 0x48) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x1b, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240), 0x0, 0x2, r2}, 0x38) executing program 3: socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) executing program 3: chdir(0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000c40), 0x310decfa, 0x1) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.numa_stat\x00', 0x275a, 0x0) write$binfmt_aout(r1, &(0x7f0000000100)=ANY=[], 0xc1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r1, 0x0) ioctl$USBDEVFS_CONTROL(r0, 0x80045515, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='devtmpfs\x00', 0x804004, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0xa0029, &(0x7f0000000e80)=ANY=[@ANYBLOB='nr_inodes=35,size=1']) executing program 3: bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r0}, 0xc) executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) executing program 3: syz_emit_ethernet(0x42, &(0x7f0000000300)=ANY=[@ANYBLOB="000000000000aaaaaaaaaabb0806"], 0x0) [ 24.782349][ T427] tmpfs: Too few inodes for current use executing program 3: fsmount(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0006, &(0x7f0000000140)={[{@jqfmt_vfsold}, {@resgid={'resgid', 0x3d, 0xee00}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xfe, 0x43e, &(0x7f00000004c0)="$eJzs3MtvG0UYAPBv7SR9k1DKo6WFQEFEPJImfdADFxBIHEBCgkMRp5CkVajboCZItIogcAhHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZu6iZ3GiVOX7O8nbTvjHWvm292xZ2e8CaCwBtN/koi9EfFHRPTXs7cXGKz/d3NpfuKfpfmJJKrVt/9OauVuLM1P5EXz9+2pZ6rVLL+jSb2L70WMVypTl7L8yNyFD0dmL195YfrC+Lmpc1MXx06fPnH8SN+psZMdiTON68ahT2YOH3z93atvTpy5+v4v36Xt3Zvtb4yjUwbrR7eppztdWZfta0gnPV1sCG0pR0R6unpr/b8/yrFreV9/vPZ5VxsHbKlqtVpt9v2cWagC21gS3W4B0B35F316/5tvd2nocU+4/nL9BiiN+2a21ff0RCkr07vi/raTBiPizMK/X6dbbNE8BABAox/S8c/zzcZ/pXioodx92RrKQETcHxH7I+KBiDgQEQ9G1Mo+HBGPtFn/yhWS1eOf0rUNBbZO6fjvpWxt6/bxXz76i4FylttXi783OTtdmTqWHZOh6N2R5kfXqOPHV3//stW+xvFfuqX152PBrB3XelZM0E2Oz41vJuZG1z+LONTTLP4k8mWcJCIORsShDdYx/ey3h1vtu3P8a+jAOlP1m4hn6ud/IVbEn0tark+Ovnhq7OTIzqhMHRvJr4rVfv1t8a1W9W8q/g5Iz//uptf/cvwDyc6I2ctXztfWa2fbr2Pxzy9a3tNs9PrvS96ppfuy1z4en5u7NBrRl7yx+vWxW+/N83n5NP6ho837//64dSQejYj0Ij4SEY9FxONZ25+IiCcj4uga8f/8ylMftB//GrPyHZTGP3mn8x+N57/9RPn8T9+3H38uPf8naqmh7JX1fP6tt4GbOXYAAADwf1Gq/QY+KQ0vp0ul4eH6b/gPxO5SZWZ27rmzMx9dnKz/Vn4gekv5TFd/w3zoaDY3nOfHVuSPZ/PGX5V31fLDEzOVyW4HDwW3p0X/T/1V7nbrgC3neS0oLv0fikv/h+LS/6G49H8ormb9/9MutAO4+3z/Q3Hp/1Bc+j8Ul/4PhdTy2fjSph75l9j2iSjdE83Y/omedf8xiw0mdjTd1e1PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM74LwAA//9wiOSH") creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) rename(&(0x7f0000000200)='./file0\x00', &(0x7f0000000f00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') creat(&(0x7f0000000e00)='./file0\x00', 0x0) [ 24.830150][ T18] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 24.837488][ T74] usb 2-1: new high-speed USB device number 2 using dummy_hcd executing program 3: fsmount(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0006, &(0x7f0000000140)={[{@jqfmt_vfsold}, {@resgid={'resgid', 0x3d, 0xee00}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xfe, 0x43e, &(0x7f00000004c0)="$eJzs3MtvG0UYAPBv7SR9k1DKo6WFQEFEPJImfdADFxBIHEBCgkMRp5CkVajboCZItIogcAhHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZu6iZ3GiVOX7O8nbTvjHWvm292xZ2e8CaCwBtN/koi9EfFHRPTXs7cXGKz/d3NpfuKfpfmJJKrVt/9OauVuLM1P5EXz9+2pZ6rVLL+jSb2L70WMVypTl7L8yNyFD0dmL195YfrC+Lmpc1MXx06fPnH8SN+psZMdiTON68ahT2YOH3z93atvTpy5+v4v36Xt3Zvtb4yjUwbrR7eppztdWZfta0gnPV1sCG0pR0R6unpr/b8/yrFreV9/vPZ5VxsHbKlqtVpt9v2cWagC21gS3W4B0B35F316/5tvd2nocU+4/nL9BiiN+2a21ff0RCkr07vi/raTBiPizMK/X6dbbNE8BABAox/S8c/zzcZ/pXioodx92RrKQETcHxH7I+KBiDgQEQ9G1Mo+HBGPtFn/yhWS1eOf0rUNBbZO6fjvpWxt6/bxXz76i4FylttXi783OTtdmTqWHZOh6N2R5kfXqOPHV3//stW+xvFfuqX152PBrB3XelZM0E2Oz41vJuZG1z+LONTTLP4k8mWcJCIORsShDdYx/ey3h1vtu3P8a+jAOlP1m4hn6ud/IVbEn0tark+Ovnhq7OTIzqhMHRvJr4rVfv1t8a1W9W8q/g5Iz//uptf/cvwDyc6I2ctXztfWa2fbr2Pxzy9a3tNs9PrvS96ppfuy1z4en5u7NBrRl7yx+vWxW+/N83n5NP6ho837//64dSQejYj0Ij4SEY9FxONZ25+IiCcj4uga8f/8ylMftB//GrPyHZTGP3mn8x+N57/9RPn8T9+3H38uPf8naqmh7JX1fP6tt4GbOXYAAADwf1Gq/QY+KQ0vp0ul4eH6b/gPxO5SZWZ27rmzMx9dnKz/Vn4gekv5TFd/w3zoaDY3nOfHVuSPZ/PGX5V31fLDEzOVyW4HDwW3p0X/T/1V7nbrgC3neS0oLv0fikv/h+LS/6G49H8ormb9/9MutAO4+3z/Q3Hp/1Bc+j8Ul/4PhdTy2fjSph75l9j2iSjdE83Y/omedf8xiw0mdjTd1e1PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM74LwAA//9wiOSH") creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) rename(&(0x7f0000000200)='./file0\x00', &(0x7f0000000f00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') creat(&(0x7f0000000e00)='./file0\x00', 0x0) [ 24.873092][ T435] EXT4-fs (loop3): Ignoring removed bh option [ 24.880733][ T435] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 24.892570][ T435] EXT4-fs (loop3): 1 truncate cleaned up [ 24.898075][ T435] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue [ 24.970162][ T371] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 25.002388][ T439] EXT4-fs (loop3): Ignoring removed bh option [ 25.008360][ T439] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem executing program 3: fsmount(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0006, &(0x7f0000000140)={[{@jqfmt_vfsold}, {@resgid={'resgid', 0x3d, 0xee00}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xfe, 0x43e, &(0x7f00000004c0)="$eJzs3MtvG0UYAPBv7SR9k1DKo6WFQEFEPJImfdADFxBIHEBCgkMRp5CkVajboCZItIogcAhHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZu6iZ3GiVOX7O8nbTvjHWvm292xZ2e8CaCwBtN/koi9EfFHRPTXs7cXGKz/d3NpfuKfpfmJJKrVt/9OauVuLM1P5EXz9+2pZ6rVLL+jSb2L70WMVypTl7L8yNyFD0dmL195YfrC+Lmpc1MXx06fPnH8SN+psZMdiTON68ahT2YOH3z93atvTpy5+v4v36Xt3Zvtb4yjUwbrR7eppztdWZfta0gnPV1sCG0pR0R6unpr/b8/yrFreV9/vPZ5VxsHbKlqtVpt9v2cWagC21gS3W4B0B35F316/5tvd2nocU+4/nL9BiiN+2a21ff0RCkr07vi/raTBiPizMK/X6dbbNE8BABAox/S8c/zzcZ/pXioodx92RrKQETcHxH7I+KBiDgQEQ9G1Mo+HBGPtFn/yhWS1eOf0rUNBbZO6fjvpWxt6/bxXz76i4FylttXi783OTtdmTqWHZOh6N2R5kfXqOPHV3//stW+xvFfuqX152PBrB3XelZM0E2Oz41vJuZG1z+LONTTLP4k8mWcJCIORsShDdYx/ey3h1vtu3P8a+jAOlP1m4hn6ud/IVbEn0tark+Ovnhq7OTIzqhMHRvJr4rVfv1t8a1W9W8q/g5Iz//uptf/cvwDyc6I2ctXztfWa2fbr2Pxzy9a3tNs9PrvS96ppfuy1z4en5u7NBrRl7yx+vWxW+/N83n5NP6ho837//64dSQejYj0Ij4SEY9FxONZ25+IiCcj4uga8f/8ylMftB//GrPyHZTGP3mn8x+N57/9RPn8T9+3H38uPf8naqmh7JX1fP6tt4GbOXYAAADwf1Gq/QY+KQ0vp0ul4eH6b/gPxO5SZWZ27rmzMx9dnKz/Vn4gekv5TFd/w3zoaDY3nOfHVuSPZ/PGX5V31fLDEzOVyW4HDwW3p0X/T/1V7nbrgC3neS0oLv0fikv/h+LS/6G49H8ormb9/9MutAO4+3z/Q3Hp/1Bc+j8Ul/4PhdTy2fjSph75l9j2iSjdE83Y/omedf8xiw0mdjTd1e1PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM74LwAA//9wiOSH") creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) rename(&(0x7f0000000200)='./file0\x00', &(0x7f0000000f00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') creat(&(0x7f0000000e00)='./file0\x00', 0x0) [ 25.017979][ T439] EXT4-fs (loop3): 1 truncate cleaned up [ 25.023509][ T439] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue [ 25.080259][ T18] usb 1-1: Using ep0 maxpacket: 32 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) pread64(r1, &(0x7f0000001600)=""/4081, 0x19, 0x12) [ 25.143612][ T443] EXT4-fs (loop3): Ignoring removed bh option [ 25.149575][ T443] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 25.158919][ T443] EXT4-fs (loop3): 1 truncate cleaned up [ 25.164901][ T443] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue [ 25.200289][ T74] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.211057][ T18] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.222350][ T18] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 25.230137][ T371] usb 5-1: Using ep0 maxpacket: 32 [ 25.232511][ T74] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x48, 0xa, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8}]}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x48}}, 0x0) executing program 2: sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001c40)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @dev}, 0x1c, 0x0}}], 0x1, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCPKT(r0, 0x40045431, &(0x7f0000000000)) executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000080)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000006c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="030500000000000000001500000008000300", @ANYRES32=r3, @ANYBLOB='\b\x00*'], 0x24}}, 0x0) [ 25.246733][ T18] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 25.255941][ T74] usb 2-1: New USB device found, idVendor=044e, idProduct=1215, bcdDevice= 0.00 [ 25.264817][ T18] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.272613][ T74] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.286010][ T74] usb 2-1: config 0 descriptor?? executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0) ioctl$EVIOCRMFF(r0, 0x4004550f, 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r3, &(0x7f0000001340)={0x2020}, 0x2020) write$binfmt_script(r4, &(0x7f0000020240), 0x10010) read$char_usb(r2, 0x0, 0x4) syz_usb_control_io(r1, 0x0, &(0x7f00000000c0)={0x84, &(0x7f0000001340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) statx(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) executing program 3: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000005e002200850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000980)='sys_enter\x00', r0}, 0x10) r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) lseek(r1, 0x0, 0x2) getdents(r1, 0x0, 0x0) [ 25.321234][ T18] hub 1-1:4.0: USB hub found executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mm_page_alloc\x00', r0}, 0x10) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RGETLOCK(r1, 0x0, 0x200002e6) fcntl$setpipe(r1, 0x407, 0x7000000) executing program 3: open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.freeze\x00', 0x26e1, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) write$uinput_user_dev(r1, &(0x7f0000000100)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x1]}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000600)=""/104, 0x68}], 0x1) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000"], 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, 0x0, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) [ 25.360337][ T371] usb 5-1: New USB device found, idVendor=046d, idProduct=08b7, bcdDevice=99.db [ 25.375468][ T371] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.394325][ T371] usb 5-1: config 0 descriptor?? [ 25.409493][ T463] input: syz0 as /devices/virtual/input/input4 [ 25.540221][ T18] hub 1-1:4.0: 2 ports detected [ 25.740313][ T104] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 25.776023][ T74] hid-generic 0003:044E:1215.0001: hidraw0: USB HID v0.00 Device [HID 044e:1215] on usb-dummy_hcd.1-1/input0 [ 25.820414][ T371] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 25.973930][ T74] usb 2-1: USB disconnect, device number 2 [ 25.980404][ T104] usb 4-1: Using ep0 maxpacket: 16 [ 26.101176][ T104] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 26.111089][ T104] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 26.119816][ T104] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 26.128780][ T104] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.137754][ T104] usb 4-1: config 0 descriptor?? [ 26.180298][ T371] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 26.188741][ T371] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 26.198658][ T371] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 26.207416][ T371] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.331564][ T371] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 26.340477][ T371] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 26.348211][ T371] usb 3-1: Product: syz [ 26.352244][ T371] usb 3-1: Manufacturer: syz [ 26.390027][ T387] usb 4-1: USB disconnect, device number 2 [ 26.396581][ T371] cdc_wdm 3-1:1.0: skipping garbage [ 26.401958][ T371] cdc_wdm 3-1:1.0: skipping garbage [ 26.409161][ T371] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device executing program 1: fsmount(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0006, &(0x7f0000000140)={[{@jqfmt_vfsold}, {@resgid={'resgid', 0x3d, 0xee00}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xfe, 0x43e, &(0x7f00000004c0)="$eJzs3MtvG0UYAPBv7SR9k1DKo6WFQEFEPJImfdADFxBIHEBCgkMRp5CkVajboCZItIogcAhHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZu6iZ3GiVOX7O8nbTvjHWvm292xZ2e8CaCwBtN/koi9EfFHRPTXs7cXGKz/d3NpfuKfpfmJJKrVt/9OauVuLM1P5EXz9+2pZ6rVLL+jSb2L70WMVypTl7L8yNyFD0dmL195YfrC+Lmpc1MXx06fPnH8SN+psZMdiTON68ahT2YOH3z93atvTpy5+v4v36Xt3Zvtb4yjUwbrR7eppztdWZfta0gnPV1sCG0pR0R6unpr/b8/yrFreV9/vPZ5VxsHbKlqtVpt9v2cWagC21gS3W4B0B35F316/5tvd2nocU+4/nL9BiiN+2a21ff0RCkr07vi/raTBiPizMK/X6dbbNE8BABAox/S8c/zzcZ/pXioodx92RrKQETcHxH7I+KBiDgQEQ9G1Mo+HBGPtFn/yhWS1eOf0rUNBbZO6fjvpWxt6/bxXz76i4FylttXi783OTtdmTqWHZOh6N2R5kfXqOPHV3//stW+xvFfuqX152PBrB3XelZM0E2Oz41vJuZG1z+LONTTLP4k8mWcJCIORsShDdYx/ey3h1vtu3P8a+jAOlP1m4hn6ud/IVbEn0tark+Ovnhq7OTIzqhMHRvJr4rVfv1t8a1W9W8q/g5Iz//uptf/cvwDyc6I2ctXztfWa2fbr2Pxzy9a3tNs9PrvS96ppfuy1z4en5u7NBrRl7yx+vWxW+/N83n5NP6ho837//64dSQejYj0Ij4SEY9FxONZ25+IiCcj4uga8f/8ylMftB//GrPyHZTGP3mn8x+N57/9RPn8T9+3H38uPf8naqmh7JX1fP6tt4GbOXYAAADwf1Gq/QY+KQ0vp0ul4eH6b/gPxO5SZWZ27rmzMx9dnKz/Vn4gekv5TFd/w3zoaDY3nOfHVuSPZ/PGX5V31fLDEzOVyW4HDwW3p0X/T/1V7nbrgC3neS0oLv0fikv/h+LS/6G49H8ormb9/9MutAO4+3z/Q3Hp/1Bc+j8Ul/4PhdTy2fjSph75l9j2iSjdE83Y/omedf8xiw0mdjTd1e1PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM74LwAA//9wiOSH") creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) rename(&(0x7f0000000200)='./file0\x00', &(0x7f0000000f00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') creat(&(0x7f0000000e00)='./file0\x00', 0x0) [ 26.531951][ T467] EXT4-fs (loop1): Ignoring removed bh option [ 26.537948][ T467] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 26.547483][ T467] EXT4-fs (loop1): 1 truncate cleaned up [ 26.553007][ T467] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue [ 26.571778][ T23] kauditd_printk_skb: 50 callbacks suppressed executing program 1: syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x1af8eda9c87dd076, 0x0, 0xff, 0x0, &(0x7f0000000000)) chdir(0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) rmdir(&(0x7f0000000100)='./file2\x00') chdir(&(0x7f00000001c0)='./file0\x00') chdir(&(0x7f0000000040)='./file1\x00') mkdir(&(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) [ 26.571794][ T23] audit: type=1400 audit(1715169659.220:126): avc: denied { create } for pid=466 comm="syz-executor.1" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x600, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010200000000000000850a600000000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r1], 0x4c}}, 0x0) executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x48, 0xa, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8}]}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x48}}, 0x0) [ 26.821139][ T476] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 26.828161][ T476] IPv6: NLM_F_CREATE should be set when creating new route [ 26.860186][ T18] hub 1-1:4.0: activate --> -90 executing program 3: dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x3, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00'}) capset(&(0x7f0000a31000)={0x20071026}, &(0x7f0000000080)) setpriority(0x1, 0x0, 0x0) [ 26.917695][ T482] capability: warning: `syz-executor.3' uses deprecated v2 capabilities in a way that may be insecure [ 27.110147][ T371] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 27.280910][ T387] usb 1-1: USB disconnect, device number 2 [ 27.350128][ T371] usb 2-1: Using ep0 maxpacket: 32 [ 27.470211][ T371] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.481052][ T371] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 27.490704][ T371] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 27.499523][ T371] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.542492][ T371] hub 2-1:4.0: USB hub found [ 27.695030][ T5] usb 5-1: USB disconnect, device number 2 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000140)={&(0x7f0000001300)={0x2, 0x3, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @broadcast}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x9}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @broadcast}}]}, 0x50}, 0x1, 0x7}, 0x0) executing program 4: sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001c40)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @dev}, 0x1c, 0x0}}], 0x1, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCPKT(r0, 0x40045431, &(0x7f0000000000)) executing program 3: sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001c40)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @dev}, 0x1c, 0x0}}], 0x1, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCPKT(r0, 0x40045431, &(0x7f0000000000)) [ 27.760189][ T371] hub 2-1:4.0: 2 ports detected executing program 3: modify_ldt$write(0x1, &(0x7f0000000000)={0x0, 0x100000, 0x0, 0x1}, 0x10) modify_ldt$write(0x1, &(0x7f0000001700), 0x10) executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_META_SREG={0x8}, @NFTA_META_KEY={0x8}, @NFTA_META_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}}, 0x0) executing program 3: r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000400)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002a20640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000c40)='sys_enter\x00', r1}, 0x10) dup(0xffffffffffffffff) executing program 4: fsmount(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0006, &(0x7f0000000140)={[{@jqfmt_vfsold}, {@resgid={'resgid', 0x3d, 0xee00}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xfe, 0x43e, &(0x7f00000004c0)="$eJzs3MtvG0UYAPBv7SR9k1DKo6WFQEFEPJImfdADFxBIHEBCgkMRp5CkVajboCZItIogcAhHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZu6iZ3GiVOX7O8nbTvjHWvm292xZ2e8CaCwBtN/koi9EfFHRPTXs7cXGKz/d3NpfuKfpfmJJKrVt/9OauVuLM1P5EXz9+2pZ6rVLL+jSb2L70WMVypTl7L8yNyFD0dmL195YfrC+Lmpc1MXx06fPnH8SN+psZMdiTON68ahT2YOH3z93atvTpy5+v4v36Xt3Zvtb4yjUwbrR7eppztdWZfta0gnPV1sCG0pR0R6unpr/b8/yrFreV9/vPZ5VxsHbKlqtVpt9v2cWagC21gS3W4B0B35F316/5tvd2nocU+4/nL9BiiN+2a21ff0RCkr07vi/raTBiPizMK/X6dbbNE8BABAox/S8c/zzcZ/pXioodx92RrKQETcHxH7I+KBiDgQEQ9G1Mo+HBGPtFn/yhWS1eOf0rUNBbZO6fjvpWxt6/bxXz76i4FylttXi783OTtdmTqWHZOh6N2R5kfXqOPHV3//stW+xvFfuqX152PBrB3XelZM0E2Oz41vJuZG1z+LONTTLP4k8mWcJCIORsShDdYx/ey3h1vtu3P8a+jAOlP1m4hn6ud/IVbEn0tark+Ovnhq7OTIzqhMHRvJr4rVfv1t8a1W9W8q/g5Iz//uptf/cvwDyc6I2ctXztfWa2fbr2Pxzy9a3tNs9PrvS96ppfuy1z4en5u7NBrRl7yx+vWxW+/N83n5NP6ho837//64dSQejYj0Ij4SEY9FxONZ25+IiCcj4uga8f/8ylMftB//GrPyHZTGP3mn8x+N57/9RPn8T9+3H38uPf8naqmh7JX1fP6tt4GbOXYAAADwf1Gq/QY+KQ0vp0ul4eH6b/gPxO5SZWZ27rmzMx9dnKz/Vn4gekv5TFd/w3zoaDY3nOfHVuSPZ/PGX5V31fLDEzOVyW4HDwW3p0X/T/1V7nbrgC3neS0oLv0fikv/h+LS/6G49H8ormb9/9MutAO4+3z/Q3Hp/1Bc+j8Ul/4PhdTy2fjSph75l9j2iSjdE83Y/omedf8xiw0mdjTd1e1PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM74LwAA//9wiOSH") creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) rename(&(0x7f0000000200)='./file0\x00', &(0x7f0000000f00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') creat(&(0x7f0000000e00)='./file0\x00', 0x0) executing program 0: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000300)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000020086000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) executing program 3: bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_int(r0, &(0x7f0000000000), 0xffffff6a) ioctl$FIBMAP(r0, 0x40086602, &(0x7f0000000080)) [ 27.798142][ T23] audit: type=1400 audit(1715169660.440:127): avc: denied { create } for pid=489 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 27.824990][ T23] audit: type=1400 audit(1715169660.470:128): avc: denied { write } for pid=489 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 executing program 0: open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.freeze\x00', 0x26e1, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) write$uinput_user_dev(r1, &(0x7f0000000100)={'syz0\x00', {}, 0x0, [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x1]}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000600)=""/104, 0x68}], 0x1) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000"], 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, 0x0, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) [ 27.902838][ T506] input: syz0 as /devices/virtual/input/input5 [ 27.941268][ T504] EXT4-fs (loop4): Ignoring removed bh option [ 27.947814][ T504] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x48, 0xa, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8}]}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x48}}, 0x0) [ 27.973449][ T504] EXT4-fs (loop4): 1 truncate cleaned up [ 27.979038][ T504] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue [ 28.020167][ T371] hub 2-1:4.0: hub_hub_status failed (err = -71) [ 28.027720][ T371] hub 2-1:4.0: config failed, can't get hub status (err -71) executing program 4: syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x1af8eda9c87dd076, 0x0, 0xff, 0x0, &(0x7f0000000000)) chdir(0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) rmdir(&(0x7f0000000100)='./file2\x00') chdir(&(0x7f00000001c0)='./file0\x00') chdir(&(0x7f0000000040)='./file1\x00') mkdir(&(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) [ 28.080404][ T371] usb 2-1: USB disconnect, device number 3 executing program 4: syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000000)='./file1\x00', 0x200040, &(0x7f0000000600)=ANY=[@ANYBLOB='nodots,nodots,check=relaxed,dots,nodots,allow_utime=00000000000000000000006,time_offset=0xfffffffffffffa93,nodots,showexec,dots,dots,gid=', @ANYRESHEX=0xee00, @ANYBLOB="2c646f74732c6e6f646f74732c6e66732c6e6f646f74732c6e6f646f74732c6e6f646f74732c646f74732c7379735f696d6d757461626c652c6e6f646f74732c646f74732c646f74732c646f74732c646f74732c74696d655f6f66667365743d3078303030303030303030303030303437612c646f6e745f686173682c736d61636b66736465663d3a370bcb886e6f1bf42c6673757569643d3164303361650a382d356530622d623066342d30303064665b2c0000000000000000"], 0x1, 0x1c2, &(0x7f0000000200)="$eJzs3bFqU1EYB/D/jbWJgthNEIcLLk5BfYKKVBADopJBJ4XWpREhWaKL9S18QB9AOnWRiL2xsSXVGsm9Nv5+Sz7yP8l3vuVkyrkvb7zZ3X47ev352qd0OkVam9nMQZGNtPLDXgCAVXIwmeTLpNL0XgCAepzh9/9rzVsCAJbs2fMXj+71eltPy7KT7O+N++N+9VrlDx72tm6XhzZmn9ofj/sXjvI7VV4ezy/m8jS/Ozdfz62bh/nH79n9x70TeTvbyx8fAAAAAAAAAAAAAAAAAAAAAAAa0S2PzL3fp9s9La+qn+4HOnF/z1qur9U2BgAAAAAAAAAAAAAAAAAAAJxro3fvd18NBjvDWdFOcvydxYrJ1VNbzCvKJH/f9E+LVurrdd6K4t/YxgJFWUuvJ1d+tyaLffN6kl+vuZRkyQPOzoh2Y6cTAAAAAAAAAAAAAAAAAAD8X6b/9S2Go6Z3AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNqZ7/P9gZLlJ8SHKGxdNWRcOjAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsMK+BQAA//8lqitL") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000300)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000140)='./file0/../file0\x00', 0x0, 0x297880, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00') socket$inet_tcp(0x2, 0x1, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000940)='tmpfs\x00', 0x2000100, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141b42, 0x0) sendfile(r1, r0, 0x0, 0x100800001) executing program 3: bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800f1ff0007200000", @ANYRESDEC, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x6, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040), &(0x7f00000004c0), 0xce, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) [ 28.185565][ T508] syz-executor.3 (508) used greatest stack depth: 20984 bytes left [ 28.230148][ T18] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 28.261993][ T516] ====================================================== [ 28.261993][ T516] WARNING: the mand mount option is being deprecated and executing program 3: sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001c40)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @dev}, 0x1c, 0x0}}], 0x1, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCPKT(r0, 0x40045431, &(0x7f0000000000)) executing program 4: sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001c40)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @dev}, 0x1c, 0x0}}], 0x1, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCPKT(r0, 0x40045431, &(0x7f0000000000)) [ 28.261993][ T516] will be removed in v5.15! [ 28.261993][ T516] ====================================================== [ 28.302949][ T23] audit: type=1400 audit(1715169660.950:129): avc: denied { mount } for pid=515 comm="syz-executor.4" name="/" dev="loop4" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 executing program 3: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000200), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}}) connect$unix(r1, &(0x7f0000000100)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) [ 28.331002][ T23] audit: type=1400 audit(1715169660.950:130): avc: denied { mounton } for pid=515 comm="syz-executor.4" path="/root/syzkaller-testdir4018854937/syzkaller.h1mw1i/6/file1/file0" dev="loop4" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 28.344037][ T371] usb 3-1: USB disconnect, device number 2 executing program 2: syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000480)='./bus\x00', 0x1e, &(0x7f00000001c0), 0x2, 0x431, &(0x7f0000000d80)="$eJzs3L9vG1UcAPDv2UlLf5FQyo+mhQYKIgKRNGmBDgwtAokBJCQYyhiStAp1G9QEiVYRBIYyokrsiBGJv4AJFgRMSKywo0oVytLCZHT2XeI4tokTp07x5yNd/d7ds977+u7Z793rJYCeNZz+k0Tsj4jfI2Kgml1bYLj6cmd5cerv5cWpJMrlt/9KKuVuLy9O5UXz9+3LM0vV/JEG9c5fvXZxslSauZLlxxYufTA2f/Xa87OXJi/MXJi5PHH69KmT4y+9OPFCR+JM23R76OO5o4dff/fGm1Pnbrz387dJHn9dHB0y3Org0x2urNsO1KSTvi42hLYUIyI9Xf2V/j8QxVg9eQPx2mddbRywrcrlcnl388NLZeB/LIlutwDojvyHPp3/5ttdGnrsCLfOVidAadx3sq16pC8KWZn+uvltJ6WzrXNL/3yVbrE99yEAANb4/mz1df34rxAP15Q7k60NDUbEAxFxMCIejIhDEfFQRKXsIxHxaJv11y+SrB//FG62H9XGpeO/l7O1rbXjv3z0F4PFLHegEn9/cn62NHMiIu6PiJHo353mx1vU8cOrv33R7Nhwzfgv3dL687Fg1o6bfXU36KYnFya3EnOtW59GDPU1ij9ZWQlIIuJwRAwd21wds89+c7TZsf+Ov4UOrDOVv454pnr+l6Iu/lzSen1y7L4ozZwYy6+K9X759fpbzerfUvwdkJ7/vQ2v/5X4B5Pa9dr59uu4/sfnTec0m73+dyXvVNK7sn0fTS4sXBmP2JW8ke0/s7p/YvW9eT4vn8Y/crxx/z8Yq5/EkYhIL+LHIuLxiDiWtf2JiHgyIo63iP+nV556f/Pxb680/um2zn/7ieLFH79bU+lgO/Gn5/9UJTWS7dnI999GG7jVzw8AAADuBYWI2B9JYXQlXSiMjlb/v/yh2Fsozc0vPHd+7sPL09VnBAajv5Df6RqouR86nk3r8/xEXf5kdt/4y+KeSn50aq403e3gocfta9L/U38Wu906YNt5Xgt6l/4PvUv/h96l/0PvatD/99TlW/yNAOBe1uj3/5MutAO4+4z/oXfp/9C79H/oXfo/9KStPNffs4lyeUc0o7uJKOyIZkhsU6Lb30wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACd8W8AAAD//wW859o=") open(&(0x7f00000002c0)='./bus\x00', 0x14d27e, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f0000000440)={[{@nombcache}, {@grpid}, {@init_itable_val={'init_itable', 0x3d, 0x5}}, {@dax}, {@nombcache}]}, 0x8, 0x5fa, &(0x7f00000004c0)="$eJzs3c1vVFUbAPDn3k4/aN/XFmJUXEgTYyBRWlrAEGMi7AnBj52rSgtBCiW0RosklgQ3JsaNCxNXLsT/QkncunDrwo0rQ0KMYSGGyJg7vVOn05nSTjsfzPx+yaXn3Mvc89zC03Pn9Jw7AfSs8eyPNGJ/RFxNIkYrjhUiPzi++vfu/3njXLYlUSy+/UcSNz5JVirPleRfR/IX/zMayc9pxL6+je0uLl+/NDM/P3ctr08uXb46ubh8/fDFyzMX5i7MXZl+dfrE8WPHT0wd2dH1FSrKp2+9/+HoZ2fe/fbrh8nUd7+eSeJkPMpjy66r+rWDO2o5+56NR3HVg+qYTuzw3J3ir9H13+NMUr2DjnU+///YHxHPxmj0Vfxrjsanb7Y1OKCpikmU+yig5yQN5f/Q7gcCtFj5PqD83r7W++CN0ibflQCtcO/U6gDAau73R0Q5/wurY4MxVBobGL6frBvnSSJiZyNzq7I2fvrxzK1sizrjcEBzrNwsj3JX9/9JKTfHYqhUG76frsv/tGLL9r/VYPvjVXX5D62zcjMinsv7/4HYVv6PV+T/ew22L/8BAAAAAABg99w5FRGv1Jr/l67N/xmoMf9nJCJO7kL7j//9X3o3LyS70BxQ4d6piNdrzv9dm+M71pfX/l+aD9CfnL84P3ckIp6KiEPRP5jVp6rOWzlD+PDn+76q137l/L9sy9ovzwXMz3S3ULUQd3ZmaWan1w1E3LsZ8Xxp/u+BfM/6+T9Z/5/U6P+z/L66xTb2vXT7bL1jj89/oFmK30QcrNn//3e7nWz+fI7J0v3AZPmuYKMXPv7i+3rty39on6z/H948/weTyuf1LG7v/AMRcXS5UKx3vNH7/4Hknb7y+TMfzSwtXZuKGEhOb9w/vb2YoVuV86GcL1n+H3px8/G/tfv/ijzcExErW2zzmUcjv9U7pv+H9snyf3bz/n9sff+//cL07bEf6rV/dkv9/7FSn34o32P8DyptfB7HVhO0LeECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBMujYj/RZJOrJXTdGIiYiQino7hdH5hcenl8wsfXJnNjpU+/z8tf9Lv6Go9KX/+/1hFfbqqfjQi9kbEl317SvWJcwvzs+2+eAAAAAAAAAAAAAAAAAAAAOgQI6U1/8XB6vX/md/72h0d0HSF/Kt8h95TaPiVxcFdDQRoucbzH3jSbT3/+5saB9B69fP/wcNiSUvDAVrI/T/0rgbz368LoAvo/6FXbXFMb6jZcQDtoP8HAAAAAICusvfAnV+SiFh5bU9pywzkx0z2h+6WtjsAoG3M4YXeVVhodwRAu3iPDyRrpb9rLvavP/s/aU5AAAAAAAAAAAAAAMAGB/db/w+9avP1/+b2QzfbZP1/reT3uADoIvU/+kPfD93Oe3zgcb299f8AAAAAAAAAAAAA0AGGrl+amZ+fu7a4/OQV3uiMMLZXWJnpiDB2tfCoOWfuj4jOuMBWF8qP4GhjGG3+uQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKz5NwAA//+Ysid/") bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0}, 0x90) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0xc0185879, &(0x7f0000000080)={@desc={0x4100, 0x0, @desc1}}) [ 28.358470][ T23] audit: type=1400 audit(1715169660.950:131): avc: denied { mount } for pid=515 comm="syz-executor.4" name="/" dev="tmpfs" ino=12648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 28.401580][ T23] audit: type=1400 audit(1715169660.970:132): avc: denied { unmount } for pid=368 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 28.407481][ T525] EXT4-fs: Warning: mounting with data=journal disables delayed allocation and O_DIRECT support! [ 28.424839][ T23] audit: type=1400 audit(1715169660.970:133): avc: denied { unmount } for pid=368 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 28.438627][ T525] EXT4-fs error (device loop2): mb_free_blocks:1458: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 28.458706][ T23] audit: type=1400 audit(1715169661.050:134): avc: denied { mounton } for pid=523 comm="syz-executor.3" path=2F726F6F742F73797A6B616C6C65722D746573746469723130383133373638342F73797A6B616C6C65722E447657624E6C2F32362FE91F7189591E9233614B dev="sda1" ino=1962 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=sock_file permissive=1 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000140)={&(0x7f0000001300)={0x2, 0x3, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @broadcast}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x9}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @broadcast}}]}, 0x50}, 0x1, 0x7}, 0x0) [ 28.465599][ T525] EXT4-fs error (device loop2): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 220 vs 221 free clusters [ 28.514090][ T525] EXT4-fs (loop2): 1 truncate cleaned up [ 28.519837][ T525] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 28.540125][ T18] usb 1-1: Using ep0 maxpacket: 16 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000700)={0x48, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x2a, 0x33, @reassoc_resp={{{0x0, 0x0, 0x3, 0x0, 0x0, 0x1}, {}, @device_b}, 0x0, 0x15, @random, @void, @void, [{0xdd, 0x6, "102072340d5c"}]}}]}, 0x48}}, 0x0) executing program 1: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x0, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x60}}, 0x0) executing program 4: open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.freeze\x00', 0x26e1, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) write$uinput_user_dev(r2, &(0x7f0000000100)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x1]}, 0x45c) ioctl$UI_DEV_CREATE(r2, 0x5501) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000600)=""/104, 0x68}], 0x1) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000540)='task_rename\x00', r4}, 0x11) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r5}, &(0x7f0000000080), &(0x7f0000000240)=r4}, 0x20) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="180400000a4a30318ab5f14b132575ab605e35"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r6}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1, 0xc, &(0x7f0000000740)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d0000009500000000000000edbe4f21bee879ee399b0fb217b6d667c1cb235f0d08e6a6e89d1ca5c76fe93852fad104b78cca0d79f295f2ac2486498a4f95c58f227b52b2d11e30032919d4142fc27f6b03300d795301b45c768bf1af8eefd102496f086e91c295"], &(0x7f0000000200)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0}, 0x90) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) [ 28.551123][ T368] syz-executor.4 (368) used greatest stack depth: 20760 bytes left [ 28.574395][ T23] audit: type=1400 audit(1715169661.220:135): avc: denied { read } for pid=524 comm="syz-executor.2" path="/root/syzkaller-testdir4183223503/syzkaller.1wqwdU/8/bus/bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 28.634621][ T525] ------------[ cut here ]------------ [ 28.639983][ T525] kernel BUG at fs/ext4/ext4.h:2984! [ 28.645470][ T525] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 28.651355][ T525] CPU: 0 PID: 525 Comm: syz-executor.2 Not tainted 5.4.268-syzkaller-00012-g51cf29fc2bfc #0 [ 28.664723][ T525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 28.674720][ T525] RIP: 0010:ext4_trim_fs+0x1e69/0x1e80 [ 28.679978][ T525] Code: 80 e1 07 80 c1 03 38 c1 0f 8c 40 e7 ff ff 48 8d bc 24 f0 01 00 00 e8 66 c3 c8 ff e9 2e e7 ff ff e8 8c 98 6f ff e8 57 e0 98 ff <0f> 0b e8 50 e0 98 ff 0f 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f [ 28.680231][ T18] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 28.699589][ T525] RSP: 0018:ffff8881e8f8f500 EFLAGS: 00010283 [ 28.699599][ T525] RAX: ffffffff81cb66c9 RBX: 0000000000000001 RCX: 0000000000040000 [ 28.699606][ T525] RDX: ffffc90000f45000 RSI: 00000000000002e5 RDI: 00000000000002e6 [ 28.699613][ T525] RBP: ffff8881e8f8f770 R08: ffffffff81cb5044 R09: 0000000000000003 [ 28.699619][ T525] R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000004 [ 28.699626][ T525] R13: dffffc0000000000 R14: ffff8881e8c47000 R15: 0000000000000001 [ 28.699635][ T525] FS: 00007fb6e41bc6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 28.699648][ T525] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.734645][ T18] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 28.738902][ T525] CR2: 0000001b32026000 CR3: 00000001d2b35000 CR4: 00000000003406b0 [ 28.738912][ T525] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 28.738924][ T525] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 28.757038][ T18] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 28.763286][ T525] Call Trace: [ 28.763303][ T525] ? __die+0xb4/0x100 [ 28.763313][ T525] ? die+0x26/0x50 [ 28.763323][ T525] ? do_trap+0x1e7/0x340 [ 28.763334][ T525] ? ext4_trim_fs+0x1e69/0x1e80 [ 28.763349][ T525] ? ext4_trim_fs+0x1e69/0x1e80 [ 28.784330][ T18] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.786299][ T525] ? do_invalid_op+0xfb/0x110 [ 28.786318][ T525] ? ext4_trim_fs+0x1e69/0x1e80 [ 28.824598][ T535] hub 6-0:1.0: USB hub found [ 28.825646][ T525] ? invalid_op+0x1e/0x30 [ 28.825703][ T525] ? ext4_trim_fs+0x7e4/0x1e80 [ 28.838971][ T535] hub 6-0:1.0: 1 port detected [ 28.843016][ T525] ? ext4_trim_fs+0x1e69/0x1e80 [ 28.843029][ T525] ? ext4_trim_fs+0x1e69/0x1e80 [ 28.843050][ T525] ? ext4_group_add_blocks+0xde0/0xde0 [ 28.843064][ T525] ? cap_capable+0x1b1/0x250 [ 28.843078][ T525] ext4_ioctl+0x2168/0x3ff0 [ 28.843089][ T525] ? preempt_schedule+0xd9/0xe0 [ 28.843101][ T525] ? preempt_schedule+0xd9/0xe0 [ 28.843111][ T525] ? schedule_preempt_disabled+0x20/0x20 [ 28.843121][ T525] ? asan.module_dtor+0x20/0x20 [ 28.843133][ T525] ? ___preempt_schedule+0x16/0x20 [ 28.843144][ T525] ? try_to_wake_up+0x9d3/0x14f0 [ 28.843161][ T525] ? cpus_share_cache+0x110/0x110 [ 28.851878][ T18] usb 1-1: config 0 descriptor?? [ 28.852316][ T525] ? plist_check_list+0x20d/0x220 [ 28.852329][ T525] ? plist_del+0x3bf/0x3e0 [ 28.879644][ T538] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.884777][ T525] ? _raw_spin_trylock_bh+0x190/0x190 [ 28.884792][ T525] ? avc_has_extended_perms+0xb03/0x1120 [ 28.884805][ T525] ? avc_flush+0x1f0/0x1f0 [ 28.884819][ T525] ? do_futex+0x13fe/0x19f0 [ 28.884834][ T525] ? asan.module_dtor+0x20/0x20 [ 28.884851][ T525] do_vfs_ioctl+0x742/0x1720 [ 28.889322][ T538] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.893546][ T525] ? ioctl_preallocate+0x250/0x250 [ 28.893561][ T525] ? __fget+0x407/0x490 [ 28.893574][ T525] ? fget_many+0x20/0x20 [ 28.893586][ T525] ? switch_fpu_return+0x1d4/0x410 [ 28.893597][ T525] ? security_file_ioctl+0x7d/0xa0 [ 28.893608][ T525] __x64_sys_ioctl+0xd4/0x110 [ 28.893619][ T525] do_syscall_64+0xca/0x1c0 [ 28.893632][ T525] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 28.893638][ T525] Modules linked in: [ 28.895063][ T525] ---[ end trace 3f5b70a813886cce ]--- [ 28.905335][ T538] device bridge_slave_0 entered promiscuous mode [ 28.908859][ T525] RIP: 0010:ext4_trim_fs+0x1e69/0x1e80 [ 29.042739][ T525] Code: 80 e1 07 80 c1 03 38 c1 0f 8c 40 e7 ff ff 48 8d bc 24 f0 01 00 00 e8 66 c3 c8 ff e9 2e e7 ff ff e8 8c 98 6f ff e8 57 e0 98 ff <0f> 0b e8 50 e0 98 ff 0f 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f [ 29.062546][ T525] RSP: 0018:ffff8881e8f8f500 EFLAGS: 00010283 [ 29.068472][ T525] RAX: ffffffff81cb66c9 RBX: 0000000000000001 RCX: 0000000000040000 [ 29.076302][ T525] RDX: ffffc90000f45000 RSI: 00000000000002e5 RDI: 00000000000002e6 [ 29.084104][ T525] RBP: ffff8881e8f8f770 R08: ffffffff81cb5044 R09: 0000000000000003 [ 29.084388][ T538] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.091961][ T525] R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000004 [ 29.091975][ T525] R13: dffffc0000000000 R14: ffff8881e8c47000 R15: 0000000000000001 [ 29.114496][ T538] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.120133][ T525] FS: 00007fb6e41bc6c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 29.122181][ T538] device bridge_slave_1 entered promiscuous mode [ 29.137582][ T525] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.144104][ T525] CR2: 0000001b31f26000 CR3: 00000001d2b35000 CR4: 00000000003406a0 [ 29.151977][ T525] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 29.159734][ T525] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 29.168610][ T525] Kernel panic - not syncing: Fatal exception [ 29.170389][ T18] usb 1-1: USB disconnect, device number 3 [ 29.174908][ T525] Kernel Offset: disabled [ 29.184676][ T525] Rebooting in 86400 seconds..