last executing test programs: 3.565437078s ago: executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x454e, 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000000)=0x56, 0x4) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 3.223489971s ago: executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000140)={0x9, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="0209000002"], 0x10}}, 0x0) 3.187835056s ago: executing program 0: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open(&(0x7f0000000000)='.\x00', 0x701100, 0x0) finit_module(r0, 0x0, 0x0) 3.097547031s ago: executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000040), 0x10) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[], 0x448}}, 0x0) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYRES8=r0], 0x80}}, 0x0) sendmmsg$inet(r0, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09fbf3eee2bf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0) 3.078871193s ago: executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kmem_cache_free\x00', r0}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}}) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="a8"], 0xa8) write$FUSE_BMAP(r3, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r3, &(0x7f0000000580)={0x10}, 0x10) write$FUSE_BMAP(r3, &(0x7f0000000340)={0x18}, 0x18) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) openat(r4, &(0x7f0000000280)='./file0\x00', 0x0, 0x0) 3.065776895s ago: executing program 0: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000f80)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0x40, 0x13, 0x6, @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000001740)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)={0x40, 0x19, 0x2, "b3f0"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="0000a6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 2.229980465s ago: executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000001480)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac85800000000000000024e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0fe8a7d06d7535f7866907dc6751dfb292f7d3acec77f5efad9c11650300000000000000649c1cfd138d5521f9451759c3421eed73d5661cfeecf9c66cf6dd6dcd54c3b3ff02000000d7c983c044c03bf3cc2367a48dfe3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff050011bbecc2f4a37c9af2551ce935b0f327cb3f011a7d069111d5a34ed09baafa9e87110bd5602e2fd5234712596b696418f163d1a13ed38ae89d24e1cebfba2fc7925b5209c059facbb031e7743f541cd0aed4af7588c8e1b44ccb19e810879b70a70000000000000000000000d7900a820b63278f4e9a217b98000000002a928956e43a1ed25268816b00000000000009d27d753a30a1420cfd9e0684d8271ff6606b2a44bc47b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d62ad0a97aec773713a66b207000000000000001d24291c25449f106a99893ed20fa7a050fbbef90327e827e513e96068fd1e8a43e89f9c0500220e0cc463d5365470fa503c1fac35b903e10c62bebc943c17ff1432d0881406bc176e3e69ee52b59d13182e1f24ed200ada12f7a1525320e71666f472a97214d0b2874df30ed5eb1affb87ba55b2d72078e9f40e4ffff06aabca77e64c988dd413230d6037f7681314df1c2a0f4249c7be5329ac624fb2997df9e6867053a4b239d17ba83b498812a8f57b9b52ebc8b327a967e41f61fe4382601bff5f5dbcd3d50a065bcc67943ba05f3a5366ca6d291f931d9cde41bdabdae4717317621abaa7179e2d44f8ebca654f9e4571963a3f198769e309fc99f6320f47140bb9a5e359804c2653d19462139d5c505dc6e4f178c9a098b51333cccfe0d2eb41dd079de3cfa60365787ca4b8eb920a06969c5da49fc87d37f18205f4b5c0f44d16a2d9f2bc894dfd78e819e54e79eb5ceb91451149e099e47b94fd53ed2dd33d43d8c681e027175e8d281ba4ac708543bc3f9e8e35532b7b90eee5df24d5ec9cd4e33a79f5b123cf15edeb8b0ee7cafbfebb907ccee427f3616d6fd9015432977a55aa000000000000000000000000000d9705eccb717c5a731c9f66691686fce32f13b64d3945b860bb6939637b1728041642858af49e5072484cdca7c61227561e7eb74cd1270a8ccac9ce03eb54964799c1f6685aa0f1862529b4e583411e82ad0747c4f37724c23d531577f277965b2ee4f68b9596f5fc239ccacf49355fa596f169dbe7c31955aca21ad2d840f1509a1dbb653b3877936bf6a71a250e8f7c9f19102e1544227ac1c752eaddc8812823bd2d3f3cc1999764bf6772b22f1710d98fce0b4cacd2339e2b5819f731ebe101446a2dce0f0d299c24187941642a26112739c7cecfb052a5d3fb1d2de2dad5737793bb899a63b783e849f823fa1b7e09da4283a3412860cf36fc741f057b9af5016f5"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffff74}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x9, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x17, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}]}, 0x38}}, 0x0) 2.217411697s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000200)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='ext4_allocate_inode\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) 2.190904122s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) close(r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x1e, &(0x7f0000000080)=0x400000001, 0x4) setsockopt$inet6_tcp_int(r3, 0x6, 0x22, &(0x7f0000356000)=0x1, 0x4) connect$inet6(r3, &(0x7f0000000340)={0xa, 0x0, 0x0, @empty}, 0x1c) sendto$inet6(r2, 0x0, 0xfffffffffffffd52, 0x0, 0x0, 0x0) 1.578728466s ago: executing program 1: bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = openat$incfs(r0, &(0x7f0000000080)='.pending_reads\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0x80106725, 0x20000000) 1.541202622s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000200)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='ext4_allocate_inode\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) 1.526753264s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r1}, 0x10) quotactl_fd$Q_SYNC(0xffffffffffffffff, 0x0, 0x0, 0x0) 1.512245096s ago: executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) rename(0x0, &(0x7f00000003c0)='./file0\x00') ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000500)={'erspan0\x00', &(0x7f00000000c0)={'tunl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x1, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @remote, {[@cipso={0x86, 0x10, 0x2, [{0x2, 0xa, "1c3a1b1f1b4bd958"}]}]}}}}}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f40)=ANY=[@ANYBLOB="4000000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a00bca7", @ANYBLOB], 0x40}}, 0x0) 1.238975999s ago: executing program 4: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) open(&(0x7f0000000040)='./file0\x00', 0x903840, 0x0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) link(&(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='./bus\x00') unlink(&(0x7f0000000180)='./bus\x00') 1.174321959s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802) write$evdev(r2, &(0x7f0000000000), 0x100000008) ioctl$F2FS_IOC_GARBAGE_COLLECT(r2, 0x80004506, 0x0) 1.141265444s ago: executing program 3: bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x0) r1 = openat$incfs(r0, &(0x7f0000000080)='.pending_reads\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0x80106725, 0x20000000) 1.088803312s ago: executing program 3: fchmodat(0xffffffffffffffff, 0x0, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000005304"], 0x14}}, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f00000001c0)={@private0}, &(0x7f0000000200)=0x14) r5 = socket$inet6(0xa, 0x2, 0x0) r6 = socket$key(0xf, 0x3, 0x2) r7 = dup3(r6, r5, 0x0) sendmsg$key(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000680)=ANY=[@ANYBLOB="0213000005000000000000000000000003000058"], 0x28}}, 0x0) syz_btf_id_by_name$bpf_lsm(0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 287.595796ms ago: executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) syz_emit_ethernet(0x20010c2f, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x4d8, 0x340, 0x11, 0x148, 0x340, 0x0, 0x440, 0x2a8, 0x2a8, 0x440, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x0, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 275.723158ms ago: executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000340)=ANY=[], 0x9) write$cgroup_subtree(r2, 0x0, 0xda00) 264.66665ms ago: executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000077c0)={0x2020, 0x0, 0x0}, 0x2020) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x440010}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000080)='mm_page_alloc\x00', r4}, 0x10) ioctl(r3, 0x0, 0x0) 248.618952ms ago: executing program 2: sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f0000000180)=ANY=[@ANYBLOB="020d0000100000002f3144e900000000030006000720000002004000e0000001000000f5000000000800120002000100000000000000000030006c000201009f6eae02000000adb20200000000152c000000000000000008000014bb7acde1b8e96408d700000000030005000020000002"], 0x80}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f00000000c0), 0x2c8, 0x0) 237.162094ms ago: executing program 2: r0 = socket(0x10, 0x80003, 0x0) write(r0, &(0x7f00000005c0)="120000001a003517fc85bc00fef6000d0a0d", 0x12) recvmmsg(r0, &(0x7f00000015c0)=[{{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000440)=""/70, 0x46}, {&(0x7f0000000600)=""/196, 0xc4}, {&(0x7f0000000700)=""/176, 0xb0}, {&(0x7f00000016c0)=""/4096, 0x1000}, {&(0x7f00000007c0)=""/140, 0x8c}, {&(0x7f0000000880)=""/127, 0x7f}, {&(0x7f0000000900)=""/59, 0x3b}], 0x7}}], 0x1, 0x0, 0x0) 224.104656ms ago: executing program 2: mkdir(&(0x7f0000000240)='./bus\x00', 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f0000000400)={'fscrypt:', @desc1}, &(0x7f0000000480)={0x0, "28d7b07d54731881fe02c1203fe49696b9f26f2da4149683f065714f8a61d1f32c99064bbd27b2aa77459cff33a3a98350f1af9d51ed5bef3d63520d260804d0"}, 0x96, 0xfffffffffffffffd) keyctl$setperm(0x5, r1, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000100)=@v1={0x0, @aes256, 0x0, @desc1}) chdir(&(0x7f0000000300)='./bus\x00') r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0) 201.795709ms ago: executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) 185.616462ms ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x2, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000100000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000700)='mm_lru_insertion\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0x2000) 182.497013ms ago: executing program 3: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) open(&(0x7f0000000040)='./file0\x00', 0x903840, 0x0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) link(&(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='./bus\x00') unlink(&(0x7f0000000180)='./bus\x00') 161.243566ms ago: executing program 3: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 119.768232ms ago: executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x0) fallocate(r0, 0x0, 0x0, 0x8006) r1 = open(&(0x7f0000007f80)='./bus\x00', 0x145142, 0x0) ftruncate(r1, 0x2007ffb) r2 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, &(0x7f0000000400)={'ip_vti0\x00', &(0x7f0000000340)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x4, {{0x21, 0x4, 0x0, 0x0, 0x84, 0x68, 0x0, 0x1, 0x4, 0x0, @private, @loopback, {[@ra={0x94, 0x4}, @ra={0x94, 0x4, 0x1}, @cipso={0x86, 0x3d, 0x0, [{0x0, 0xc, "0c24d7dafcf4bf4a3d40"}, {0x7, 0x11, "62526ee23563c98cb0c7c559cce136"}, {0x7, 0xe, "5f35a11b6b03f9f9d131e3fb"}, {0x0, 0xc, "88cb1d39d95076d7987d"}]}, @ssrr={0x89, 0x2b, 0x64, [@multicast2, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}, @local, @private=0xa010100, @multicast2, @rand_addr=0x64010101, @local, @multicast1, @local]}]}}}}}) getsockopt$inet6_mreq(r1, 0x29, 0x1c, &(0x7f00000004c0)={@mcast2, 0x0}, &(0x7f0000000500)=0x14) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@bloom_filter={0x1e, 0x7ff, 0x7f, 0x1ff, 0x0, 0xffffffffffffffff, 0x387f, '\x00', r3, r2, 0x7, 0x4, 0x4, 0xc}, 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) openat$cgroup_ro(r1, &(0x7f00000006c0)='cpuset.memory_pressure\x00', 0x26e1, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r6, &(0x7f0000000000)=ANY=[], 0x32600) write$cgroup_subtree(r6, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800003f0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = eventfd(0x800a6) write$eventfd(r7, &(0x7f0000000000)=0xfffffffffffffffb, 0x8) read$eventfd(0xffffffffffffffff, &(0x7f0000000040), 0x8) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x660, 0x2b8, 0x6000000, 0x0, 0x198, 0x3a8, 0x590, 0x590, 0x590, 0x590, 0x590, 0x6, 0x0, {[{{@ipv6={@loopback={0x6200000000000000}, @mcast2, [], [], 'gretap0\x00', 'veth0_macvtap\x00'}, 0x0, 0x170, 0x198, 0x0, {}, [@common=@unspec=@conntrack3={{0xc8}, {{@ipv6=@loopback, [], @ipv6=@mcast2, [], @ipv6=@mcast2, [], @ipv4=@broadcast}}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x2b8}}, {{@uncond, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}}]}, @inet=@DSCP={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'ip_vti0\x00', 'veth0\x00'}, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@loopback, @ipv6=@private2}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@private1, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@icmp6={{0x28}}]}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6c0) write$binfmt_script(0xffffffffffffffff, &(0x7f00000002c0), 0xb) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) fallocate(r2, 0x8, 0x2000, 0x7000) 14.039939ms ago: executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) rename(0x0, &(0x7f00000003c0)='./file0\x00') ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000500)={'erspan0\x00', &(0x7f00000000c0)={'tunl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x1, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @remote, {[@cipso={0x86, 0x10, 0x2, [{0x2, 0xa, "1c3a1b1f1b4bd958"}]}]}}}}}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f40)=ANY=[@ANYBLOB="4000000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a00bca7", @ANYBLOB], 0x40}}, 0x0) 0s ago: executing program 3: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='contention_end\x00'}, 0x10) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7ff, 0x0, "0b77380a49fed5c1"}) r2 = dup3(r1, r0, 0x0) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0xa) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.135' (ED25519) to the list of known hosts. 2024/06/17 08:53:43 fuzzer started 2024/06/17 08:53:43 dialing manager at 10.128.0.163:30008 [ 18.776996][ T30] audit: type=1400 audit(1718614423.884:66): avc: denied { node_bind } for pid=280 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 18.781922][ T30] audit: type=1400 audit(1718614423.884:67): avc: denied { name_bind } for pid=280 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 18.804976][ T30] audit: type=1400 audit(1718614423.914:68): avc: denied { mounton } for pid=289 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 18.808657][ T288] cgroup: Unknown subsys name 'net' [ 18.835502][ T288] cgroup: Unknown subsys name 'devices' [ 18.841572][ T30] audit: type=1400 audit(1718614423.914:69): avc: denied { integrity } for pid=288 comm="syz-executor" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1 [ 18.865235][ T30] audit: type=1400 audit(1718614423.914:70): avc: denied { mounton } for pid=288 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 18.870240][ T292] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 18.897779][ T30] audit: type=1400 audit(1718614423.914:71): avc: denied { mount } for pid=288 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 18.919987][ T30] audit: type=1400 audit(1718614423.944:72): avc: denied { mount } for pid=289 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 18.943227][ T30] audit: type=1400 audit(1718614423.944:73): avc: denied { unmount } for pid=288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 18.949306][ T291] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 18.963027][ T30] audit: type=1400 audit(1718614424.014:74): avc: denied { relabelto } for pid=292 comm="mkswap" name="swap-file" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 18.996681][ T30] audit: type=1400 audit(1718614424.014:75): avc: denied { write } for pid=292 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.060149][ T288] cgroup: Unknown subsys name 'hugetlb' [ 19.065764][ T288] cgroup: Unknown subsys name 'rlimit' 2024/06/17 08:53:44 starting 5 executor processes [ 20.177950][ T306] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.184883][ T306] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.192271][ T306] device bridge_slave_0 entered promiscuous mode [ 20.199080][ T306] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.205914][ T306] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.213225][ T306] device bridge_slave_1 entered promiscuous mode [ 20.278469][ T305] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.285308][ T305] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.292631][ T305] device bridge_slave_0 entered promiscuous mode [ 20.307605][ T305] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.314480][ T305] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.321645][ T305] device bridge_slave_1 entered promiscuous mode [ 20.353816][ T309] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.360688][ T309] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.367774][ T309] device bridge_slave_0 entered promiscuous mode [ 20.383230][ T307] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.390143][ T307] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.397176][ T307] device bridge_slave_0 entered promiscuous mode [ 20.403724][ T309] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.410575][ T309] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.417646][ T309] device bridge_slave_1 entered promiscuous mode [ 20.429628][ T308] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.436469][ T308] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.443760][ T308] device bridge_slave_0 entered promiscuous mode [ 20.450222][ T307] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.457055][ T307] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.464322][ T307] device bridge_slave_1 entered promiscuous mode [ 20.476865][ T308] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.483940][ T308] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.491294][ T308] device bridge_slave_1 entered promiscuous mode [ 20.661520][ T309] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.668395][ T309] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.675471][ T309] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.682276][ T309] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.694942][ T307] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.701818][ T307] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.708914][ T307] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.715812][ T307] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.740779][ T310] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.747824][ T310] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.755116][ T310] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.762196][ T310] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.770778][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 20.778041][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 20.785230][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 20.793832][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 20.801765][ T310] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.808602][ T310] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.815757][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 20.823936][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 20.831845][ T310] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.838692][ T310] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.856425][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 20.864294][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 20.872086][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 20.902051][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 20.909335][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 20.917036][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 20.925769][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.932621][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.939814][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 20.947907][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.954763][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.961894][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 20.969659][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 20.977535][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.984317][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.991439][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 20.999320][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.006137][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.021991][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.032128][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.045654][ T306] device veth0_vlan entered promiscuous mode [ 21.058535][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.066328][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.073700][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.086216][ T309] device veth0_vlan entered promiscuous mode [ 21.100835][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.109339][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.117044][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.124347][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.131562][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.139364][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.152831][ T306] device veth1_macvtap entered promiscuous mode [ 21.165481][ T307] device veth0_vlan entered promiscuous mode [ 21.176841][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.185397][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.193848][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.201670][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.208985][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.216349][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.224373][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.233005][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.239851][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.246961][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.254879][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.261799][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.273162][ T309] device veth1_macvtap entered promiscuous mode [ 21.283120][ T307] device veth1_macvtap entered promiscuous mode [ 21.289868][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 21.297270][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 21.304649][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.311872][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.319773][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.327616][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 21.334916][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 21.342986][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.350989][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.357814][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.365362][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.373357][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.381346][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 21.389367][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 21.396792][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 21.404943][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.413031][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.419880][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.429731][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.437800][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.458310][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.466433][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.475016][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.483236][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.491400][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.499440][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.507442][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 21.515318][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.523079][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 21.531052][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.549520][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.557522][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.566020][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.574214][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.586564][ T305] device veth0_vlan entered promiscuous mode [ 21.597925][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.611271][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.619964][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.620518][ T333] xt_CT: No such helper "netbios-ns" [ 21.627815][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.646593][ T305] device veth1_macvtap entered promiscuous mode [ 21.654038][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.661536][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.669837][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.681646][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.689845][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 21.697289][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 21.705226][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.730531][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.741050][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.750241][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.758501][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.766703][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 21.774933][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.783110][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.791763][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.804077][ T308] device veth0_vlan entered promiscuous mode [ 21.820587][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.829393][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.837383][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.845024][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.863230][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.871750][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.882115][ T308] device veth1_macvtap entered promiscuous mode [ 21.894548][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 21.902625][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.910839][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.932948][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.941734][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.000225][ T359] syz-executor.3 (pid 359) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 22.027742][ T359] fscrypt: Adiantum using implementation "adiantum(xchacha12-simd,aes-aesni,nhpoly1305-generic)" [ 22.041663][ T370] xt_CT: No such helper "netbios-ns" [ 22.086522][ T373] mmap: syz-executor.1 (373) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 22.183455][ T380] syz-executor.0 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 22.217513][ T386] loop2: detected capacity change from 0 to 512 [ 22.250396][ T386] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 22.264335][ T386] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 22.277684][ T386] EXT4-fs error (device loop2): ext4_orphan_get:1423: comm syz-executor.2: bad orphan inode 16 [ 22.288578][ T386] ext4_test_bit(bit=15, block=4) = 0 [ 22.293787][ T386] EXT4-fs (loop2): 1 orphan inode deleted [ 22.299783][ T386] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 22.318076][ T310] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 22.395290][ T409] xt_CT: No such helper "netbios-ns" [ 22.439289][ T413] device team_slave_1 entered promiscuous mode [ 22.445744][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 22.458410][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 22.528037][ T364] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 22.568122][ T310] usb 5-1: Using ep0 maxpacket: 16 [ 22.583019][ T435] xt_CT: No such helper "netbios-ns" [ 22.675088][ T451] syz-executor.0[451] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 22.675159][ T451] syz-executor.0[451] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 22.691855][ T451] syz-executor.0[451] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 22.703650][ T451] syz-executor.0[451] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 22.790862][ T364] usb 2-1: Using ep0 maxpacket: 8 [ 22.842954][ T463] xt_CT: No such helper "netbios-ns" [ 22.888161][ T310] usb 5-1: New USB device found, idVendor=23a7, idProduct=fedc, bcdDevice=e0.0b [ 22.897308][ T310] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 22.905463][ T310] usb 5-1: Product: syz [ 22.909632][ T310] usb 5-1: Manufacturer: syz [ 22.914043][ T310] usb 5-1: SerialNumber: syz [ 22.919400][ T310] usb 5-1: config 0 descriptor?? [ 22.928183][ T364] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 22.949640][ T364] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 22.960097][ T364] usb 2-1: New USB device found, idVendor=0000, idProduct=1846, bcdDevice= 0.00 [ 22.972579][ T364] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 22.981183][ T364] usb 2-1: config 0 descriptor?? [ 23.107254][ T475] loop2: detected capacity change from 0 to 40427 [ 23.144343][ T475] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 23.152706][ T475] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 23.164469][ T475] F2FS-fs (loop2): invalid crc_offset: 33558524 [ 23.175024][ T475] F2FS-fs (loop2): Found nat_bits in checkpoint [ 23.202122][ T490] syz-executor.0 (490) used greatest stack depth: 21072 bytes left [ 23.211386][ T475] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 23.220855][ T475] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 23.264663][ T475] attempt to access beyond end of device [ 23.264663][ T475] loop2: rw=2049, want=45224, limit=40427 [ 23.294482][ T504] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 23.449734][ T364] hid-generic 0003:0000:1846.0001: unknown main item tag 0x3 [ 23.465430][ T364] hid-generic 0003:0000:1846.0001: hidraw0: USB HID v0.00 Device [HID 0000:1846] on usb-dummy_hcd.1-1/input0 [ 23.657625][ T531] device veth0_vlan left promiscuous mode [ 23.811022][ T20] usb 2-1: USB disconnect, device number 2 [ 23.898886][ T543] loop2: detected capacity change from 0 to 256 [ 24.088723][ T30] kauditd_printk_skb: 89 callbacks suppressed [ 24.088736][ T30] audit: type=1400 audit(1718614429.204:165): avc: denied { create } for pid=562 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 24.134706][ T30] audit: type=1400 audit(1718614429.204:166): avc: denied { connect } for pid=562 comm="syz-executor.2" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 24.155420][ T30] audit: type=1400 audit(1718614429.204:167): avc: denied { getopt } for pid=562 comm="syz-executor.2" laddr=::ffff:127.0.0.1 lport=58 faddr=::ffff:127.0.0.1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 24.251461][ T557] loop3: detected capacity change from 0 to 40427 [ 24.268001][ T30] audit: type=1400 audit(1718614429.374:168): avc: denied { read } for pid=571 comm="syz-executor.2" name="loop-control" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 24.292439][ T30] audit: type=1400 audit(1718614429.384:169): avc: denied { open } for pid=571 comm="syz-executor.2" path="/dev/loop-control" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 24.317268][ T30] audit: type=1400 audit(1718614429.384:170): avc: denied { ioctl } for pid=571 comm="syz-executor.2" path="/dev/loop-control" dev="devtmpfs" ino=111 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 24.354018][ T557] F2FS-fs (loop3): invalid crc value [ 24.367702][ T574] loop0: detected capacity change from 0 to 128 [ 24.385545][ T557] F2FS-fs (loop3): Found nat_bits in checkpoint [ 24.403380][ T30] audit: type=1400 audit(1718614429.514:171): avc: denied { mount } for pid=573 comm="syz-executor.0" name="/" dev="loop0" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 24.449252][ T30] audit: type=1326 audit(1718614429.564:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=573 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f620c7f6f29 code=0x7ffc0000 [ 24.473100][ T30] audit: type=1326 audit(1718614429.564:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=573 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f620c7f6f29 code=0x7ffc0000 [ 24.473433][ T557] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 24.497020][ T30] audit: type=1326 audit(1718614429.564:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=573 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f620c7f6f29 code=0x7ffc0000 [ 24.545774][ T593] loop2: detected capacity change from 0 to 4096 [ 24.622477][ T597] loop0: detected capacity change from 0 to 512 [ 24.663557][ T593] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 24.675549][ T593] SELinux: Context system_u:object_r:apt_var_lib_t:s0 is not valid (left unmapped). [ 24.698851][ T597] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 24.720034][ T597] EXT4-fs (loop0): 1 truncate cleaned up [ 24.725541][ T597] EXT4-fs (loop0): mounted filesystem without journal. Opts: quota,inode_readahead_blks=0x0000000000000080,barrier=0x0000000000000003,stripe=0x0000000000000004,block_validity,debug_want_extra_isize=0x000000000000002e,,errors=continue. Quota mode: writeback. [ 24.763399][ T597] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.0: corrupted in-inode xattr [ 24.772630][ T612] loop1: detected capacity change from 0 to 256 [ 24.776923][ T597] EXT4-fs warning (device loop0): ext4_xattr_set_entry:1745: inode #15: comm syz-executor.0: unable to update i_inline_off [ 24.794371][ T597] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 24.809057][ T597] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.0: corrupted in-inode xattr [ 25.027616][ T6] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 25.027686][ T628] device veth0_vlan left promiscuous mode [ 25.283301][ T633] loop0: detected capacity change from 0 to 4096 [ 25.298361][ T310] usb 5-1: MIDIStreaming interface descriptor not found [ 25.307194][ T310] usb 5-1: USB disconnect, device number 2 [ 25.313040][ T6] usb 4-1: Using ep0 maxpacket: 8 [ 25.340235][ T643] loop1: detected capacity change from 0 to 512 [ 25.352770][ T633] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 25.380771][ T643] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 25.391946][ T643] EXT4-fs (loop1): 1 truncate cleaned up [ 25.397398][ T643] EXT4-fs (loop1): mounted filesystem without journal. Opts: quota,inode_readahead_blks=0x0000000000000080,barrier=0x0000000000000003,stripe=0x0000000000000004,block_validity,debug_want_extra_isize=0x000000000000002e,,errors=continue. Quota mode: writeback. [ 25.424536][ T643] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.1: corrupted in-inode xattr [ 25.440047][ T374] udevd[374]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 25.449213][ T643] EXT4-fs warning (device loop1): ext4_xattr_set_entry:1745: inode #15: comm syz-executor.1: unable to update i_inline_off [ 25.469417][ T643] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.1: corrupted in-inode xattr [ 25.478111][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.505982][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 25.515989][ T6] usb 4-1: New USB device found, idVendor=0000, idProduct=1846, bcdDevice= 0.00 [ 25.525208][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.533548][ T6] usb 4-1: config 0 descriptor?? [ 25.760050][ T656] loop1: detected capacity change from 0 to 40427 [ 25.786173][ T656] F2FS-fs (loop1): invalid crc value [ 25.793691][ T656] F2FS-fs (loop1): Found nat_bits in checkpoint [ 25.819550][ T682] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 25.833637][ T656] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 25.998399][ T689] loop1: detected capacity change from 0 to 4096 [ 26.020078][ T6] hid-generic 0003:0000:1846.0002: unknown main item tag 0x3 [ 26.036221][ T6] hid-generic 0003:0000:1846.0002: hidraw0: USB HID v0.00 Device [HID 0000:1846] on usb-dummy_hcd.3-1/input0 [ 26.063975][ T689] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 26.323277][ T6] usb 4-1: USB disconnect, device number 2 [ 26.397788][ T699] device veth0_vlan left promiscuous mode [ 26.694096][ T677] loop0: detected capacity change from 0 to 131072 [ 26.749845][ T677] F2FS-fs (loop0): Found nat_bits in checkpoint [ 27.063494][ T677] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 27.083960][ T704] syz-executor.1 (704) used greatest stack depth: 18816 bytes left [ 27.132546][ T727] loop4: detected capacity change from 0 to 4096 [ 27.174838][ T727] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 27.205614][ T735] loop3: detected capacity change from 0 to 8192 [ 27.565324][ T311] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 27.858136][ T311] usb 2-1: Using ep0 maxpacket: 8 [ 27.896804][ T755] loop0: detected capacity change from 0 to 40427 [ 27.918080][ T755] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 27.925640][ T755] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 27.977123][ T755] F2FS-fs (loop0): Found nat_bits in checkpoint [ 27.978115][ T311] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 28.011416][ T755] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 28.014196][ T311] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 28.018312][ T755] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 28.061135][ T311] usb 2-1: New USB device found, idVendor=0000, idProduct=1846, bcdDevice= 0.00 [ 28.075339][ T311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.092236][ T311] usb 2-1: config 0 descriptor?? [ 28.335799][ T760] loop4: detected capacity change from 0 to 131072 [ 28.360257][ T760] F2FS-fs (loop4): Found nat_bits in checkpoint [ 28.373952][ T776] loop0: detected capacity change from 0 to 1024 [ 28.399779][ T760] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 28.439319][ T776] EXT4-fs (loop0): INFO: recovery required on readonly filesystem [ 28.447128][ T776] EXT4-fs (loop0): write access will be enabled during recovery [ 28.455091][ T776] JBD2: no valid journal superblock found [ 28.461056][ T776] EXT4-fs (loop0): error loading journal [ 28.599109][ T311] hid-generic 0003:0000:1846.0003: unknown main item tag 0x3 [ 28.618146][ T311] hid-generic 0003:0000:1846.0003: hidraw0: USB HID v0.00 Device [HID 0000:1846] on usb-dummy_hcd.1-1/input0 [ 28.756739][ T794] loop4: detected capacity change from 0 to 8192 [ 28.803495][ T626] usb 2-1: USB disconnect, device number 3 [ 29.219718][ T30] kauditd_printk_skb: 31 callbacks suppressed [ 29.219739][ T30] audit: type=1400 audit(1718614434.334:206): avc: denied { unmount } for pid=309 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 29.283368][ T809] device veth0_vlan left promiscuous mode [ 29.592843][ T30] audit: type=1400 audit(1718614434.704:207): avc: denied { read } for pid=823 comm="syz-executor.2" name="file0" dev="sda1" ino=1963 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 29.659256][ T30] audit: type=1400 audit(1718614434.734:208): avc: denied { ioctl } for pid=823 comm="syz-executor.2" path="/root/syzkaller-testdir3545933083/syzkaller.cseZei/43/file0" dev="sda1" ino=1963 ioctlcmd=0x1271 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 29.864334][ T835] loop2: detected capacity change from 0 to 4096 [ 29.949909][ T835] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 29.965410][ T30] audit: type=1400 audit(1718614435.074:209): avc: denied { write } for pid=837 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 30.060518][ T30] audit: type=1400 audit(1718614435.124:210): avc: denied { map } for pid=834 comm="syz-executor.2" path="/root/syzkaller-testdir3545933083/syzkaller.cseZei/47/file0/bus" dev="loop2" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 30.087479][ T30] audit: type=1400 audit(1718614435.124:211): avc: denied { execute } for pid=834 comm="syz-executor.2" path="/root/syzkaller-testdir3545933083/syzkaller.cseZei/47/file0/bus" dev="loop2" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 30.114709][ T30] audit: type=1326 audit(1718614435.154:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=839 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b47a9ef29 code=0x7ffc0000 [ 30.142602][ T30] audit: type=1326 audit(1718614435.154:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=839 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b47a9ef29 code=0x7ffc0000 [ 30.189126][ T30] audit: type=1326 audit(1718614435.154:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=839 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9b47a9ef29 code=0x7ffc0000 [ 30.227454][ T30] audit: type=1326 audit(1718614435.164:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=839 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b47a9ef29 code=0x7ffc0000 [ 30.231206][ T850] devtmpfs: Unknown parameter 'nr_iI' [ 30.643534][ T813] loop0: detected capacity change from 0 to 131072 [ 30.820155][ T813] F2FS-fs (loop0): Found nat_bits in checkpoint [ 30.872038][ T813] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 31.234455][ T904] device wireguard0 entered promiscuous mode [ 31.530823][ T926] loop3: detected capacity change from 0 to 256 [ 31.592474][ T932] syz-executor.0[932] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 31.592543][ T932] syz-executor.0[932] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 31.816328][ T955] loop1: detected capacity change from 0 to 4096 [ 31.878047][ T311] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 31.922044][ T955] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 31.986691][ T312] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 32.128024][ T311] usb 4-1: Using ep0 maxpacket: 8 [ 32.137359][ T930] loop4: detected capacity change from 0 to 131072 [ 32.177862][ T930] F2FS-fs (loop4): Found nat_bits in checkpoint [ 32.203294][ T930] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 32.420886][ T311] usb 4-1: unable to get BOS descriptor or descriptor too short [ 32.554190][ T312] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 32.569772][ T311] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 32.594429][ T312] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 32.610102][ T311] usb 4-1: config 1 has an invalid descriptor of length 53, skipping remainder of the config [ 32.620577][ T312] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 32.629886][ T311] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 32.639646][ T312] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 32.648024][ T311] usb 4-1: config 1 has no interface number 1 [ 32.654310][ T311] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 32.667457][ T312] usb 1-1: config 0 descriptor?? [ 32.672376][ T311] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x2 has an invalid bInterval 52, changing to 7 [ 32.683234][ T311] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x2 has invalid maxpacket 9272, setting to 1024 [ 32.884832][ T986] device wireguard0 entered promiscuous mode [ 33.178189][ T311] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 33.187317][ T311] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.195453][ T311] usb 4-1: Product: syz [ 33.199571][ T311] usb 4-1: Manufacturer: syz [ 33.204030][ T311] usb 4-1: SerialNumber: syz [ 33.288806][ T1002] bridge: RTM_NEWNEIGH with invalid ether address [ 33.475519][ T1010] loop2: detected capacity change from 0 to 512 [ 33.500961][ T1010] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 33.514882][ T1010] EXT4-fs (loop2): failed to initialize system zone (-117) [ 33.524461][ T1010] EXT4-fs (loop2): mount failed [ 33.529241][ T311] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor [ 33.536803][ T311] usb 4-1: 2:1 : unknown format tag 0x5 is detected. processed as MPEG. [ 33.545351][ T311] usb 4-1: found format II with max.bitrate = 0, frame size=39301 [ 33.553248][ T311] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor [ 33.561442][ T311] usb 4-1: 2:1 : unknown format tag 0x5 is detected. processed as MPEG. [ 33.569748][ T311] usb 4-1: found format II with max.bitrate = 0, frame size=39301 [ 33.588796][ T1017] loop4: detected capacity change from 0 to 4096 [ 33.639846][ T311] usb 4-1: USB disconnect, device number 3 [ 33.676500][ T374] udevd[374]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 33.693552][ T1017] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 34.314406][ T312] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0004/input/input4 [ 34.328299][ T312] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0004/input/input5 [ 34.351111][ T1027] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.1'. [ 34.361656][ T312] uclogic 0003:256C:006D.0004: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.0-1/input0 [ 34.475954][ T1033] bridge: RTM_NEWNEIGH with invalid ether address [ 34.484155][ T1035] netem: incorrect ge model size [ 34.489970][ T1035] netem: change failed [ 34.512289][ T1038] SELinux: Context system_u:object_r:fonts_cache_t:s0 is not valid (left unmapped). [ 34.517140][ T312] usb 1-1: USB disconnect, device number 2 [ 34.521874][ T30] kauditd_printk_skb: 35 callbacks suppressed [ 34.521886][ T30] audit: type=1400 audit(1718614439.634:251): avc: denied { relabelto } for pid=1037 comm="syz-executor.1" name="timer" dev="devtmpfs" ino=175 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:fonts_cache_t:s0" [ 34.563828][ T30] audit: type=1400 audit(1718614439.674:252): avc: denied { associate } for pid=1037 comm="syz-executor.1" name="timer" dev="devtmpfs" ino=175 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 srawcon="system_u:object_r:fonts_cache_t:s0" [ 34.738757][ T1060] syz-executor.1[1060] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.738819][ T1060] syz-executor.1[1060] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.760775][ T1062] loop3: detected capacity change from 0 to 512 [ 34.780773][ T1064] netem: incorrect ge model size [ 34.785538][ T1064] netem: change failed [ 34.789822][ T1060] syz-executor.1[1060] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.789889][ T1060] syz-executor.1[1060] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.838812][ T1068] loop1: detected capacity change from 0 to 512 [ 34.858108][ T1062] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 34.885872][ T1062] EXT4-fs (loop3): failed to initialize system zone (-117) [ 34.898074][ T1062] EXT4-fs (loop3): mount failed [ 34.928214][ T1068] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 34.948084][ T1068] ext4 filesystem being mounted at /root/syzkaller-testdir2921724058/syzkaller.b4M5ez/55/file0 supports timestamps until 2038 (0x7fffffff) [ 35.008292][ T1068] EXT4-fs error (device loop1): ext4_do_update_inode:5191: inode #2: comm syz-executor.1: corrupted inode contents [ 35.024044][ T1068] EXT4-fs error (device loop1): ext4_dirty_inode:6024: inode #2: comm syz-executor.1: mark_inode_dirty error [ 35.040744][ T1068] EXT4-fs error (device loop1): ext4_do_update_inode:5191: inode #2: comm syz-executor.1: corrupted inode contents [ 35.061973][ T1068] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #2: comm syz-executor.1: mark_inode_dirty error [ 35.089823][ T30] audit: type=1400 audit(1718614440.204:253): avc: denied { create } for pid=1066 comm="syz-executor.1" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 35.505701][ T1068] EXT4-fs error (device loop1): ext4_get_first_dir_block:3565: inode #18: comm syz-executor.1: directory missing '.' [ 35.518220][ T30] audit: type=1400 audit(1718614440.614:254): avc: denied { remove_name } for pid=1066 comm="syz-executor.1" name="file0" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 35.547221][ T1096] syz-executor.4[1096] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 35.547294][ T1096] syz-executor.4[1096] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 35.569505][ T30] audit: type=1400 audit(1718614440.614:255): avc: denied { rename } for pid=1066 comm="syz-executor.1" name="file0" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 35.603906][ T1100] syz-executor.4[1100] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 35.603967][ T1100] syz-executor.4[1100] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 35.605529][ T30] audit: type=1400 audit(1718614440.614:256): avc: denied { rmdir } for pid=1066 comm="syz-executor.1" name=131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D338 dev="loop1" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 35.694912][ T30] audit: type=1400 audit(1718614440.794:257): avc: denied { create } for pid=1105 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 35.761273][ T30] audit: type=1400 audit(1718614440.834:258): avc: denied { create } for pid=1109 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 35.807248][ T30] audit: type=1400 audit(1718614440.844:259): avc: denied { bind } for pid=1109 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 35.887316][ T1125] loop1: detected capacity change from 0 to 2048 [ 35.957292][ T1125] loop1: p2 < > [ 35.999655][ T99] loop1: p2 < > [ 36.011325][ T30] audit: type=1400 audit(1718614441.124:260): avc: denied { mounton } for pid=1117 comm="syz-executor.1" path="/dev/loop1p2" dev="devtmpfs" ino=423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 36.201806][ T1165] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 36.356737][ T1169] loop4: detected capacity change from 0 to 40427 [ 36.413930][ T1169] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 36.434125][ T1169] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 36.443383][ T1169] F2FS-fs (loop4): invalid crc value [ 36.459267][ T1169] F2FS-fs (loop4): Found nat_bits in checkpoint [ 36.516249][ T1169] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 36.527719][ T1169] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 36.541053][ T1204] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 36.575228][ T1204] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 37.308040][ T45] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 37.316817][ T45] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 37.368007][ T329] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 37.581597][ T1230] loop3: detected capacity change from 0 to 512 [ 37.618282][ T329] usb 2-1: Using ep0 maxpacket: 16 [ 37.700272][ T1230] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 37.711447][ T1230] ext4 filesystem being mounted at /root/syzkaller-testdir3574249864/syzkaller.oghbCV/67/file0 supports timestamps until 2038 (0x7fffffff) [ 37.748137][ T329] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 37.759557][ T1230] EXT4-fs error (device loop3): ext4_do_update_inode:5191: inode #2: comm syz-executor.3: corrupted inode contents [ 37.773588][ T1230] EXT4-fs error (device loop3): ext4_dirty_inode:6024: inode #2: comm syz-executor.3: mark_inode_dirty error [ 37.785492][ T1230] EXT4-fs error (device loop3): ext4_do_update_inode:5191: inode #2: comm syz-executor.3: corrupted inode contents [ 37.797735][ T1230] EXT4-fs error (device loop3): __ext4_ext_dirty:183: inode #2: comm syz-executor.3: mark_inode_dirty error [ 37.813257][ T1230] EXT4-fs error (device loop3): ext4_get_first_dir_block:3565: inode #18: comm syz-executor.3: directory missing '.' [ 37.917320][ T1264] tipc: Failed to remove unknown binding: 66,1,1/0:3345699624/3345699626 [ 37.925653][ T1264] tipc: Failed to remove unknown binding: 66,1,1/0:3345699624/3345699626 [ 37.938095][ T329] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 37.947483][ T329] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.971059][ T329] usb 2-1: Product: syz [ 37.975051][ T329] usb 2-1: Manufacturer: syz [ 37.979729][ T329] usb 2-1: SerialNumber: syz [ 37.985378][ T329] usb 2-1: config 0 descriptor?? [ 38.028664][ T329] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 38.038543][ T329] usb 2-1: Detected FT232RL [ 38.139822][ T1294] tipc: Failed to remove unknown binding: 66,1,1/0:1542456864/1542456866 [ 38.164811][ T1294] tipc: Failed to remove unknown binding: 66,1,1/0:1542456864/1542456866 [ 38.303794][ T1325] tipc: Failed to remove unknown binding: 66,1,1/0:1746941391/1746941393 [ 38.312190][ T1325] tipc: Failed to remove unknown binding: 66,1,1/0:1746941391/1746941393 [ 38.488105][ T329] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 38.518089][ T329] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71 [ 38.527555][ T329] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 38.553924][ T329] usb 2-1: USB disconnect, device number 4 [ 38.560961][ T1349] capability: warning: `syz-executor.3' uses 32-bit capabilities (legacy support in use) [ 38.571779][ T329] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 38.588635][ T329] ftdi_sio 2-1:0.0: device disconnected [ 38.597116][ T1354] tipc: Failed to remove unknown binding: 66,1,1/0:1826516057/1826516059 [ 38.608590][ T1354] tipc: Failed to remove unknown binding: 66,1,1/0:1826516057/1826516059 [ 38.708880][ T1370] ======================================================= [ 38.708880][ T1370] WARNING: The mand mount option has been deprecated and [ 38.708880][ T1370] and is ignored by this kernel. Remove the mand [ 38.708880][ T1370] option from the mount to silence this warning. [ 38.708880][ T1370] ======================================================= [ 38.751229][ T1374] process 'syz-executor.0' launched './file1' with NULL argv: empty string added [ 39.021746][ T1382] loop2: detected capacity change from 0 to 512 [ 39.043128][ T1386] tipc: Failed to remove unknown binding: 66,1,1/0:3792116887/3792116889 [ 39.052407][ T1386] tipc: Failed to remove unknown binding: 66,1,1/0:3792116887/3792116889 [ 39.103475][ T1382] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 39.114411][ T1382] ext4 filesystem being mounted at /root/syzkaller-testdir3545933083/syzkaller.cseZei/84/bus supports timestamps until 2038 (0x7fffffff) [ 39.230861][ T1392] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.237711][ T1392] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.245302][ T1392] device bridge_slave_0 entered promiscuous mode [ 39.478646][ T1392] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.485744][ T1392] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.498419][ T1392] device bridge_slave_1 entered promiscuous mode [ 39.572228][ T1392] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.579171][ T1392] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.586217][ T1392] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.593000][ T1392] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.617119][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.625737][ T334] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.646929][ T334] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.670132][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.678453][ T311] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.685390][ T311] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.693177][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.701150][ T311] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.708000][ T311] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.715123][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.722891][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.738746][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.749648][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.757796][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.770654][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.779130][ T1392] device veth0_vlan entered promiscuous mode [ 39.807471][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.818938][ T1392] device veth1_macvtap entered promiscuous mode [ 39.840516][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.888982][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.900344][ T30] kauditd_printk_skb: 24 callbacks suppressed [ 39.900357][ T30] audit: type=1400 audit(1718614445.014:285): avc: denied { mounton } for pid=1392 comm="syz-executor.4" path="/dev/binderfs" dev="devtmpfs" ino=362 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 39.973736][ T1432] tipc: Failed to remove unknown binding: 66,1,1/0:2539838649/2539838651 [ 39.994018][ T1417] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.001075][ T1432] tipc: Failed to remove unknown binding: 66,1,1/0:2539838649/2539838651 [ 40.023935][ T1417] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.031801][ T1417] device bridge_slave_0 entered promiscuous mode [ 40.038866][ T1417] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.045757][ T1417] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.060039][ T1417] device bridge_slave_1 entered promiscuous mode [ 40.066452][ T30] audit: type=1400 audit(1718614445.174:286): avc: denied { create } for pid=1437 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 40.086055][ T30] audit: type=1400 audit(1718614445.174:287): avc: denied { connect } for pid=1437 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 40.145523][ T30] audit: type=1400 audit(1718614445.174:288): avc: denied { write } for pid=1437 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 40.355812][ T1453] loop1: detected capacity change from 0 to 512 [ 40.362818][ T30] audit: type=1400 audit(1718614445.474:289): avc: denied { relabelfrom } for pid=1442 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 40.383570][ T30] audit: type=1400 audit(1718614445.474:290): avc: denied { relabelto } for pid=1442 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 40.411891][ T1453] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 40.422871][ T1453] ext4 filesystem being mounted at /root/syzkaller-testdir2921724058/syzkaller.b4M5ez/79/bus supports timestamps until 2038 (0x7fffffff) [ 40.490263][ T8] device bridge_slave_1 left promiscuous mode [ 40.496585][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.512419][ T8] device bridge_slave_0 left promiscuous mode [ 40.523660][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.535859][ T8] device veth1_macvtap left promiscuous mode [ 41.038384][ T30] audit: type=1400 audit(1718614446.154:291): avc: denied { read } for pid=1484 comm="syz-executor.3" name="timer" dev="devtmpfs" ino=175 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:fonts_cache_t:s0" [ 41.107431][ T30] audit: type=1400 audit(1718614446.184:292): avc: denied { open } for pid=1484 comm="syz-executor.3" path="/dev/snd/timer" dev="devtmpfs" ino=175 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:fonts_cache_t:s0" [ 41.135457][ T30] audit: type=1400 audit(1718614446.184:293): avc: denied { ioctl } for pid=1484 comm="syz-executor.3" path="/dev/snd/timer" dev="devtmpfs" ino=175 ioctlcmd=0x5410 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:fonts_cache_t:s0" [ 41.164925][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.174710][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.209227][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.217591][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.242196][ T30] audit: type=1400 audit(1718614446.214:294): avc: denied { map } for pid=1488 comm="syz-executor.3" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 41.267445][ T329] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.274335][ T329] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.281911][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 41.290730][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.561139][ T329] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.568030][ T329] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.575228][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.589212][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 41.596853][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.615483][ T1417] device veth0_vlan entered promiscuous mode [ 41.626504][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 41.635321][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.648681][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 41.656581][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.684768][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.696893][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.706868][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 41.715075][ T329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.734241][ T1417] device veth1_macvtap entered promiscuous mode [ 41.748457][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 41.776574][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.795095][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.819685][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.831296][ T334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.903025][ T1558] loop1: detected capacity change from 0 to 256 [ 42.922447][ T8] device bridge_slave_1 left promiscuous mode [ 42.932223][ T1559] bpf_get_probe_write_proto: 4 callbacks suppressed [ 42.932242][ T1559] syz-executor.4[1559] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 42.950841][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.008326][ T1559] syz-executor.4[1559] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 43.033904][ T8] device bridge_slave_0 left promiscuous mode [ 43.126251][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.143252][ T8] device veth1_macvtap left promiscuous mode [ 43.881326][ T20] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 45.025395][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 45.025410][ T30] audit: type=1400 audit(1718614450.134:309): avc: denied { read } for pid=1607 comm="syz-executor.3" name="usbmon0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 45.040752][ T1610] loop2: detected capacity change from 0 to 1024 [ 45.056990][ T1575] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 45.074541][ T30] audit: type=1400 audit(1718614450.144:310): avc: denied { open } for pid=1607 comm="syz-executor.3" path="/dev/usbmon0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 45.099774][ T1610] EXT4-fs (loop2): Ignoring removed orlov option [ 45.106173][ T1610] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 45.114031][ T30] audit: type=1400 audit(1718614450.184:311): avc: denied { ioctl } for pid=1607 comm="syz-executor.3" path="/dev/usbmon0" dev="devtmpfs" ino=135 ioctlcmd=0x9206 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 45.140668][ T30] audit: type=1326 audit(1718614450.214:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1571 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f45116d7c8b code=0x7ffc0000 [ 45.164826][ T1610] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 45.193562][ T30] audit: type=1326 audit(1718614450.254:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1571 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f45116d7c8b code=0x7ffc0000 [ 45.194106][ T1610] EXT4-fs error (device loop2): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.2: corrupt xattr in inline inode [ 45.230288][ T20] usb 2-1: Using ep0 maxpacket: 8 [ 45.235676][ T30] audit: type=1400 audit(1718614450.304:314): avc: denied { mounton } for pid=1605 comm="syz-executor.2" path="/root/syzkaller-testdir3545933083/syzkaller.cseZei/99/file1/file0/bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 45.239073][ T1610] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.2: corrupted in-inode xattr [ 45.263541][ T30] audit: type=1400 audit(1718614450.304:315): avc: denied { map } for pid=1605 comm="syz-executor.2" path="/root/syzkaller-testdir3545933083/syzkaller.cseZei/99/file1/file0/bus" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 45.313942][ T30] audit: type=1400 audit(1718614450.424:316): avc: denied { rmdir } for pid=308 comm="syz-executor.2" name="lost+found" dev="loop2" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 45.338309][ T30] audit: type=1400 audit(1718614450.444:317): avc: denied { unlink } for pid=308 comm="syz-executor.2" name="file0" dev="loop2" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 45.348020][ T1575] usb 5-1: Using ep0 maxpacket: 32 [ 45.361966][ T30] audit: type=1400 audit(1718614450.444:318): avc: denied { unlink } for pid=308 comm="syz-executor.2" name="file1" dev="loop2" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 45.398138][ T20] usb 2-1: unable to get BOS descriptor or descriptor too short [ 45.478039][ T20] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 45.494199][ T20] usb 2-1: config 1 has an invalid descriptor of length 53, skipping remainder of the config [ 45.504636][ T20] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 45.532469][ T1575] usb 5-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 45.546093][ T20] usb 2-1: config 1 has no interface number 1 [ 45.552307][ T1575] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 45.566934][ T20] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 45.580363][ T1575] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 45.864804][ T20] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x2 has an invalid bInterval 52, changing to 7 [ 45.875537][ T1575] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 45.883519][ T20] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x2 has invalid maxpacket 9272, setting to 1024 [ 45.897427][ T1575] usb 5-1: config 0 descriptor?? [ 45.958094][ T20] usb 2-1: string descriptor 0 read error: -71 [ 45.964462][ T20] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 45.978006][ T20] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 46.019295][ T20] usb 2-1: can't set config #1, error -71 [ 46.027589][ T20] usb 2-1: USB disconnect, device number 5 [ 46.105536][ T989] usb 5-1: USB disconnect, device number 3 [ 46.111319][ T26] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 46.149729][ T1662] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 46.175387][ T1665] tun0: tun_chr_ioctl cmd 2147767517 [ 46.239447][ T1671] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=1671 comm=syz-executor.3 [ 46.324487][ T1679] device syzkaller0 entered promiscuous mode [ 46.378004][ T26] usb 1-1: Using ep0 maxpacket: 8 [ 46.432629][ T1693] tun0: tun_chr_ioctl cmd 2147767517 [ 46.484349][ T1701] loop2: detected capacity change from 0 to 512 [ 46.518119][ T26] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 46.527024][ T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 46.535896][ T26] usb 1-1: config 0 descriptor?? [ 46.549911][ T1701] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 46.565818][ T1701] ext4 filesystem being mounted at /root/syzkaller-testdir3545933083/syzkaller.cseZei/105/bus supports timestamps until 2038 (0x7fffffff) [ 46.895225][ T1707] SELinux: security_context_str_to_sid(root) failed for (dev ?, type ?) errno=-22 [ 46.905076][ T1707] SELinux: security_context_str_to_sid(root) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 46.981092][ T1714] device syzkaller0 entered promiscuous mode [ 47.437268][ T1740] device wireguard0 entered promiscuous mode [ 47.446788][ T1742] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.3'. [ 48.489751][ T1782] loop3: detected capacity change from 0 to 1024 [ 48.538690][ T1782] EXT4-fs (loop3): Ignoring removed orlov option [ 48.544944][ T1782] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 48.559633][ T1782] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 48.588317][ T1788] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 48.604631][ T1782] EXT4-fs error (device loop3): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.3: corrupt xattr in inline inode [ 48.618316][ T1782] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.3: corrupted in-inode xattr [ 48.638140][ T306] ================================================================== [ 48.646021][ T306] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 48.653831][ T306] Read of size 4 at addr ffff88812c246000 by task syz-executor.3/306 [ 48.661855][ T306] [ 48.664025][ T306] CPU: 1 PID: 306 Comm: syz-executor.3 Not tainted 5.15.149-syzkaller-00165-g85445b5a2107 #0 [ 48.674005][ T306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 48.683910][ T306] Call Trace: 2024/06/17 08:54:13 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 48.687025][ T306] [ 48.689815][ T306] dump_stack_lvl+0x151/0x1b7 [ 48.694319][ T306] ? io_uring_drop_tctx_refs+0x190/0x190 [ 48.699784][ T306] ? panic+0x751/0x751 [ 48.703694][ T306] print_address_description+0x87/0x3b0 [ 48.709075][ T306] kasan_report+0x179/0x1c0 [ 48.713416][ T306] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 48.718879][ T306] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 48.724349][ T306] __asan_report_load4_noabort+0x14/0x20 [ 48.729990][ T306] ext4_xattr_delete_inode+0xcd0/0xce0 [ 48.735371][ T306] ? sb_end_intwrite+0x120/0x120 [ 48.740145][ T306] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 48.746147][ T306] ? ext4_journal_check_start+0x16c/0x230 [ 48.751700][ T306] ? __kasan_check_read+0x11/0x20 [ 48.756561][ T306] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 48.762292][ T306] ? ext4_evict_inode+0xb8d/0x14e0 [ 48.767232][ T306] ext4_evict_inode+0xea1/0x14e0 [ 48.772007][ T306] ? _raw_spin_unlock+0x4d/0x70 [ 48.776698][ T306] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 48.782606][ T306] ? _raw_spin_unlock+0x4d/0x70 [ 48.787285][ T306] ? inod