last executing test programs: 6.537460348s ago: executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000740)='./file0\x00', 0x54, &(0x7f0000000040)={[{@bh}, {@noinit_itable}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5e}}, {@barrier_val={'barrier', 0x3d, 0x8}}, {@delalloc}, {@noload}, {@nojournal_checksum}]}, 0x1, 0x477, &(0x7f00000002c0)="$eJzs209sFNUfAPDvzG4LP/hBK6IIolbR2Ki0tKBy8KLRxIMmJnrAi0ltC0EWamhNhBCtxuDRkHhXjyYm3jx4Ug9GPZl41bshIcoF9FQzuzPLdrv9s7TdUvbzSaZ5b+ZN3/vuzJt5M283gK41kP1JIv4fEb9HRF8tWzeXF8rKXb96YfyfqxfGk5ibe/WvpFru2tUL40XZYr/teWYwjUg/SvJK5ps+d/7UWKUyeTbPD8+cfnt4+tz5gydPj52YPDF5ZvTo0SOHR55+avTJdkPa2mplFt+1fe9N7d/74uuXXh4/dunNn79K8vXRFMdK9KygzEAW+N9zVc3bHmmnsk1gR0M6KTduKXe+MaxYKT9CPdX+3xelhuPVFy98uGCHtMMNBNZNdm/asvjm2TngNpbERrcA2BjFjT57/i2WDg09bglXnq09AGVxX8+X2pZy/VGnp+n5di0NRMSx2X8/y5a4ifcQAADt+i4b/zzRavyXRuMYcWc+N9QfEXdExK6IuDMidkfEXRFxd0TsiYh72qy/eWpo4fgnvbya+JaTjf+eyee25o//6i+6+0t5bkc1/p7k+MnK5KH8MxmMni1ZfmSJOr5//rdPFtvWOP7Llqz+Y/Mml9LL5aYXdBNjM2PZoPSNgzcfd+HKBxH7yq3iT+ozAUlE7I2Ife39651F4uRjX+5frFDL+POx8LLWYGpp7ouIR2vHfzaa4i8kS89PDm+NyuSh4eKsWOiXXy++slj9q4p/DWTHf9v887+5SH/SOF873X4dF//4eNFnmuXjb33+9yavVa9Hvfm6d8dmZs6ORPQmL9X2alw/emPfIl+Uz+IfPNC6/+/K98nivzcispP4voi4PyIeyNv+YEQ8FBEHloj/p+cefuvm419fWfwTLa9/9fO/6fi3nyid+vHbxeqvxv/Nzoglj/+RamowX1O9/i2jMrCyBq7mswMAAIDNIq1+Bz5Jh+rpNB0aqn2Hf3dsSytT0zOPH59658xE7bvy/dGTFm+6+hreh44ks/l/rOVH83fFxfbD+XvjT0v/q+aHxqcqExscO3S77Q39f9eeG/0/82epXuzrHxpnRPykA24f+jN0r+b+7zd+0D3c/6F76f/QvfR/6F6t+v/7TflSh9oCdJb7P3Qv/R+6l/4P3Uv/h660mt/1dyzxefmWaIZEkUinz52PdMObsZ6J3s3UQdYjsfBaUTZOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANqH/AgAA//89t/CN") 6.534135279s ago: executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=@framed={{}, [@map_idx_val, @tail_call, @printk={@ld}, @initr0]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) r2 = getpgid(0x0) r3 = gettid() tgkill(r2, r3, 0x0) 6.430892635s ago: executing program 3: socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$BTRFS_IOC_RM_DEV(0xffffffffffffffff, 0x5000940b, 0x0) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x0, 0x0, 0x0, 0x4, 0x400, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x48) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000000c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d24070000030769dc000049c40c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05"], 0x0) 6.236207216s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) getgid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020}, 0x2020) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r6 = dup(r5) sendmsg$netlink(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000540)=ANY=[], 0x1b8}, {&(0x7f0000000580)=ANY=[], 0x1f88}], 0x2}, 0x0) 4.920002721s ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file2\x00', 0x10050, &(0x7f0000000b00)={[{@orlov}, {@usrjquota}, {@noblock_validity}, {@norecovery}, {@bsdgroups}, {@i_version}]}, 0x3, 0x546, &(0x7f0000000180)="$eJzs3dFrZFcZAPDv3mR2s7upmaoPtWAttrJbdSdJ47bBh6og+lRQKz4Ja0wmIWSSWZJJuwmLTfFVEES04Is++SL4BwjSF99FKNR3UVGkZvVBoe2VO3Onm0xmkhRncpfk94Oz9557Zu73nQlz5tyZu/cGcGE9GRE3ImIsIp6JiKlie1qU2OuU/HH39+8t5iWJLHvp7SSSYlt3X5eL5bXiaRMR8Y2vRnw3ORp3a2d3baHRqG8W9enWevJOlu3eXF1fWKmv1Dfm5mafm39+/tb8zFD6WY2IF77815/88JdfeeG3n33lT7f/fuN7eVr/zbJXo6cfw9TpeqX9WnSNR8TmKIKVZLzdw45bJecCAMDx8vn+hyPik+35/1SMtWdzAAAAwHmSfWEy3kkiMgAAAODcSiNiMpK0VpzvO1mcsXotIj4aV9NGc6v1meXm9sZS3hZRjUq6vNqoz8RE+9yBalSSvD5bnGPbrT/bU5+LiEcj4sdTV9r12mKzsVT2lx8AAABwQVzrOf7/91Sa1mpF417JyQEAAADDUy07AQAAAGDkHP8DAADA+VfN+tyh66h09JkAAAAAI/C1F1/MS9a9//XSyzvba82Xby7Vt9Zq69uLtcXm5p3aSrO50r5m3/pJ+2s0m3c+Fxvbd6db9a3W9NbO7u315vZG6/bqoVtgAwAAAGfo0U+88cckIvY+f6VdcpeKtkpENnbwweNlZAiMygc6p+cvo8sDOHsHP9+vlJgHcPZM6eHiqpSdAFC6k/4D0MCTd34//FwAAIDRuP6xwb//v71camrAiBW//yenugAIcK6MlZ0AUJrO73/vZR1lZwOcpcpxMwAHBXDupcP5/f+EUwkTAwoAAJRssl2StFYcB0xGmtZqEY+0bwtYSZZXG/WZiPhQRLw1Vbmc12fbz0zM5gEAAAAAAAAAAAAAAAAAAAAAAADglLIsiQwAAAA41yLSv3XvzHV96unJ3u8HLiX/mWovI+KVn73007sLrdbmbL79n+9vb71ebH+2jG8wAAAAgF7d4/TucTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNP9/XuL97Msy/bvLZ5l3H98KSKqRfyidFrGY6K9nIhKRFz9VxLjB56XRMTYEOLvvRYRj/WLn+RpRbXI4lD8SxFpRFwZVvz4gPGjE//aEOLDRfZGPv58sd/7L40n28v+77/xovy/Bo9/6fvj39iA8e+RQTutHK4+/uavpwfGfy3i8fH+4083fpLvr0/8p07Zx+98c3d3UFv2i4jr/ca/5HCs6db6nemtnd2bq+sLK/WV+sbc3Oxz88/P35qfmV5ebdSLf/vG+NHHf/Peg9q7R/p/9Zjxt93/Aa//06fs/7tv3t3/SGe15y8Tlfh5lt14qv/f/7F88emj8buffZ8qPgfyev4apq9/q2/8J371hycG5Zb3f2lA/yd6+n+5p/83Ttn/Z77+/T+f8qEAwBnY2tldW2g06ptWDq5E9aFI4+FdyeedpaeRRBL5yluHmhbKT6yz8mrxHltodN9tQ9rz74qDo1EmX9J4BAAAjM6DSX9vS1JOQgAAAAAAAAAAAAAAAAAAAHABnXgZsEFNaUQ82PLtHxxzNbLemHvldBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Fj/CwAA//8GI9aV") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x159080, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) syz_mount_image$fuse(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x40000, &(0x7f0000000380)=ANY=[], 0x1, 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f00000000c0)='./file2\x00', 0x0, &(0x7f0000000700)=ANY=[], 0x0, 0x0, 0x0) 3.735672867s ago: executing program 2: socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x18, 0x5, 0x2) bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) write(r0, &(0x7f0000001f00)="2600000022004701050000000000000000000020002b1f0000639cd505c934ffffffff554a431ec4e59747f6fb0e4708c0925bc0b07af1f36be97ffde677e2f261d311d723965ba4bbf09a37f264b2e16839b9bd922da7ff818e421484bc0b08d1b873ffab94c3d9bf7e52ade4a710c822a85bbfb7c2125c693514479f1eae0acff1d639415d874a0e70fb43ca24e33ff7377b6051a417a65c1c160b3331698e3ea2027f14c3ca1f320accdc4e0883d5", 0xb0) write(r0, &(0x7f0000000000)='\"', 0x1) prctl$PR_GET_DUMPABLE(0x3) 3.386186042s ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000181100000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0xcd, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x5412, &(0x7f00000000c0)=0x13) ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x5412, &(0x7f0000000280)=0x11) 3.300901845s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000002000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='block_bio_remap\x00', r4}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='block_bio_remap\x00', r1}, 0x10) write$cgroup_type(r3, &(0x7f0000000000), 0x9) 2.210823155s ago: executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file2\x00', 0x10050, &(0x7f0000000b00)={[{@orlov}, {@usrjquota}, {@noblock_validity}, {@norecovery}, {@bsdgroups}, {@i_version}]}, 0x3, 0x546, &(0x7f0000000180)="$eJzs3dFrZFcZAPDv3mR2s7upmaoPtWAttrJbdSdJ47bBh6og+lRQKz4Ja0wmIWSSWZJJuwmLTfFVEES04Is++SL4BwjSF99FKNR3UVGkZvVBoe2VO3Onm0xmkhRncpfk94Oz9557Zu73nQlz5tyZu/cGcGE9GRE3ImIsIp6JiKlie1qU2OuU/HH39+8t5iWJLHvp7SSSYlt3X5eL5bXiaRMR8Y2vRnw3ORp3a2d3baHRqG8W9enWevJOlu3eXF1fWKmv1Dfm5mafm39+/tb8zFD6WY2IF77815/88JdfeeG3n33lT7f/fuN7eVr/zbJXo6cfw9TpeqX9WnSNR8TmKIKVZLzdw45bJecCAMDx8vn+hyPik+35/1SMtWdzAAAAwHmSfWEy3kkiMgAAAODcSiNiMpK0VpzvO1mcsXotIj4aV9NGc6v1meXm9sZS3hZRjUq6vNqoz8RE+9yBalSSvD5bnGPbrT/bU5+LiEcj4sdTV9r12mKzsVT2lx8AAABwQVzrOf7/91Sa1mpF417JyQEAAADDUy07AQAAAGDkHP8DAADA+VfN+tyh66h09JkAAAAAI/C1F1/MS9a9//XSyzvba82Xby7Vt9Zq69uLtcXm5p3aSrO50r5m3/pJ+2s0m3c+Fxvbd6db9a3W9NbO7u315vZG6/bqoVtgAwAAAGfo0U+88cckIvY+f6VdcpeKtkpENnbwweNlZAiMygc6p+cvo8sDOHsHP9+vlJgHcPZM6eHiqpSdAFC6k/4D0MCTd34//FwAAIDRuP6xwb//v71camrAiBW//yenugAIcK6MlZ0AUJrO73/vZR1lZwOcpcpxMwAHBXDupcP5/f+EUwkTAwoAAJRssl2StFYcB0xGmtZqEY+0bwtYSZZXG/WZiPhQRLw1Vbmc12fbz0zM5gEAAAAAAAAAAAAAAAAAAAAAAADglLIsiQwAAAA41yLSv3XvzHV96unJ3u8HLiX/mWovI+KVn73007sLrdbmbL79n+9vb71ebH+2jG8wAAAAgF7d4/TucTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNP9/XuL97Msy/bvLZ5l3H98KSKqRfyidFrGY6K9nIhKRFz9VxLjB56XRMTYEOLvvRYRj/WLn+RpRbXI4lD8SxFpRFwZVvz4gPGjE//aEOLDRfZGPv58sd/7L40n28v+77/xovy/Bo9/6fvj39iA8e+RQTutHK4+/uavpwfGfy3i8fH+4083fpLvr0/8p07Zx+98c3d3UFv2i4jr/ca/5HCs6db6nemtnd2bq+sLK/WV+sbc3Oxz88/P35qfmV5ebdSLf/vG+NHHf/Peg9q7R/p/9Zjxt93/Aa//06fs/7tv3t3/SGe15y8Tlfh5lt14qv/f/7F88emj8buffZ8qPgfyev4apq9/q2/8J371hycG5Zb3f2lA/yd6+n+5p/83Ttn/Z77+/T+f8qEAwBnY2tldW2g06ptWDq5E9aFI4+FdyeedpaeRRBL5yluHmhbKT6yz8mrxHltodN9tQ9rz74qDo1EmX9J4BAAAjM6DSX9vS1JOQgAAAAAAAAAAAAAAAAAAAHABnXgZsEFNaUQ82PLtHxxzNbLemHvldBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Fj/CwAA//8GI9aV") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x159080, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) syz_mount_image$fuse(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x40000, &(0x7f0000000380)=ANY=[], 0x1, 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f00000000c0)='./file2\x00', 0x0, &(0x7f0000000700)=ANY=[], 0x0, 0x0, 0x0) 1.996166639s ago: executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000007d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$uinput_user_dev(r1, &(0x7f0000000800)={'syz1\x00'}, 0x45c) 1.853629591s ago: executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000ec0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a505000000007751e8ba639a67880141cca555077e3a159110193dd2ff1fa7c3205bfedbe9d8f3b423cdacfa7e32fe0231368b2264f9c504c9f1f65515b2e1a38d522be18bd10a48b0bf224e5160f3090b4320002646d25dfd73bb6d7535f7866907dc6751dfced1fd8accae660010000053419e173a649c1cfd6587d47578f4c35235138d5521f9453559c35da860e8efbcffffffff3173d566a0f06c54c3a4903ef31c4d4acef2ce3599f455c7a3a48a01010000009f2f0517e4ca0e1803a2971a50f713d4e21b3336f1ae0796f23526ec0fd97f734c4c815bf697e6bd009d2e7dfbffff72ba8972f39dc09244ba5dbe9180950f76f7049db5cb19d7962fed44e00f392865cd81f2b77fdd76c677f812d249c8130b9fae93466e9dd8018d430054ffdca8b7fbc254f4348c8d7305000000000000593d60abc9b3e656f3d3759dcfeb820634fd4d419efaefb24305b2bea20007840484511b6efaad206335a30ef7b9e00546a6285f4665a7fe37da2349f8bf4064726dc32add75e0f435f28fbeda75cf971d54a9698cf3270fd0bcade611b895e3fff7909413f3fbd3ced3284db730b368ddca654dd7836f171b766ffd7526847a6bfda9c648e8aa5c558aa6d463ec9d840f3914909187b6b0776952be5cb0417d33d3ab25493418494d9d10d76e603129e9a726579ac7d672cacd581b7e2fc7a5758fcfb822de1da3c357341e000cc34c49914f1aa198a77b3610b7403930fd42051d4b7443e5b49c000000000000007d6173050027791c9c1e04ad3711a66d91254a6f911b1449c62a6e1e3f9ce19a9d1715c009a58e6eadac8f61b45853673df72dc812f7454ae22d79ac48034282f030408895886e9644179dcf66d97907cedd49e0c5752f755849953957143a0380d1f62acbf18b251ce63b29fe17925770fac12cf9e291200df6bb669d5a57dd74dd817ef2f8848f710c359afe73947afebdf5536ee2b9f3b19c5c90bbe7e93e425999a6542434350fe35a8cbdece7b06bdf3a676b406df18850df50eec8517b3530796ff61c096cf1f571ab9737f4b1f7e9650823ca025a3ef04d97a5b7d92d3a29c2128513da5b483fa5da21b1459d0943665dc11d039bd5e0718577c95cb37b99974bc8be5c9c42d4da0a080e380fa7fe601552d4bf000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000770000000e000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) clock_adjtime(0x0, &(0x7f0000000700)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000002c0)=ANY=[@ANYBLOB="02"], 0xfe44, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) socket$inet_icmp_raw(0x2, 0x3, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f0000000100)={[{@nombcache}, {@resgid}, {@norecovery}, {@commit={'commit', 0x3d, 0x5}}, {@nombcache}]}, 0x8, 0x5fb, &(0x7f00000004c0)="$eJzs3c9vFGUfAPDvTH/Svu/bQt6oeJAmxkCitLSAIcZEuBOCP26eKi0EKZTQGi2SWBK8mBgvHkw8eRD/CyXx6sGrBy+eDAkxhoMYImtmO1Om293SX7tbup9PMnSeme48z5R++5199nlmAuhYI9k/acT+iLiaRAyV9nVHvnNk6fvu/3njXLYkUam8/UcSNz5JFsvHSvKvg/mL/xmK5Oc0Yl/X6nrnFq5fmpyZmb6Wl8fmL18dm1u4fvji5ckL0xemr0y8OnHi+LHjJ8aPbOn8ylWfvvX+h0OfnXn3268fJuPf/XomiZPxKP+G7LxqX9u3pZqzn9lIVJY8KG/Pfq4ntnjsneKvoeL35LGkdgM71vn897EnIp6Noegq/W8OxadvtrVxQFNVkihyFNBxkk3Ff//2NwRoseI6oHhvX+998Gppk69KgFa4d2qpA2Ap9nsiooj/7qW+weiv9g0M3E9W9PMkEbG1nrklWR0//XjmVrZEg344oDkWbxa93LX5P6nG5nD0V0sD99MV8Z+Wlmz7W5usf6SmLP6hdRZvRsRzef7vjQ3F/0gp/t/bZP3iHwAAAAAAALbPnVMR8Uq98X/p8vif3jrjfwYj4uQ21P/kz//Su/lKsg3VASX3TkW8Xnf87/IY3+GuvPTf6niAnuT8xZnpIxHxv4g4FD19WXm85rjlEcKHP9/3VaP6y+P/siWrvxgLmB/pbnfNRNypyfnJrZ43EHHvZsTz1fG/B/ItK8f/ZPk/qZP/s/i+us469r10+2yjfU+Of6BZKt9EHKyb/x9fbidr359jrHo9MFZcFaz2wsdffN+ofvEP7ZPl/4G1478vKd+vZ25jx++NiKML3ZVG+zd7/d+bvNNVHD/z0eT8/LXxiN7k9OrtExtrM+xWRTwU8ZLF/6EX1+7/W77+L8XhnohYXGedzzwa/K3RPvkf2ieL/6m18//wyvy/8ZWJ28M/NKr/7Lry/7FqTj+Ub9H/B2Wr78ex3gBtS3MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CmXRsR/IklHl9fTdHQ0YjAi/h8D6czs3PzL52c/uDKV7as+/z8tnvQ7tFROiuf/D5fKEzXloxGxNyK+7NpTLY+em52ZavfJAwAAAAAAAAAAAAAAAAAAwA4xWJ3zX+mrnf+f+b2r3a0Dmq47/yreofN0b/qVlb5tbQjQcpuPf+Bpt/7472lqO4DWaxz/Dx5WqlraHKCFXP9D59pk/Pu4AHYB+R861Tr79Pqb3Q6gHeR/AAAAAADYVfYeuPNLEhGLr+2pLpnefJ/B/rC7pe1uANA2xvBC5+qebXcLgHbxHh9Iltf+rjvZv/Ho/6Q5DQIAAAAAAAAAAAAAVjm43/x/6FRrz/83th92szXm/9cLfrcLgF2k8aM/5H7Y7bzHB56U7c3/BwAAAAAAAAAAAIAdoP/6pcmZmelrcwtP38obO6MZG1tZnNwRzdjWlUfNOXJPROyME2z1SnELjjY2o81/lwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGX/BgAA//+dGid+") 1.618904708s ago: executing program 1: mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f000000c280)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c71329afd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3c4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c3d2a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bcfc0dd663f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b3cfb80f9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906918966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e710cfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992febcc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b22c1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda4518b2e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cd2c44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af418075338328f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a", 0x2000, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r1, 0x29, 0xc8, &(0x7f0000000040), 0x4) syz_emit_ethernet(0x6a, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaa04000000ffff8100000086dd604f3bf500303a0020010000000000000000000000000002ff05"], 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) fchown(0xffffffffffffffff, 0x0, 0x0) 794.817066ms ago: executing program 1: socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x18, 0x5, 0x2) bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) write(r0, &(0x7f0000001f00)="2600000022004701050000000000000000000020002b1f0000639cd505c934ffffffff554a431ec4e59747f6fb0e4708c0925bc0b07af1f36be97ffde677e2f261d311d723965ba4bbf09a37f264b2e16839b9bd922da7ff818e421484bc0b08d1b873ffab94c3d9bf7e52ade4a710c822a85bbfb7c2125c693514479f1eae0acff1d639415d874a0e70fb43ca24e33ff7377b6051a417a65c1c160b3331698e3ea2027f14c3ca1f320accdc4e0883d5", 0xb0) write(r0, &(0x7f0000000000)='\"', 0x1) prctl$PR_GET_DUMPABLE(0x3) 756.292032ms ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000181100000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0xcd, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x5412, &(0x7f00000000c0)=0x13) ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x5412, &(0x7f0000000280)=0x11) 745.130084ms ago: executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x5, 0xffffff84}}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x64}, 0x48) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000000)=r1, 0x4) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, 0x7, 0x1, 0x201}, 0x14}}, 0x0) 713.815559ms ago: executing program 1: r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x17, 0x10, &(0x7f0000000580)=@framed={{}, [@snprintf={{}, {}, {}, {0x3, 0x0}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x6a}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 702.817521ms ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) sendmsg$inet(r3, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000240)=ANY=[], 0x30}, 0x0) 615.020864ms ago: executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe) listen(r0, 0x0) accept4$bt_l2cap(r0, 0x0, 0x0, 0x0) shutdown(r0, 0x1) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000080), 0x4) 604.512146ms ago: executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)={0x1c, r1, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) 586.724969ms ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="8fedcb5d07081196f37538e486dd63"], 0xfdef) 512.2607ms ago: executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000000002d007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) splice(r2, 0x0, r1, 0x0, 0x10000008ebc, 0x0) splice(r0, 0x0, r3, 0x0, 0x25a5, 0x0) 495.379993ms ago: executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) mount(&(0x7f00000001c0)=@filename='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000001200)='vfat\x00', 0x0, 0x0) 465.359628ms ago: executing program 0: mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f000000c280)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c71329afd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3c4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c3d2a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bcfc0dd663f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b3cfb80f9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906918966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e710cfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992febcc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b22c1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda4518b2e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cd2c44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af418075338328f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a", 0x2000, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r1, 0x29, 0xc8, &(0x7f0000000040), 0x4) syz_emit_ethernet(0x6a, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaa04000000ffff8100000086dd604f3bf500303a0020010000000000000000000000000002ff05"], 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) fchown(0xffffffffffffffff, 0x0, 0x0) 437.916742ms ago: executing program 0: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 386.30939ms ago: executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000ec0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a505000000007751e8ba639a67880141cca555077e3a159110193dd2ff1fa7c3205bfedbe9d8f3b423cdacfa7e32fe0231368b2264f9c504c9f1f65515b2e1a38d522be18bd10a48b0bf224e5160f3090b4320002646d25dfd73bb6d7535f7866907dc6751dfced1fd8accae660010000053419e173a649c1cfd6587d47578f4c35235138d5521f9453559c35da860e8efbcffffffff3173d566a0f06c54c3a4903ef31c4d4acef2ce3599f455c7a3a48a01010000009f2f0517e4ca0e1803a2971a50f713d4e21b3336f1ae0796f23526ec0fd97f734c4c815bf697e6bd009d2e7dfbffff72ba8972f39dc09244ba5dbe9180950f76f7049db5cb19d7962fed44e00f392865cd81f2b77fdd76c677f812d249c8130b9fae93466e9dd8018d430054ffdca8b7fbc254f4348c8d7305000000000000593d60abc9b3e656f3d3759dcfeb820634fd4d419efaefb24305b2bea20007840484511b6efaad206335a30ef7b9e00546a6285f4665a7fe37da2349f8bf4064726dc32add75e0f435f28fbeda75cf971d54a9698cf3270fd0bcade611b895e3fff7909413f3fbd3ced3284db730b368ddca654dd7836f171b766ffd7526847a6bfda9c648e8aa5c558aa6d463ec9d840f3914909187b6b0776952be5cb0417d33d3ab25493418494d9d10d76e603129e9a726579ac7d672cacd581b7e2fc7a5758fcfb822de1da3c357341e000cc34c49914f1aa198a77b3610b7403930fd42051d4b7443e5b49c000000000000007d6173050027791c9c1e04ad3711a66d91254a6f911b1449c62a6e1e3f9ce19a9d1715c009a58e6eadac8f61b45853673df72dc812f7454ae22d79ac48034282f030408895886e9644179dcf66d97907cedd49e0c5752f755849953957143a0380d1f62acbf18b251ce63b29fe17925770fac12cf9e291200df6bb669d5a57dd74dd817ef2f8848f710c359afe73947afebdf5536ee2b9f3b19c5c90bbe7e93e425999a6542434350fe35a8cbdece7b06bdf3a676b406df18850df50eec8517b3530796ff61c096cf1f571ab9737f4b1f7e9650823ca025a3ef04d97a5b7d92d3a29c2128513da5b483fa5da21b1459d0943665dc11d039bd5e0718577c95cb37b99974bc8be5c9c42d4da0a080e380fa7fe601552d4bf000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000770000000e000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) clock_adjtime(0x0, &(0x7f0000000700)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000002c0)=ANY=[@ANYBLOB="02"], 0xfe44, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) socket$inet_icmp_raw(0x2, 0x3, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f0000000100)={[{@nombcache}, {@resgid}, {@norecovery}, {@commit={'commit', 0x3d, 0x5}}, {@nombcache}]}, 0x8, 0x5fb, &(0x7f00000004c0)="$eJzs3c9vFGUfAPDvTH/Svu/bQt6oeJAmxkCitLSAIcZEuBOCP26eKi0EKZTQGi2SWBK8mBgvHkw8eRD/CyXx6sGrBy+eDAkxhoMYImtmO1Om293SX7tbup9PMnSeme48z5R++5199nlmAuhYI9k/acT+iLiaRAyV9nVHvnNk6fvu/3njXLYkUam8/UcSNz5JFsvHSvKvg/mL/xmK5Oc0Yl/X6nrnFq5fmpyZmb6Wl8fmL18dm1u4fvji5ckL0xemr0y8OnHi+LHjJ8aPbOn8ylWfvvX+h0OfnXn3268fJuPf/XomiZPxKP+G7LxqX9u3pZqzn9lIVJY8KG/Pfq4ntnjsneKvoeL35LGkdgM71vn897EnIp6Noegq/W8OxadvtrVxQFNVkihyFNBxkk3Ff//2NwRoseI6oHhvX+998Gppk69KgFa4d2qpA2Ap9nsiooj/7qW+weiv9g0M3E9W9PMkEbG1nrklWR0//XjmVrZEg344oDkWbxa93LX5P6nG5nD0V0sD99MV8Z+Wlmz7W5usf6SmLP6hdRZvRsRzef7vjQ3F/0gp/t/bZP3iHwAAAAAAALbPnVMR8Uq98X/p8vif3jrjfwYj4uQ21P/kz//Su/lKsg3VASX3TkW8Xnf87/IY3+GuvPTf6niAnuT8xZnpIxHxv4g4FD19WXm85rjlEcKHP9/3VaP6y+P/siWrvxgLmB/pbnfNRNypyfnJrZ43EHHvZsTz1fG/B/ItK8f/ZPk/qZP/s/i+us469r10+2yjfU+Of6BZKt9EHKyb/x9fbidr359jrHo9MFZcFaz2wsdffN+ofvEP7ZPl/4G1478vKd+vZ25jx++NiKML3ZVG+zd7/d+bvNNVHD/z0eT8/LXxiN7k9OrtExtrM+xWRTwU8ZLF/6EX1+7/W77+L8XhnohYXGedzzwa/K3RPvkf2ieL/6m18//wyvy/8ZWJ28M/NKr/7Lry/7FqTj+Ub9H/B2Wr78ex3gBtS3MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CmXRsR/IklHl9fTdHQ0YjAi/h8D6czs3PzL52c/uDKV7as+/z8tnvQ7tFROiuf/D5fKEzXloxGxNyK+7NpTLY+em52ZavfJAwAAAAAAAAAAAAAAAAAAwA4xWJ3zX+mrnf+f+b2r3a0Dmq47/yreofN0b/qVlb5tbQjQcpuPf+Bpt/7472lqO4DWaxz/Dx5WqlraHKCFXP9D59pk/Pu4AHYB+R861Tr79Pqb3Q6gHeR/AAAAAADYVfYeuPNLEhGLr+2pLpnefJ/B/rC7pe1uANA2xvBC5+qebXcLgHbxHh9Iltf+rjvZv/Ho/6Q5DQIAAAAAAAAAAAAAVjm43/x/6FRrz/83th92szXm/9cLfrcLgF2k8aM/5H7Y7bzHB56U7c3/BwAAAAAAAAAAAIAdoP/6pcmZmelrcwtP38obO6MZG1tZnNwRzdjWlUfNOXJPROyME2z1SnELjjY2o81/lwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGX/BgAA//+dGid+") 369.683573ms ago: executing program 1: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file2\x00', 0x10050, &(0x7f0000000b00)={[{@orlov}, {@usrjquota}, {@noblock_validity}, {@norecovery}, {@bsdgroups}, {@i_version}]}, 0x3, 0x546, &(0x7f0000000180)="$eJzs3dFrZFcZAPDv3mR2s7upmaoPtWAttrJbdSdJ47bBh6og+lRQKz4Ja0wmIWSSWZJJuwmLTfFVEES04Is++SL4BwjSF99FKNR3UVGkZvVBoe2VO3Onm0xmkhRncpfk94Oz9557Zu73nQlz5tyZu/cGcGE9GRE3ImIsIp6JiKlie1qU2OuU/HH39+8t5iWJLHvp7SSSYlt3X5eL5bXiaRMR8Y2vRnw3ORp3a2d3baHRqG8W9enWevJOlu3eXF1fWKmv1Dfm5mafm39+/tb8zFD6WY2IF77815/88JdfeeG3n33lT7f/fuN7eVr/zbJXo6cfw9TpeqX9WnSNR8TmKIKVZLzdw45bJecCAMDx8vn+hyPik+35/1SMtWdzAAAAwHmSfWEy3kkiMgAAAODcSiNiMpK0VpzvO1mcsXotIj4aV9NGc6v1meXm9sZS3hZRjUq6vNqoz8RE+9yBalSSvD5bnGPbrT/bU5+LiEcj4sdTV9r12mKzsVT2lx8AAABwQVzrOf7/91Sa1mpF417JyQEAAADDUy07AQAAAGDkHP8DAADA+VfN+tyh66h09JkAAAAAI/C1F1/MS9a9//XSyzvba82Xby7Vt9Zq69uLtcXm5p3aSrO50r5m3/pJ+2s0m3c+Fxvbd6db9a3W9NbO7u315vZG6/bqoVtgAwAAAGfo0U+88cckIvY+f6VdcpeKtkpENnbwweNlZAiMygc6p+cvo8sDOHsHP9+vlJgHcPZM6eHiqpSdAFC6k/4D0MCTd34//FwAAIDRuP6xwb//v71camrAiBW//yenugAIcK6MlZ0AUJrO73/vZR1lZwOcpcpxMwAHBXDupcP5/f+EUwkTAwoAAJRssl2StFYcB0xGmtZqEY+0bwtYSZZXG/WZiPhQRLw1Vbmc12fbz0zM5gEAAAAAAAAAAAAAAAAAAAAAAADglLIsiQwAAAA41yLSv3XvzHV96unJ3u8HLiX/mWovI+KVn73007sLrdbmbL79n+9vb71ebH+2jG8wAAAAgF7d4/TucTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNP9/XuL97Msy/bvLZ5l3H98KSKqRfyidFrGY6K9nIhKRFz9VxLjB56XRMTYEOLvvRYRj/WLn+RpRbXI4lD8SxFpRFwZVvz4gPGjE//aEOLDRfZGPv58sd/7L40n28v+77/xovy/Bo9/6fvj39iA8e+RQTutHK4+/uavpwfGfy3i8fH+4083fpLvr0/8p07Zx+98c3d3UFv2i4jr/ca/5HCs6db6nemtnd2bq+sLK/WV+sbc3Oxz88/P35qfmV5ebdSLf/vG+NHHf/Peg9q7R/p/9Zjxt93/Aa//06fs/7tv3t3/SGe15y8Tlfh5lt14qv/f/7F88emj8buffZ8qPgfyev4apq9/q2/8J371hycG5Zb3f2lA/yd6+n+5p/83Ttn/Z77+/T+f8qEAwBnY2tldW2g06ptWDq5E9aFI4+FdyeedpaeRRBL5yluHmhbKT6yz8mrxHltodN9tQ9rz74qDo1EmX9J4BAAAjM6DSX9vS1JOQgAAAAAAAAAAAAAAAAAAAHABnXgZsEFNaUQ82PLtHxxzNbLemHvldBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Fj/CwAA//8GI9aV") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x159080, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) syz_mount_image$fuse(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x40000, &(0x7f0000000380)=ANY=[], 0x1, 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f00000000c0)='./file2\x00', 0x0, &(0x7f0000000700)=ANY=[], 0x0, 0x0, 0x0) 331.499949ms ago: executing program 3: socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x18, 0x5, 0x2) bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) write(r0, &(0x7f0000001f00)="2600000022004701050000000000000000000020002b1f0000639cd505c934ffffffff554a431ec4e59747f6fb0e4708c0925bc0b07af1f36be97ffde677e2f261d311d723965ba4bbf09a37f264b2e16839b9bd922da7ff818e421484bc0b08d1b873ffab94c3d9bf7e52ade4a710c822a85bbfb7c2125c693514479f1eae0acff1d639415d874a0e70fb43ca24e33ff7377b6051a417a65c1c160b3331698e3ea2027f14c3ca1f320accdc4e0883d5", 0xb0) write(r0, &(0x7f0000000000)='\"', 0x1) prctl$PR_GET_DUMPABLE(0x3) 271.453078ms ago: executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) madvise(&(0x7f00008d7000/0x1000)=nil, 0x1000, 0x4) mremap(&(0x7f00008d5000/0x3000)=nil, 0x3000, 0x2000, 0x0, &(0x7f0000ffe000/0x2000)=nil) readv(r1, &(0x7f0000000040)=[{&(0x7f0000000180)=""/80, 0x50}], 0x7) setreuid(0x0, 0x0) setresuid(0x0, 0x0, 0x0) pipe2$9p(0x0, 0x0) 581.75µs ago: executing program 0: r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x17, 0x10, &(0x7f0000000580)=@framed={{}, [@snprintf={{}, {}, {}, {0x3, 0x0}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x6a}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 0s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) sendmsg$inet(r3, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000240)=ANY=[], 0x30}, 0x0) kernel console output (not intermixed with test programs): ected capacity change from 0 to 512 [ 459.866065][ T316] cdc_mbim 5-1:1.0: MBIM functional descriptor missing [ 459.877307][ T316] cdc_mbim 5-1:1.0: bind() failure [ 459.891550][T10077] serio: Serial port pts0 [ 459.907518][T10071] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 459.995195][ T30] audit: type=1107 audit(1718695612.025:4688): pid=10082 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 460.071773][T10071] EXT4-fs (loop3): 1 truncate cleaned up [ 460.077449][T10071] EXT4-fs (loop3): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,bsdgroups,nombcache,noload,,errors=continue. Quota mode: none. [ 460.093357][ T316] usb 5-1: USB disconnect, device number 18 [ 460.123797][ T30] audit: type=1400 audit(1718695612.205:4689): avc: denied { watch watch_reads } for pid=10070 comm="syz-executor.3" path="/root/syzkaller-testdir282274002/syzkaller.nge27B/157/bus" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 460.318694][T10093] loop2: detected capacity change from 0 to 128 [ 460.378667][T10093] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 460.967717][ T30] audit: type=1326 audit(1718695613.055:4690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10096 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f80bdfd0f29 code=0x0 [ 461.951349][T10089] loop1: detected capacity change from 0 to 40427 [ 462.046662][T10089] F2FS-fs (loop1): invalid crc value [ 462.077474][T10089] F2FS-fs (loop1): Found nat_bits in checkpoint [ 462.336044][T10089] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 462.514866][T10136] loop3: detected capacity change from 0 to 128 [ 462.522728][ T316] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 462.609635][T10136] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 462.835241][ T316] usb 5-1: Using ep0 maxpacket: 16 [ 463.241223][ T8203] attempt to access beyond end of device [ 463.241223][ T8203] loop1: rw=2049, want=45104, limit=40427 [ 463.267676][ T30] audit: type=1326 audit(1718695615.355:4691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10137 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6f5489cf29 code=0x0 [ 463.291513][ T316] usb 5-1: unable to get BOS descriptor or descriptor too short [ 463.375103][ T316] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 463.555212][ T316] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 463.574496][ T316] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.584619][ T316] usb 5-1: Product: syz [ 463.594728][ T316] usb 5-1: Manufacturer: syz [ 463.599255][ T316] usb 5-1: SerialNumber: syz [ 463.646012][ T316] cdc_mbim 5-1:1.0: MBIM functional descriptor missing [ 463.652755][ T316] cdc_mbim 5-1:1.0: bind() failure [ 463.861941][ T60] usb 5-1: USB disconnect, device number 19 [ 463.880593][T10158] loop1: detected capacity change from 0 to 16 [ 463.926832][T10158] erofs: (device loop1): erofs_read_inode: unsupported chunk format 7fff of nid 36 [ 463.991848][T10141] loop3: detected capacity change from 0 to 40427 [ 464.035042][T10141] F2FS-fs (loop3): invalid crc value [ 464.042348][T10141] F2FS-fs (loop3): Found nat_bits in checkpoint [ 464.095296][ T316] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 464.112958][T10163] serio: Serial port pts0 [ 464.160915][T10141] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 464.472013][T10173] loop0: detected capacity change from 0 to 128 [ 464.539125][ T316] usb 3-1: Using ep0 maxpacket: 8 [ 464.546368][T10173] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 464.785849][ T316] usb 3-1: config index 0 descriptor too short (expected 30482, got 18) [ 464.816705][ T316] usb 3-1: config 0 has too many interfaces: 101, using maximum allowed: 32 [ 464.868469][T10172] overlayfs: failed to resolve './file1': -2 [ 464.900282][ T316] usb 3-1: config 0 has an invalid interface number: 191 but max is 100 [ 465.093247][ T316] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 101 [ 465.102208][ T316] usb 3-1: config 0 has no interface number 0 [ 465.245388][ T316] usb 3-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice= 5.00 [ 465.248028][T10182] syz-executor.1[10182] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 465.254484][T10182] syz-executor.1[10182] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 465.254713][ T8155] attempt to access beyond end of device [ 465.254713][ T8155] loop3: rw=2049, want=45112, limit=40427 [ 465.296100][ T316] usb 3-1: New USB device strings: Mfr=253, Product=255, SerialNumber=0 [ 465.314554][ T316] usb 3-1: Product: syz [ 465.330947][ T316] usb 3-1: Manufacturer: syz [ 465.338638][ T316] usb 3-1: config 0 descriptor?? [ 465.378566][ T316] ftdi_sio 3-1:0.191: FTDI USB Serial Device converter detected [ 465.397192][ T316] usb 3-1: Detected FT232BM [ 465.949289][T10204] loop4: detected capacity change from 0 to 1024 [ 466.148373][T10204] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 466.414180][ T337] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 466.935165][ T316] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 466.955131][ T316] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 466.973302][ T316] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 467.001675][ T316] usb 3-1: USB disconnect, device number 20 [ 467.019167][ T316] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 467.049141][ T316] ftdi_sio 3-1:0.191: device disconnected [ 467.203745][T10221] loop3: detected capacity change from 0 to 512 [ 467.215019][ T337] usb 1-1: Using ep0 maxpacket: 16 [ 467.261720][T10221] EXT4-fs (loop3): 1 truncate cleaned up [ 467.267910][T10221] EXT4-fs (loop3): mounted filesystem without journal. Opts: prjquota,grpquota,debug_want_extra_isize=0x000000000000005c,sysvgroups,nolazytime,errors=continue,grpjquota=,,errors=continue. Quota mode: writeback. [ 467.298518][T10221] EXT4-fs error (device loop3): ext4_lookup:1855: inode #13: comm syz-executor.3: iget: checksum invalid [ 467.322300][ T8155] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 13: comm syz-executor.3: path /root/syzkaller-testdir282274002/syzkaller.nge27B/166/file2: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=196608, rec_len=0, size=1024 fake=0 [ 467.348979][ T8155] EXT4-fs error (device loop3): ext4_lookup:1855: inode #11: comm syz-executor.3: iget: checksum invalid [ 467.361383][ T8155] EXT4-fs error (device loop3): ext4_lookup:1855: inode #11: comm syz-executor.3: iget: checksum invalid [ 467.385259][ T337] usb 1-1: unable to get BOS descriptor or descriptor too short [ 467.439243][T10210] loop2: detected capacity change from 0 to 40427 [ 467.455082][ T20] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 467.465150][ T337] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 467.493310][T10210] F2FS-fs (loop2): invalid crc value [ 467.506929][T10210] F2FS-fs (loop2): Found nat_bits in checkpoint [ 467.630736][T10210] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 467.635233][ T337] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 467.655003][ T337] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 467.673024][ T337] usb 1-1: Product: syz [ 467.677087][ T337] usb 1-1: Manufacturer: syz [ 467.681475][ T337] usb 1-1: SerialNumber: syz [ 467.746070][ T337] cdc_mbim 1-1:1.0: MBIM functional descriptor missing [ 467.752915][ T337] cdc_mbim 1-1:1.0: bind() failure [ 467.815128][ T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 467.835025][ T20] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 467.854821][ T20] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 467.863849][ T20] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 467.877781][ T20] usb 2-1: config 0 descriptor?? [ 467.927395][T10228] bridge0: port 1(bridge_slave_0) entered blocking state [ 467.934355][T10228] bridge0: port 1(bridge_slave_0) entered disabled state [ 467.942277][T10228] device bridge_slave_0 entered promiscuous mode [ 467.951155][T10228] bridge0: port 2(bridge_slave_1) entered blocking state [ 467.957855][ T337] usb 1-1: USB disconnect, device number 22 [ 467.959042][T10228] bridge0: port 2(bridge_slave_1) entered disabled state [ 467.971919][T10228] device bridge_slave_1 entered promiscuous mode [ 467.980027][ T9488] device bridge_slave_1 left promiscuous mode [ 467.986381][ T9488] bridge0: port 2(bridge_slave_1) entered disabled state [ 467.997950][T10232] overlayfs: failed to resolve './file1': -2 [ 468.005678][ T9488] device veth1_macvtap left promiscuous mode [ 468.011747][ T9488] device veth0_vlan left promiscuous mode [ 468.051724][ T30] audit: type=1400 audit(1718695620.135:4692): avc: denied { setopt } for pid=10233 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 468.277574][ T8677] attempt to access beyond end of device [ 468.277574][ T8677] loop2: rw=2049, want=45112, limit=40427 [ 468.647586][T10242] loop4: detected capacity change from 0 to 1024 [ 468.774890][T10242] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 469.335151][ T20] usb 2-1: string descriptor 0 read error: -71 [ 469.355227][ T20] uclogic 0003:256C:006D.0034: failed retrieving string descriptor #200: -71 [ 469.399592][ T20] uclogic 0003:256C:006D.0034: failed retrieving pen parameters: -71 [ 469.425022][ T20] uclogic 0003:256C:006D.0034: failed probing pen v2 parameters: -71 [ 469.450976][ T20] uclogic 0003:256C:006D.0034: failed probing parameters: -71 [ 469.462209][ T20] uclogic: probe of 0003:256C:006D.0034 failed with error -71 [ 469.463983][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 469.478191][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 469.496878][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 469.505492][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 469.505963][ T20] usb 2-1: USB disconnect, device number 27 [ 469.513820][ T316] bridge0: port 1(bridge_slave_0) entered blocking state [ 469.525972][ T316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 469.533877][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 469.544406][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 469.552770][ T316] bridge0: port 2(bridge_slave_1) entered blocking state [ 469.559791][ T316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 469.575205][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 469.593354][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 469.601845][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 469.611300][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 469.619534][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 469.645570][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 469.655612][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 469.682431][T10228] device veth0_vlan entered promiscuous mode [ 469.698886][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 469.707581][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 469.735255][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 469.742923][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 469.748745][T10255] loop0: detected capacity change from 0 to 512 [ 469.756198][T10228] device veth1_macvtap entered promiscuous mode [ 469.791265][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 469.801024][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 469.816284][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 469.836996][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 469.848844][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 469.857161][T10255] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 469.857474][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 469.875883][T10255] ext4 filesystem being mounted at /root/syzkaller-testdir3465839964/syzkaller.LD9LJi/122/bus supports timestamps until 2038 (0x7fffffff) [ 469.892412][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 470.826990][ T30] audit: type=1400 audit(1718695622.915:4693): avc: denied { listen } for pid=10281 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 470.851889][ T30] audit: type=1326 audit(1718695622.935:4694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10279 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9936dbf29 code=0x7ffc0000 [ 470.912657][ T30] audit: type=1326 audit(1718695622.935:4695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10279 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9936dbf29 code=0x7ffc0000 [ 470.950160][ T30] audit: type=1326 audit(1718695622.935:4696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10279 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc9936dbf29 code=0x7ffc0000 [ 470.985281][ T30] audit: type=1326 audit(1718695622.935:4697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10279 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9936dbf29 code=0x7ffc0000 [ 471.045622][ T30] audit: type=1326 audit(1718695622.935:4698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10279 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9936dbf29 code=0x7ffc0000 [ 471.062971][T10269] loop3: detected capacity change from 0 to 40427 [ 471.073568][ T30] audit: type=1326 audit(1718695622.935:4699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10279 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc9936dbf29 code=0x7ffc0000 [ 471.104577][ T30] audit: type=1400 audit(1718695622.965:4700): avc: denied { accept } for pid=10281 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 471.110107][T10269] F2FS-fs (loop3): invalid crc value [ 471.124647][ T30] audit: type=1326 audit(1718695622.965:4701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10279 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9936dbf29 code=0x7ffc0000 [ 471.165589][T10269] F2FS-fs (loop3): Found nat_bits in checkpoint [ 471.234192][T10306] syz-executor.1[10306] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 471.234350][T10306] syz-executor.1[10306] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 471.295274][T10269] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 471.309234][T10311] loop0: detected capacity change from 0 to 512 [ 471.337693][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 471.382400][T10228] attempt to access beyond end of device [ 471.382400][T10228] loop3: rw=2049, want=45104, limit=40427 [ 471.425771][T10311] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 471.444068][T10311] ext4 filesystem being mounted at /root/syzkaller-testdir3465839964/syzkaller.LD9LJi/125/bus supports timestamps until 2038 (0x7fffffff) [ 471.483524][T10316] device pim6reg1 entered promiscuous mode [ 471.692568][T10325] device syzkaller0 entered promiscuous mode [ 471.971203][T10325] syzkaller0: create flow: hash 1417123634 index 1 [ 471.993399][T10324] syzkaller0: delete flow: hash 1417123634 index 1 [ 472.114497][T10331] IPv6: Can't replace route, no match found [ 472.333717][T10342] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 472.346151][T10342] pim6reg0: linktype set to 776 [ 472.413005][T10352] tipc: Started in network mode [ 472.418106][T10352] tipc: Node identity ac1414aa, cluster identity 4711 [ 472.425055][T10352] tipc: New replicast peer: 100.1.1.1 [ 472.431657][T10352] tipc: Enabled bearer , priority 10 [ 472.442065][T10356] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.0'. [ 472.540229][T10364] IPv6: Can't replace route, no match found [ 473.049577][T10366] tipc: Failed to remove unknown binding: 66,1,1/0:3372285372/3372285374 [ 473.147654][T10366] tipc: Failed to remove unknown binding: 66,1,1/0:3372285372/3372285374 [ 473.475981][T10374] loop1: detected capacity change from 0 to 512 [ 473.507370][T10379] loop4: detected capacity change from 0 to 256 [ 473.526485][T10374] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 473.543894][T10374] ext4 filesystem being mounted at /root/syzkaller-testdir889356924/syzkaller.s7X9Pp/156/bus supports timestamps until 2038 (0x7fffffff) [ 473.545288][ T60] tipc: Node number set to 2886997162 [ 473.642053][T10385] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 473.661405][T10385] pim6reg0: linktype set to 776 [ 473.729932][T10391] loop2: detected capacity change from 0 to 256 [ 473.798924][T10398] IPv6: Can't replace route, no match found [ 474.115259][ T30] kauditd_printk_skb: 30 callbacks suppressed [ 474.115316][ T30] audit: type=1400 audit(1718695626.135:4732): avc: denied { rename } for pid=10390 comm="syz-executor.2" name="file1" dev="loop2" ino=1048884 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 474.587316][ T30] audit: type=1400 audit(1718695626.145:4733): avc: denied { reparent } for pid=10390 comm="syz-executor.2" name="file1" dev="loop2" ino=1048884 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 474.819460][T10416] loop2: detected capacity change from 0 to 256 [ 474.946739][T10425] IPv6: Can't replace route, no match found [ 474.986058][T10428] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 475.000502][T10428] pim6reg0: linktype set to 776 [ 475.205039][ T335] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 475.232013][T10395] loop0: detected capacity change from 0 to 40427 [ 475.294409][T10395] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 475.302107][T10395] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 475.316885][T10395] F2FS-fs (loop0): invalid crc value [ 475.325315][T10395] F2FS-fs (loop0): Found nat_bits in checkpoint [ 475.366155][T10447] overlayfs: failed to get inode (-116) [ 475.371807][T10447] overlayfs: failed to get inode (-116) [ 475.422590][T10395] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 475.431982][T10395] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 475.446841][T10450] loop2: detected capacity change from 0 to 256 [ 475.476607][ T335] usb 2-1: Using ep0 maxpacket: 16 [ 475.502269][ T8498] attempt to access beyond end of device [ 475.502269][ T8498] loop0: rw=2049, want=45104, limit=40427 [ 475.591285][T10455] IPv6: Can't replace route, no match found [ 475.614807][T10457] netlink: 'syz-executor.2': attribute type 12 has an invalid length. [ 475.675117][ T335] usb 2-1: unable to get BOS descriptor or descriptor too short [ 475.690679][T10461] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 475.712687][T10461] pim6reg0: linktype set to 776 [ 475.765500][ T335] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 475.861977][T10472] overlayfs: failed to get inode (-116) [ 475.875454][T10472] overlayfs: failed to get inode (-116) [ 475.965299][ T335] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 475.974654][ T335] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 476.015124][ T335] usb 2-1: Product: syz [ 476.019172][ T335] usb 2-1: Manufacturer: syz [ 476.023603][ T335] usb 2-1: SerialNumber: syz [ 476.116153][ T335] cdc_mbim 2-1:1.0: MBIM functional descriptor missing [ 476.130673][ T335] cdc_mbim 2-1:1.0: bind() failure [ 476.170161][T10482] loop0: detected capacity change from 0 to 256 [ 476.278471][T10486] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 476.323462][ T935] usb 2-1: USB disconnect, device number 28 [ 476.430018][ T30] audit: type=1400 audit(1718695628.515:4734): avc: denied { remount } for pid=10497 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 476.464057][T10475] loop3: detected capacity change from 0 to 40427 [ 476.518482][T10475] F2FS-fs (loop3): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 476.535939][T10475] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 476.553846][T10475] F2FS-fs (loop3): invalid crc value [ 476.576667][T10475] F2FS-fs (loop3): Found nat_bits in checkpoint [ 476.694401][T10514] netem: change failed [ 476.772241][T10475] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 476.779356][T10475] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 476.913125][T10525] loop1: detected capacity change from 0 to 128 [ 476.919940][T10228] attempt to access beyond end of device [ 476.919940][T10228] loop3: rw=2049, want=45104, limit=40427 [ 477.136627][T10535] loop1: detected capacity change from 0 to 256 [ 477.164241][T10535] exfat: Deprecated parameter 'utf8' [ 477.173223][T10535] exfat: Deprecated parameter 'utf8' [ 477.185119][T10535] exfat: Deprecated parameter 'utf8' [ 477.211294][T10535] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 477.443107][T10557] overlayfs: failed to get inode (-116) [ 477.485258][T10557] overlayfs: failed to get inode (-116) [ 478.341225][T10571] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 478.365357][ T20] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 478.400984][T10574] loop3: detected capacity change from 0 to 256 [ 478.433755][T10576] tipc: Failed to remove unknown binding: 66,1,1/2886997162:3601737358/3601737360 [ 478.445120][T10574] exfat: Deprecated parameter 'utf8' [ 478.450308][T10574] exfat: Deprecated parameter 'utf8' [ 478.456471][T10574] exfat: Deprecated parameter 'utf8' [ 478.458413][T10576] tipc: Failed to remove unknown binding: 66,1,1/2886997162:3601737358/3601737360 [ 478.468761][T10574] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 478.577018][T10587] overlayfs: failed to get inode (-116) [ 478.582674][T10587] overlayfs: failed to get inode (-116) [ 478.615217][ T20] usb 5-1: Using ep0 maxpacket: 16 [ 478.649197][T10593] syz-executor.3[10593] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 478.649353][T10593] syz-executor.3[10593] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 478.662121][T10593] syz-executor.3[10593] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 478.674479][T10593] syz-executor.3[10593] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 478.715204][ T60] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 478.790268][ T20] usb 5-1: unable to get BOS descriptor or descriptor too short [ 478.875193][ T20] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 479.710450][T10608] syz-executor.2[10608] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 479.710613][T10608] syz-executor.2[10608] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 479.785447][ T20] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 479.832860][ T20] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 479.845252][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 479.857863][ T30] audit: type=1400 audit(1718695631.945:4735): avc: denied { ioctl } for pid=10609 comm="syz-executor.1" path="socket:[60366]" dev="sockfs" ino=60366 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 479.897104][T10611] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=24 sclass=netlink_tcpdiag_socket pid=10611 comm=syz-executor.1 [ 479.915446][ T60] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 479.925182][ T20] usb 5-1: Product: syz [ 479.929454][ T20] usb 5-1: Manufacturer: syz [ 479.933926][ T20] usb 5-1: SerialNumber: syz [ 479.938474][ T60] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 479.948674][ T60] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.413528][ T60] usb 1-1: config 0 descriptor?? [ 480.423136][T10615] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=37 sclass=netlink_tcpdiag_socket pid=10615 comm=syz-executor.1 [ 480.437253][ T20] usb 5-1: can't set config #1, error -71 [ 480.446794][ T20] usb 5-1: USB disconnect, device number 20 [ 480.625906][T10621] netem: change failed [ 480.673002][T10628] syz-executor.3[10628] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 480.673158][T10628] syz-executor.3[10628] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 480.716286][T10628] syz-executor.3[10628] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 480.740265][T10628] syz-executor.3[10628] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 480.851686][T10644] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=24 sclass=netlink_tcpdiag_socket pid=10644 comm=syz-executor.3 [ 480.895606][ T60] hid (null): bogus close delimiter [ 480.947222][T10645] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=37 sclass=netlink_tcpdiag_socket pid=10645 comm=syz-executor.3 [ 481.072011][T10631] loop1: detected capacity change from 0 to 40427 [ 481.116650][T10631] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 481.124512][T10631] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 481.135672][T10631] F2FS-fs (loop1): invalid crc value [ 481.143777][T10631] F2FS-fs (loop1): Found nat_bits in checkpoint [ 481.257315][T10631] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 481.267586][T10631] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 481.418520][ T9488] attempt to access beyond end of device [ 481.418520][ T9488] loop1: rw=1, want=45104, limit=40427 [ 481.435207][ T60] uclogic 0003:256C:006D.0035: failed retrieving Huion firmware version: -71 [ 481.452198][ T60] uclogic 0003:256C:006D.0035: failed probing parameters: -71 [ 481.471570][ T60] uclogic: probe of 0003:256C:006D.0035 failed with error -71 [ 481.495793][ T60] usb 1-1: USB disconnect, device number 23 [ 482.409025][T10674] loop2: detected capacity change from 0 to 256 [ 482.463660][T10674] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 482.630416][T10686] loop0: detected capacity change from 0 to 512 [ 482.662589][T10690] netem: change failed [ 482.689737][T10692] input: syz0 as /devices/virtual/input/input47 [ 482.721989][T10686] EXT4-fs error (device loop0): ext4_ext_check_inode:501: inode #16: comm syz-executor.0: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 482.795998][T10686] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor.0: couldn't read orphan inode 16 (err -117) [ 482.822113][T10686] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 482.855342][T10686] ext4 filesystem being mounted at /root/syzkaller-testdir3465839964/syzkaller.LD9LJi/147/file1 supports timestamps until 2038 (0x7fffffff) [ 483.117102][T10722] netlink: 184 bytes leftover after parsing attributes in process `syz-executor.0'. [ 484.154682][T10749] blk_update_request: I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 484.179968][T10749] FAT-fs (loop9): unable to read boot sector [ 484.280566][T10765] loop4: detected capacity change from 0 to 512 [ 484.325011][T10765] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 484.340608][T10765] ext4 filesystem being mounted at /root/syzkaller-testdir3672247262/syzkaller.8e2Mvb/120/bus supports timestamps until 2038 (0x7fffffff) [ 484.440286][T10775] loop1: detected capacity change from 0 to 16 [ 484.457414][T10768] loop2: detected capacity change from 0 to 8192 [ 484.507137][T10775] erofs: (device loop1): mounted with root inode @ nid 36. [ 486.209489][T10788] ------------[ cut here ]------------ [ 486.214834][T10788] Please remove unsupported %[ 486.219575][T10788] WARNING: CPU: 1 PID: 10788 at lib/vsprintf.c:2667 format_decode+0x12d2/0x1f10 [ 486.228614][T10788] Modules linked in: [ 486.232318][T10788] CPU: 1 PID: 10788 Comm: syz-executor.0 Not tainted 5.15.149-syzkaller-00165-g85445b5a2107 #0 [ 486.242528][T10788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 486.252424][T10788] RIP: 0010:format_decode+0x12d2/0x1f10 [ 486.257917][T10788] Code: 7b 04 01 48 b8 00 00 00 00 00 fc ff df 41 0f b6 04 07 84 c0 0f 85 30 0c 00 00 41 0f be 36 48 c7 c7 80 79 84 85 e8 0e 27 b9 fe <0f> 0b e9 01 fa ff ff 48 8b 4c 24 18 80 e1 07 38 c1 0f 8c e3 ed ff [ 486.277341][T10788] RSP: 0018:ffffc900009d7620 EFLAGS: 00010246 [ 486.283219][T10788] RAX: 48b2bc2cbe3c4e00 RBX: 00000000ffffffdb RCX: 0000000000040000 [ 486.291070][T10788] RDX: ffffc90002737000 RSI: 00000000000004e7 RDI: 00000000000004e8 [ 486.298868][T10788] RBP: ffffc900009d7710 R08: ffffffff81576225 R09: fffff5200013aded [ 486.306672][T10788] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff0a00ffffff00 [ 486.314547][T10788] R13: ffff0000ffffff00 R14: ffffc900009d794c R15: 1ffff9200013af29 [ 486.322385][T10788] FS: 00007f6f53c176c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 486.331691][T10788] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 486.338108][T10788] CR2: 00000000207fe000 CR3: 00000001260bd000 CR4: 00000000003506a0 [ 486.345947][T10788] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 486.353714][T10788] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 486.361577][T10788] Call Trace: [ 486.362109][T10789] loop0: detected capacity change from 0 to 256 [ 486.364651][T10788] [ 486.364671][T10788] ? show_regs+0x58/0x60 [ 486.377830][T10788] ? __warn+0x160/0x2f0 [ 486.381859][T10788] ? format_decode+0x12d2/0x1f10 [ 486.386688][T10788] ? report_bug+0x3d9/0x5b0 [ 486.390975][T10788] ? format_decode+0x12d2/0x1f10 [ 486.395780][T10788] ? handle_bug+0x41/0x70 [ 486.399913][T10788] ? exc_invalid_op+0x1b/0x50 [ 486.404429][T10788] ? asm_exc_invalid_op+0x1b/0x20 [ 486.409324][T10788] ? __wake_up_klogd+0xd5/0x110 [ 486.413982][T10788] ? format_decode+0x12d2/0x1f10 [ 486.418774][T10788] ? __kernel_text_address+0x9b/0x110 [ 486.423972][T10788] ? vsnprintf+0x1c70/0x1c70 [ 486.428414][T10788] ? bstr_printf+0x1b6/0x10c0 [ 486.432898][T10788] ? memcpy+0x56/0x70 [ 486.436785][T10788] bstr_printf+0x130/0x10c0 [ 486.441202][T10788] ? bpf_bprintf_cleanup+0xc0/0xc0 [ 486.446202][T10788] ? vbin_printf+0x1bc0/0x1bc0 [ 486.451645][T10788] ? bpf_trace_printk+0x122/0x330 [ 486.456601][T10788] ? memcpy+0x56/0x70 [ 486.460376][T10788] bpf_trace_printk+0x1b5/0x330 [ 486.465384][T10788] ? kmem_cache_alloc+0xf5/0x200 [ 486.470214][T10788] ? ktime_get+0xf1/0x160 [ 486.474379][T10788] ? bpf_probe_write_user+0xf0/0xf0 [ 486.479582][T10788] ? do_syscall_64+0x3d/0xb0 [ 486.484057][T10788] ? ktime_get+0xf1/0x160 [ 486.488255][T10788] bpf_prog_12183cdb1cd51dab+0x2e/0xef4 [ 486.493601][T10788] bpf_test_run+0x478/0xa10 [ 486.498000][T10788] ? convert___skb_to_skb+0x570/0x570 [ 486.503252][T10788] ? eth_type_trans+0x2c6/0x600 [ 486.507965][T10788] ? eth_get_headlen+0x240/0x240 [ 486.512712][T10788] ? convert___skb_to_skb+0x44/0x570 [ 486.518017][T10788] bpf_prog_test_run_skb+0xb41/0x1420 [ 486.523310][T10788] ? anon_inode_getfd+0x33/0x40 [ 486.528037][T10788] ? __bpf_prog_test_run_raw_tp+0x1d0/0x1d0 [ 486.533729][T10788] ? __kasan_check_write+0x14/0x20 [ 486.538832][T10788] ? fput_many+0x160/0x1b0 [ 486.543139][T10788] ? __bpf_prog_test_run_raw_tp+0x1d0/0x1d0 [ 486.549608][T10788] bpf_prog_test_run+0x3b0/0x630 [ 486.554482][T10788] ? bpf_prog_query+0x220/0x220 [ 486.559183][T10788] ? selinux_bpf+0xd2/0x100 [ 486.563525][T10788] ? security_bpf+0x82/0xb0 [ 486.568315][T10788] __sys_bpf+0x525/0x760 [ 486.572354][T10788] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 486.577736][T10788] ? __kasan_check_read+0x11/0x20 [ 486.582667][T10788] __x64_sys_bpf+0x7c/0x90 [ 486.586936][T10788] do_syscall_64+0x3d/0xb0 [ 486.591162][T10788] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 486.596920][T10788] RIP: 0033:0x7f6f5489cf29 [ 486.601150][T10788] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 486.614223][T10791] device sit0 entered promiscuous mode [ 486.620832][T10788] RSP: 002b:00007f6f53c170c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 486.634469][T10788] RAX: ffffffffffffffda RBX: 00007f6f549d3f80 RCX: 00007f6f5489cf29 [ 486.642348][T10788] RDX: 0000000000000028 RSI: 0000000020000080 RDI: 000000000000000a [ 486.650229][T10788] RBP: 00007f6f5490c074 R08: 0000000000000000 R09: 0000000000000000 [ 486.658029][T10788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 486.665843][T10788] R13: 000000000000000b R14: 00007f6f549d3f80 R15: 00007ffc5279fcb8 [ 486.673649][T10788] [ 486.676523][T10788] ---[ end trace be4a27ddd0b0997b ]--- [ 486.695796][T10793] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 486.707343][T10793] FAT-fs (loop7): unable to read boot sector [ 486.762930][ T30] audit: type=1400 audit(1718695638.845:4736): avc: denied { wake_alarm } for pid=10785 comm="syz-executor.0" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 487.106887][T10804] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev ?, type ?) errno=-22 [ 487.282338][T10804] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev bpf, type bpf) errno=-22 [ 488.173133][T10815] bridge0: port 1(bridge_slave_0) entered blocking state [ 488.186020][T10815] bridge0: port 1(bridge_slave_0) entered disabled state [ 488.201924][T10815] device bridge_slave_0 entered promiscuous mode [ 488.218193][T10815] bridge0: port 2(bridge_slave_1) entered blocking state [ 488.226761][T10815] bridge0: port 2(bridge_slave_1) entered disabled state [ 488.234837][T10815] device bridge_slave_1 entered promiscuous mode [ 489.431828][ T45] device bridge_slave_1 left promiscuous mode [ 489.446119][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 489.485894][ T45] device bridge_slave_0 left promiscuous mode [ 489.491959][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 489.507404][T10849] bpf_get_probe_write_proto: 10 callbacks suppressed [ 489.507452][T10849] syz-executor.0[10849] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 489.523691][ T45] device veth1_macvtap left promiscuous mode [ 489.541746][T10849] syz-executor.0[10849] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 489.562110][ T45] device veth0_vlan left promiscuous mode [ 489.643666][T10863] syz-executor.0[10863] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 489.643819][T10863] syz-executor.0[10863] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 489.900638][T10851] device sit0 entered promiscuous mode [ 490.916122][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 490.933414][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 490.974011][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 490.983114][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 491.016678][ T8345] bridge0: port 1(bridge_slave_0) entered blocking state [ 491.023647][ T8345] bridge0: port 1(bridge_slave_0) entered forwarding state [ 491.035990][T10890] fscrypt: AES-128-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 491.056328][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 491.064661][T10890] fscrypt: AES-128-CBC-ESSIV using implementation "essiv(cbc-aes-aesni,sha256-avx2)" [ 491.075184][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 491.083454][ T8345] bridge0: port 2(bridge_slave_1) entered blocking state [ 491.090428][ T8345] bridge0: port 2(bridge_slave_1) entered forwarding state [ 491.135376][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 491.167320][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 491.202941][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 491.234770][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 491.257539][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 491.324367][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 491.340657][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 491.350294][ T30] audit: type=1326 audit(1718695643.445:4737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10898 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9936dbf29 code=0x7ffc0000 [ 491.395166][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 491.409072][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 491.421403][ T30] audit: type=1326 audit(1718695643.465:4738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10898 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7fc9936dbf29 code=0x7ffc0000 [ 491.454060][T10815] device veth0_vlan entered promiscuous mode [ 491.470752][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 491.481867][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 491.520170][T10815] device veth1_macvtap entered promiscuous mode [ 491.527186][ T30] audit: type=1326 audit(1718695643.465:4739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10898 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9936dbf29 code=0x7ffc0000 [ 491.556233][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 491.565469][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 491.573941][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 491.591467][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 491.600669][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 491.621301][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 491.630852][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 491.708882][T10906] SELinux: security_context_str_to_sid(user_u) failed for (dev ?, type ?) errno=-22 [ 491.735520][T10906] SELinux: security_context_str_to_sid(user_u) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 491.778349][T10912] syz-executor.1[10912] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 491.778516][T10912] syz-executor.1[10912] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 491.989026][T10918] syz-executor.3[10918] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 492.279249][T10918] syz-executor.3[10918] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 492.834150][ T333] Bluetooth: hci0: command 0x1003 tx timeout [ 492.852680][ T1361] Bluetooth: hci0: sending frame failed (-49) [ 493.522059][T10941] SELinux: security_context_str_to_sid(user_u) failed for (dev ?, type ?) errno=-22 [ 493.539777][T10941] SELinux: security_context_str_to_sid(user_u) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 494.236857][T10952] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 494.683512][ T30] audit: type=1326 audit(1718695646.765:4740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10960 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f707e1a3f29 code=0x7ffc0000 [ 494.764238][ T30] audit: type=1326 audit(1718695646.765:4741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10960 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f707e1a3f29 code=0x7ffc0000 [ 494.813963][ T30] audit: type=1326 audit(1718695646.765:4742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10960 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f707e1a3f29 code=0x7ffc0000 [ 494.855572][T10970] SELinux: security_context_str_to_sid(user_u) failed for (dev ?, type ?) errno=-22 [ 494.883554][T10970] SELinux: security_context_str_to_sid(user_u) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 494.883758][ T30] audit: type=1326 audit(1718695646.765:4743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10960 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f707e1a3f29 code=0x7ffc0000 [ 494.920033][ T333] Bluetooth: hci0: command 0x1001 tx timeout [ 494.926228][ T1361] Bluetooth: hci0: sending frame failed (-49) [ 494.961598][ T30] audit: type=1326 audit(1718695646.765:4744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10960 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f707e1a3f29 code=0x7ffc0000 [ 494.986379][ T30] audit: type=1326 audit(1718695646.765:4745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10960 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f707e1a3f29 code=0x7ffc0000 [ 495.010372][ T30] audit: type=1326 audit(1718695646.805:4746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10960 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f707e1a3f29 code=0x7ffc0000 [ 495.034618][ T30] audit: type=1326 audit(1718695646.805:4747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10960 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f707e1a3f29 code=0x7ffc0000 [ 495.083573][ T30] audit: type=1326 audit(1718695646.805:4748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10960 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f707e1a3f29 code=0x7ffc0000 [ 495.145591][ T30] audit: type=1326 audit(1718695646.805:4749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10960 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f707e1a3f29 code=0x7ffc0000 [ 495.411986][T10999] loop3: detected capacity change from 0 to 8192 [ 495.426650][T11006] loop1: detected capacity change from 0 to 128 [ 495.450117][T11008] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 495.492144][T11006] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 495.503002][T11006] ext4 filesystem being mounted at /root/syzkaller-testdir889356924/syzkaller.s7X9Pp/212/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 495.542825][T11006] EXT4-fs error (device loop1): ext4_empty_dir:3093: inode #2: comm syz-executor.1: Directory block failed checksum [ 496.670661][T11019] loop2: detected capacity change from 0 to 8192 [ 496.720297][T11032] loop3: detected capacity change from 0 to 256 [ 498.555315][ T8345] Bluetooth: hci0: command 0x1009 tx timeout [ 498.856902][T11057] loop2: detected capacity change from 0 to 8192 [ 499.913894][ T30] kauditd_printk_skb: 38 callbacks suppressed [ 499.913926][ T30] audit: type=1400 audit(1718695651.995:4788): avc: denied { write } for pid=11091 comm="syz-executor.2" path="socket:[62509]" dev="sockfs" ino=62509 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 500.140557][T11099] xt_SECMARK: invalid security context 'system_u:object_r:devicekit_exec_t:s0' [ 500.344157][T11116] loop1: detected capacity change from 0 to 512 [ 500.443655][T11116] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz-executor.1: casefold flag without casefold feature [ 500.485971][T11116] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #2: comm syz-executor.1: missing EA_INODE flag [ 500.542286][T11128] loop2: detected capacity change from 0 to 256 [ 500.548871][T11129] fuse: Bad value for 'fd' [ 500.561177][T11116] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor.1: error while reading EA inode 2 err=-117 [ 500.630065][T11116] EXT4-fs (loop1): 1 orphan inode deleted [ 500.648181][T11116] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 502.695103][ T30] audit: type=1326 audit(1718695654.775:4789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11140 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ebb5e8f29 code=0x7ffc0000 [ 502.803526][ T30] audit: type=1326 audit(1718695654.775:4790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11140 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ebb5e8f29 code=0x7ffc0000 [ 502.861627][ T30] audit: type=1326 audit(1718695654.775:4791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11140 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0ebb5e8f29 code=0x7ffc0000 [ 502.885766][ T30] audit: type=1326 audit(1718695654.775:4792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11140 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ebb5e8f29 code=0x7ffc0000 [ 502.910429][ T30] audit: type=1326 audit(1718695654.775:4793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11140 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ebb5e8f29 code=0x7ffc0000 [ 502.951047][ T30] audit: type=1326 audit(1718695654.775:4794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11140 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0ebb5e8f29 code=0x7ffc0000 [ 503.244012][ T30] audit: type=1326 audit(1718695654.775:4795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11140 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ebb5e8f29 code=0x7ffc0000 [ 503.634591][ T30] audit: type=1326 audit(1718695654.775:4796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11140 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0ebb5e8f29 code=0x7ffc0000 [ 503.685066][ T30] audit: type=1326 audit(1718695654.775:4797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11140 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ebb5e8f29 code=0x7ffc0000 [ 506.179655][T11201] loop4: detected capacity change from 0 to 512 [ 506.246191][T11201] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities [ 506.386813][T11198] bridge0: port 1(bridge_slave_0) entered blocking state [ 506.393720][T11198] bridge0: port 1(bridge_slave_0) entered disabled state [ 506.433602][T11198] device bridge_slave_0 entered promiscuous mode [ 506.468010][T11198] bridge0: port 2(bridge_slave_1) entered blocking state [ 506.480364][T11198] bridge0: port 2(bridge_slave_1) entered disabled state [ 506.496479][T11198] device bridge_slave_1 entered promiscuous mode [ 506.586075][ T9488] device bridge_slave_1 left promiscuous mode [ 506.593367][ T9488] bridge0: port 2(bridge_slave_1) entered disabled state [ 506.607741][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 506.607776][ T30] audit: type=1326 audit(1718695658.695:4806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11233 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f707e1a3f29 code=0x7ffc0000 [ 506.642969][ T9488] device bridge_slave_0 left promiscuous mode [ 506.655137][ T9488] bridge0: port 1(bridge_slave_0) entered disabled state [ 506.662740][ T30] audit: type=1326 audit(1718695658.695:4807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11233 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f707e1a3f29 code=0x7ffc0000 [ 506.688222][ T30] audit: type=1326 audit(1718695658.695:4808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11233 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f707e1a3f29 code=0x7ffc0000 [ 506.712533][ T9488] device veth1_macvtap left promiscuous mode [ 506.718732][ T30] audit: type=1326 audit(1718695658.725:4809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11233 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f707e1a3f29 code=0x7ffc0000 [ 506.719866][ T9488] device veth0_vlan left promiscuous mode [ 506.756788][T11235] loop4: detected capacity change from 0 to 8192 [ 508.174684][T11259] syz-executor.1[11259] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 508.174840][T11259] syz-executor.1[11259] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 508.993828][T11267] syz-executor.4[11267] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 509.036381][T11267] syz-executor.4[11267] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 509.059523][T11267] tmpfs: Unknown parameter 'nolazytimeÿÿ' [ 509.083293][ T9488] tipc: Disabling bearer [ 509.105085][ T9488] tipc: Left network mode [ 509.263958][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 509.272660][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 509.305047][ T2255] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 509.314569][ T2255] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 509.326721][ T2255] bridge0: port 1(bridge_slave_0) entered blocking state [ 509.331309][T11282] loop1: detected capacity change from 0 to 8192 [ 509.333638][ T2255] bridge0: port 1(bridge_slave_0) entered forwarding state [ 509.364550][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 509.372878][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 509.381593][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 509.389813][ T8345] bridge0: port 2(bridge_slave_1) entered blocking state [ 509.396697][ T8345] bridge0: port 2(bridge_slave_1) entered forwarding state [ 509.456517][T11264] bridge0: port 1(bridge_slave_0) entered blocking state [ 509.464014][T11264] bridge0: port 1(bridge_slave_0) entered disabled state [ 509.472553][T11264] device bridge_slave_0 entered promiscuous mode [ 509.482205][T11264] bridge0: port 2(bridge_slave_1) entered blocking state [ 509.490170][T11264] bridge0: port 2(bridge_slave_1) entered disabled state [ 509.499237][T11264] device bridge_slave_1 entered promiscuous mode [ 509.594520][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 509.606437][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 509.672241][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 510.799336][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 510.820809][T11302] syz-executor.3[11302] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 510.821033][T11302] syz-executor.3[11302] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 510.884525][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 510.915189][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 510.944115][T11198] device veth0_vlan entered promiscuous mode [ 510.973947][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 510.985932][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 511.023747][ T2255] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 511.031652][ T2255] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 511.080927][T11198] device veth1_macvtap entered promiscuous mode [ 511.100625][ T2255] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 511.117113][ T2255] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 511.151336][ T2255] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 511.242552][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 511.261148][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 511.341082][ T2255] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 511.350276][ T2255] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 511.418800][ T9488] device bridge_slave_1 left promiscuous mode [ 511.424880][ T9488] bridge0: port 2(bridge_slave_1) entered disabled state [ 511.657589][ T9488] device bridge_slave_0 left promiscuous mode [ 511.674534][ T9488] bridge0: port 1(bridge_slave_0) entered disabled state [ 511.954804][ T9488] device veth1_macvtap left promiscuous mode [ 511.999396][ T9488] device veth0_vlan left promiscuous mode [ 512.374008][T11332] 9pnet: p9_errstr2errno: server reported unknown error œæøýÓ® [ 512.635058][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 512.643059][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 512.663602][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 512.673437][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 512.682063][ T611] bridge0: port 1(bridge_slave_0) entered blocking state [ 512.688981][ T611] bridge0: port 1(bridge_slave_0) entered forwarding state [ 512.696525][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 512.705746][ T611] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 512.714974][ T611] bridge0: port 2(bridge_slave_1) entered blocking state [ 512.721893][ T611] bridge0: port 2(bridge_slave_1) entered forwarding state [ 512.752005][ T935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 512.762878][T11346] loop0: detected capacity change from 0 to 8192 [ 512.763876][ T935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 512.777616][ T935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 512.789531][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 512.798373][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 512.845462][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 512.854922][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 512.874317][ T2255] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 512.883259][ T2255] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 512.893456][T11264] device veth0_vlan entered promiscuous mode [ 512.901794][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 512.912048][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 512.947904][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 512.962113][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 512.979918][T11264] device veth1_macvtap entered promiscuous mode [ 513.014839][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 513.039940][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 513.048585][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 513.061800][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 513.071998][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 514.197388][T11362] syz-executor.2[11362] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 514.197556][T11362] syz-executor.2[11362] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 514.709579][T11377] syz-executor.1[11377] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 514.745490][T11377] syz-executor.1[11377] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 514.985481][T11385] input: syz0 as /devices/virtual/input/input48 [ 515.127433][T11388] loop2: detected capacity change from 0 to 8192 [ 515.165375][T11400] loop1: detected capacity change from 0 to 512 [ 515.275890][T11400] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 515.299133][T11400] ext4 filesystem being mounted at /root/syzkaller-testdir889356924/syzkaller.s7X9Pp/255/file0 supports timestamps until 2038 (0x7fffffff) [ 516.356182][T11412] syz-executor.1[11412] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 516.356352][T11412] syz-executor.1[11412] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 516.475692][T11418] syz-executor.2[11418] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 516.619902][T11418] syz-executor.2[11418] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 518.453939][T11446] input: syz0 as /devices/virtual/input/input49 [ 518.547493][ T30] audit: type=1400 audit(1718695670.635:4810): avc: denied { create } for pid=11447 comm="syz-executor.0" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:fusefs_t tclass=blk_file permissive=1 [ 518.568688][T11442] loop1: detected capacity change from 0 to 8192 [ 518.927376][T11463] syz-executor.3[11463] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 518.927620][T11463] syz-executor.3[11463] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 519.988718][T11489] syz-executor.3[11489] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 520.038755][T11489] syz-executor.3[11489] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 520.267881][T11503] input: syz0 as /devices/virtual/input/input50 [ 520.981143][T11512] input: syz0 as /devices/virtual/input/input51 [ 521.490925][T11519] syz-executor.2[11519] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 521.491081][T11519] syz-executor.2[11519] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 521.843311][T11544] loop4: detected capacity change from 0 to 256 [ 522.707721][T11556] input: syz0 as /devices/virtual/input/input52 [ 522.817649][T11564] tipc: Enabling of bearer rejected, media not registered [ 523.285314][T11584] loop1: detected capacity change from 0 to 256 [ 524.420613][T11630] loop4: detected capacity change from 0 to 512 [ 524.447034][T11630] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 524.459582][T11630] EXT4-fs error (device loop4): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor.4: inline data xattr refers to an external xattr inode [ 524.475507][T11630] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz-executor.4: couldn't read orphan inode 12 (err -117) [ 524.488408][T11630] EXT4-fs (loop4): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 524.523477][ T30] audit: type=1400 audit(1718695676.605:4811): avc: denied { link } for pid=11629 comm="syz-executor.4" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop4" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 524.532025][T11630] EXT4-fs error (device loop4): ext4_find_dest_de:2112: inode #2: block 255: comm syz-executor.4: bad entry in directory: inode out of bounds - offset=0, inode=1633771873, rec_len=1024, size=1024 fake=0 [ 524.567104][ T935] usb 3-1: new full-speed USB device number 21 using dummy_hcd [ 524.595168][ T2255] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 524.965223][ T2255] usb 1-1: config 0 has an invalid interface number: 18 but max is 0 [ 524.977417][ T2255] usb 1-1: config 0 has no interface number 0 [ 524.990435][ T2255] usb 1-1: config 0 interface 18 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 525.004810][ T2255] usb 1-1: config 0 interface 18 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 525.008644][ T935] usb 3-1: unable to get BOS descriptor or descriptor too short [ 525.065280][ T935] usb 3-1: not running at top speed; connect to a high speed hub [ 525.095182][ T2255] usb 1-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10 [ 525.107478][ T2255] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 525.122455][ T2255] usb 1-1: Manufacturer: syz [ 525.131841][ T2255] usb 1-1: config 0 descriptor?? [ 525.145120][ T935] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 525.165768][ T30] audit: type=1326 audit(1718695677.255:4812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11656 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ebb5e8f29 code=0x7ffc0000 [ 525.225168][ T30] audit: type=1326 audit(1718695677.285:4813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11656 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f0ebb5e8f29 code=0x7ffc0000 [ 525.281423][ T30] audit: type=1326 audit(1718695677.285:4814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11656 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ebb5e8f29 code=0x7ffc0000 [ 525.306210][ T30] audit: type=1326 audit(1718695677.285:4815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11656 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f0ebb5e8f29 code=0x7ffc0000 [ 525.328480][T11643] loop4: detected capacity change from 0 to 40427 [ 525.331156][ T30] audit: type=1326 audit(1718695677.285:4816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11656 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ebb5e8f29 code=0x7ffc0000 [ 525.360768][ T30] audit: type=1326 audit(1718695677.285:4817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11656 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0ebb5e8f29 code=0x7ffc0000 [ 525.385209][ T935] usb 3-1: New USB device found, idVendor=056a, idProduct=0017, bcdDevice= 0.40 [ 525.385568][ T30] audit: type=1326 audit(1718695677.285:4818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11656 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ebb5e8f29 code=0x7ffc0000 [ 525.394134][ T935] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 525.419007][ T30] audit: type=1326 audit(1718695677.285:4819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11656 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f0ebb5e8f29 code=0x7ffc0000 [ 525.451686][ T30] audit: type=1326 audit(1718695677.285:4820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11656 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f0ebb5e8f63 code=0x7ffc0000 [ 525.475403][ T935] usb 3-1: Product: syz [ 525.475452][ T935] usb 3-1: Manufacturer: syz [ 525.475494][ T935] usb 3-1: SerialNumber: syz [ 525.496738][T11643] F2FS-fs (loop4): Found nat_bits in checkpoint [ 525.516956][ T935] usbhid 3-1:1.0: couldn't find an input interrupt endpoint [ 525.594513][T11643] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 525.662562][ T2255] input: syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.18/0003:054C:03D5.0036/input/input53 [ 525.678009][ T2255] sony 0003:054C:03D5.0036: input,hidraw0: USB HID v0.00 Joystick [syz] on usb-dummy_hcd.0-1/input18 [ 525.721483][ T935] usb 3-1: USB disconnect, device number 21 [ 525.861502][ T2255] usb 1-1: USB disconnect, device number 24 [ 525.930934][T11677] SELinux: Context $ is not valid (left unmapped). [ 525.984136][T11681] loop1: detected capacity change from 0 to 256 [ 526.205168][ T935] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 526.565096][T11697] loop0: detected capacity change from 0 to 512 [ 526.906944][ T935] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 526.948595][ T935] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 526.983147][T11697] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #16: comm syz-executor.0: iget: bad extended attribute block 128 [ 527.029632][ T935] usb 5-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 527.054027][T11697] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor.0: couldn't read orphan inode 16 (err -117) [ 527.085610][ T935] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 527.224345][T11697] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 527.236523][T11697] ext4 filesystem being mounted at /root/syzkaller-testdir3165260272/syzkaller.LETrDW/22/file1 supports timestamps until 2038 (0x7fffffff) [ 527.359177][ T935] usb 5-1: config 0 descriptor?? [ 527.541393][T11717] incfs: Error accessing: ./file0/file0. [ 527.548356][T11717] incfs: mount failed -20 [ 527.826914][ T935] hid-thrustmaster 0003:044F:B65D.0037: unknown main item tag 0x0 [ 527.836511][ T935] hid-thrustmaster 0003:044F:B65D.0037: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.4-1/input0 [ 527.848817][ T935] hid-thrustmaster 0003:044F:B65D.0037: Wrong number of endpoints? [ 527.885155][ T20] usb 2-1: new full-speed USB device number 29 using dummy_hcd [ 527.963727][ T611] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 528.052196][T11738] loop2: detected capacity change from 0 to 512 [ 528.096692][T11738] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 528.105836][T11676] UDC core: couldn't find an available UDC or it's busy: -16 [ 528.109083][T11738] EXT4-fs error (device loop2): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor.2: inline data xattr refers to an external xattr inode [ 528.113254][T11676] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 528.128728][T11738] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz-executor.2: couldn't read orphan inode 12 (err -117) [ 528.141235][T11676] UDC core: couldn't find an available UDC or it's busy: -16 [ 528.147973][T11738] EXT4-fs (loop2): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 528.154621][T11676] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 528.216942][T11738] EXT4-fs error (device loop2): ext4_find_dest_de:2112: inode #2: block 255: comm syz-executor.2: bad entry in directory: inode out of bounds - offset=0, inode=1633771873, rec_len=1024, size=1024 fake=0 [ 528.220119][ T935] usb 5-1: USB disconnect, device number 21 [ 528.236742][ C1] hid-thrustmaster 0003:044F:B65D.0037: URB to get model id failed with error -71 [ 528.335158][ T20] usb 2-1: unable to get BOS descriptor or descriptor too short [ 528.349392][T11747] incfs: Error accessing: ./file0/file0. [ 528.355395][T11747] incfs: mount failed -20 [ 528.375158][ T20] usb 2-1: not running at top speed; connect to a high speed hub [ 528.475293][ T611] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 528.476726][ T20] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 528.494743][ T611] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 528.509624][ T611] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 528.519017][ T611] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 529.565306][ T20] usb 2-1: New USB device found, idVendor=056a, idProduct=0017, bcdDevice= 0.40 [ 529.582382][ T20] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 529.598531][ T20] usb 2-1: Product: syz [ 529.605047][ T20] usb 2-1: Manufacturer: syz [ 529.609541][ T20] usb 2-1: SerialNumber: syz [ 529.635163][ T611] aiptek 1-1:17.0: Aiptek using 400 ms programming speed [ 529.652348][ T611] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input54 [ 529.664099][ T611] input: failed to attach handler kbd to device input54, error: -5 [ 529.676305][ T20] usbhid 2-1:1.0: couldn't find an input interrupt endpoint [ 529.690031][ T611] usb 1-1: USB disconnect, device number 25 [ 529.912962][ T611] usb 2-1: USB disconnect, device number 29 [ 530.660122][T11790] loop2: detected capacity change from 0 to 16 [ 530.726640][T11790] erofs: (device loop2): mounted with root inode @ nid 36. [ 530.739618][ T30] kauditd_printk_skb: 58 callbacks suppressed [ 530.739654][ T30] audit: type=1326 audit(1718695682.825:4879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11795 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f707e1a3f29 code=0x7ffc0000 [ 530.814915][ T30] audit: type=1326 audit(1718695682.825:4880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11795 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f707e1a3f29 code=0x7ffc0000 [ 530.841263][ T30] audit: type=1326 audit(1718695682.855:4881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11795 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f707e1a3f29 code=0x7ffc0000 [ 530.867945][ T30] audit: type=1326 audit(1718695682.855:4882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11795 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f707e1a3f29 code=0x7ffc0000 [ 530.910494][ T30] audit: type=1326 audit(1718695682.855:4883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11795 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f707e1a3f29 code=0x7ffc0000 [ 530.965069][ T30] audit: type=1326 audit(1718695682.865:4884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11795 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f707e1a3f29 code=0x7ffc0000 [ 531.021660][ T30] audit: type=1326 audit(1718695682.865:4885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11795 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f707e1a3f29 code=0x7ffc0000 [ 531.045945][ T30] audit: type=1326 audit(1718695682.865:4886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11795 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f707e1a16a7 code=0x7ffc0000 [ 531.070123][ T30] audit: type=1326 audit(1718695682.865:4887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11795 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f707e167379 code=0x7ffc0000 [ 531.110209][T11808] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 531.129140][ T30] audit: type=1326 audit(1718695682.865:4888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11795 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f707e1a3f29 code=0x7ffc0000 [ 531.165118][ T2255] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 531.329141][T11777] loop0: detected capacity change from 0 to 40427 [ 531.418894][T11777] F2FS-fs (loop0): Found nat_bits in checkpoint [ 531.555177][ T2255] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 531.560007][T11777] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 531.584912][ T2255] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 531.604905][ T2255] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 531.605508][T11198] attempt to access beyond end of device [ 531.605508][T11198] loop0: rw=2049, want=45104, limit=40427 [ 531.635721][ T2255] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.135418][ T2255] aiptek 2-1:17.0: Aiptek using 400 ms programming speed [ 532.154567][ T2255] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input55 [ 532.177744][ T2255] input: failed to attach handler kbd to device input55, error: -5 [ 532.195728][ T2255] usb 2-1: USB disconnect, device number 30 [ 532.300511][T11867] loop2: detected capacity change from 0 to 16 [ 532.354355][T11867] erofs: (device loop2): mounted with root inode @ nid 36. [ 532.836482][T11903] syz-executor.2[11903] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 532.836643][T11903] syz-executor.2[11903] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 533.976147][T11935] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 534.302950][T11921] loop2: detected capacity change from 0 to 40427 [ 534.427538][T11921] F2FS-fs (loop2): Found nat_bits in checkpoint [ 534.662862][T11974] fscrypt (sda1, inode 1966): Can't use IV_INO_LBLK_32 policy on filesystem 'sda1' because it doesn't have stable inode numbers [ 534.686000][T11921] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 534.826721][T11979] SELinux: security_context_str_to_sid(root) failed for (dev ?, type ?) errno=-22 [ 534.868339][T11979] SELinux: security_context_str_to_sid(root) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 535.045427][T11983] overlayfs: missing 'lowerdir' [ 535.831907][T11264] attempt to access beyond end of device [ 535.831907][T11264] loop2: rw=2049, want=45104, limit=40427 [ 536.511022][ T2255] usb 2-1: new full-speed USB device number 31 using dummy_hcd [ 536.965469][ T2255] usb 2-1: unable to get BOS descriptor or descriptor too short [ 537.056041][ T2255] usb 2-1: not running at top speed; connect to a high speed hub [ 537.296474][ T2255] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 538.385909][ T2255] usb 2-1: New USB device found, idVendor=056a, idProduct=0017, bcdDevice= 0.40 [ 538.394835][ T2255] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 538.410516][ T2255] usb 2-1: Product: syz [ 538.414568][ T2255] usb 2-1: Manufacturer: syz [ 538.425067][ T2255] usb 2-1: SerialNumber: syz [ 538.486332][ T2255] usbhid 2-1:1.0: couldn't find an input interrupt endpoint [ 538.711465][ T2255] usb 2-1: USB disconnect, device number 31 [ 538.728153][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 538.831793][ T30] kauditd_printk_skb: 95 callbacks suppressed [ 538.831835][ T30] audit: type=1326 audit(1718695690.915:4984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12063 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569026ff29 code=0x7ffc0000 [ 538.863434][ T30] audit: type=1326 audit(1718695690.915:4985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12063 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569026ff29 code=0x7ffc0000 [ 538.890299][ T30] audit: type=1326 audit(1718695690.945:4986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12063 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f569026ff29 code=0x7ffc0000 [ 538.915347][ T30] audit: type=1326 audit(1718695690.945:4987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12063 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569026ff29 code=0x7ffc0000 [ 538.942684][ T30] audit: type=1326 audit(1718695690.945:4988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12063 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569026ff29 code=0x7ffc0000 [ 538.967218][ T30] audit: type=1326 audit(1718695690.955:4989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12063 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f569026ff29 code=0x7ffc0000 [ 538.992018][ T30] audit: type=1326 audit(1718695690.955:4990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12063 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569026ff29 code=0x7ffc0000 [ 539.016254][ T30] audit: type=1326 audit(1718695690.955:4991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12063 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569026ff29 code=0x7ffc0000 [ 539.095278][ T30] audit: type=1326 audit(1718695690.975:4992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12063 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7f569026ff29 code=0x7ffc0000 [ 539.121185][ T30] audit: type=1326 audit(1718695690.975:4993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12063 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569026ff29 code=0x7ffc0000 [ 539.145865][T12073] overlayfs: missing 'lowerdir' [ 539.530442][T12113] overlayfs: missing 'lowerdir' [ 541.495724][T12129] overlayfs: statfs failed on './file0' [ 541.582000][T12137] incfs: Options parsing error. -22 [ 541.595212][T12137] incfs: mount failed -22 [ 541.743564][T12149] ------------[ cut here ]------------ [ 541.759880][T12149] WARNING: CPU: 1 PID: 12149 at mm/page_alloc.c:5751 __alloc_pages+0x770/0x8f0 [ 541.769198][T12152] loop4: detected capacity change from 0 to 1024 [ 541.775727][T12149] Modules linked in: [ 541.779586][T12149] CPU: 0 PID: 12149 Comm: syz-executor.0 Tainted: G W 5.15.149-syzkaller-00165-g85445b5a2107 #0 [ 541.791756][T12149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 541.801923][T12149] RIP: 0010:__alloc_pages+0x770/0x8f0 [ 541.807345][T12149] Code: df e9 aa fb ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c ba fb ff ff e8 5f 11 05 00 48 ba 00 00 00 00 00 fc ff df e9 a6 fb ff ff <0f> 0b 45 31 e4 e9 73 fc ff ff 48 8d 4c 24 40 80 e1 07 80 c1 03 38 [ 541.828348][T12149] RSP: 0018:ffffc90000a87a20 EFLAGS: 00010246 [ 541.834401][T12149] RAX: 0000000000000004 RBX: 0000000000040dc0 RCX: ffffc90000a87a03 [ 541.842623][T12149] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffffc90000a87ab8 [ 541.850576][T12149] RBP: ffffc90000a87b30 R08: dffffc0000000000 R09: ffffc90000a87a90 [ 541.858859][T12149] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 541.867632][T12149] R13: 1ffff92000150f4c R14: 1ffff92000150f4e R15: 1ffff92000150f48 [ 541.875757][T12149] FS: 00007fe6daa9c6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 541.884755][T12149] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 541.891612][T12149] CR2: 00007f39541b4b38 CR3: 00000001083d2000 CR4: 00000000003506b0 [ 541.899838][T12149] Call Trace: [ 541.903150][T12149] [ 541.906053][T12149] ? show_regs+0x58/0x60 [ 541.910293][T12149] ? __warn+0x160/0x2f0 [ 541.914487][T12149] ? __alloc_pages+0x770/0x8f0 [ 541.919222][T12149] ? report_bug+0x3d9/0x5b0 [ 541.923706][T12149] ? __alloc_pages+0x770/0x8f0 [ 541.928647][T12149] ? handle_bug+0x41/0x70 [ 541.932920][T12149] ? exc_invalid_op+0x1b/0x50 [ 541.937616][T12149] ? asm_exc_invalid_op+0x1b/0x20 [ 541.942718][T12149] ? __alloc_pages+0x770/0x8f0 [ 541.947567][T12149] ? prep_new_page+0x110/0x110 [ 541.952339][T12149] ? do_vfs_ioctl+0xbc1/0x2a80 [ 541.957443][T12149] ? memcpy+0x56/0x70 [ 541.961426][T12149] ? __x64_compat_sys_ioctl+0x90/0x90 [ 541.966748][T12149] kmalloc_order+0x4a/0x160 [ 541.971298][T12149] kmalloc_order_trace+0x1a/0xb0 [ 541.976245][T12149] __kmalloc+0x19c/0x270 [ 541.981489][T12149] input_mt_init_slots+0xcf/0xa50 [ 541.986546][T12149] ? mutex_lock_interruptible+0xb6/0x1e0 [ 541.992286][T12149] uinput_create_device+0x522/0x630 [ 541.997552][T12149] uinput_ioctl_handler+0xa63/0x16a0 [ 542.002934][T12149] ? uinput_release+0x50/0x50 [ 542.007650][T12149] ? selinux_file_ioctl+0x3cc/0x540 [ 542.012848][T12149] ? __fget_files+0x31e/0x380 [ 542.017761][T12149] uinput_ioctl+0x28/0x30 [ 542.022359][T12149] ? uinput_poll+0x120/0x120 [ 542.027058][T12149] __se_sys_ioctl+0x114/0x190 [ 542.031746][T12149] __x64_sys_ioctl+0x7b/0x90 [ 542.036341][T12149] do_syscall_64+0x3d/0xb0 [ 542.040879][T12149] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 542.046898][T12149] RIP: 0033:0x7fe6db721f29 [ 542.051388][T12149] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 542.071155][T12149] RSP: 002b:00007fe6daa9c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 542.079589][T12149] RAX: ffffffffffffffda RBX: 00007fe6db858f80 RCX: 00007fe6db721f29 [ 542.088059][T12149] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 542.096029][T12149] RBP: 00007fe6db791074 R08: 0000000000000000 R09: 0000000000000000 [ 542.104200][T12149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 542.113639][T12149] R13: 000000000000000b R14: 00007fe6db858f80 R15: 00007ffc2ad5d4e8 [ 542.121822][T12149] [ 542.124790][T12149] ---[ end trace be4a27ddd0b0997c ]--- [ 542.135587][T12152] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 542.161988][T12152] EXT4-fs (loop4): barriers disabled [ 542.194867][T12152] JBD2: no valid journal superblock found [ 542.207495][T12152] EXT4-fs (loop4): error loading journal [ 542.226145][T12165] syz-executor.2[12165] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 542.226305][T12165] syz-executor.2[12165] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 543.444084][T12183] loop2: detected capacity change from 0 to 512 [ 543.461964][T12181] overlayfs: statfs failed on './file0' [ 543.548336][T12183] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 543.560414][T12183] ext4 filesystem being mounted at /root/syzkaller-testdir2150021487/syzkaller.HMCL0o/62/file0 supports timestamps until 2038 (0x7fffffff) [ 543.583572][T12183] EXT4-fs error (device loop2): ext4_do_update_inode:5191: inode #2: comm syz-executor.2: corrupted inode contents [ 543.596173][T12183] EXT4-fs error (device loop2): ext4_dirty_inode:6024: inode #2: comm syz-executor.2: mark_inode_dirty error [ 543.609669][T12183] EXT4-fs error (device loop2): ext4_do_update_inode:5191: inode #2: comm syz-executor.2: corrupted inode contents [ 543.622247][T12183] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #2: comm syz-executor.2: mark_inode_dirty error [ 543.649491][T12183] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback. [ 543.704744][T12196] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 543.735408][T12196] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback. [ 543.815139][ T333] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 543.843668][T12207] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 543.881839][T12209] loop2: detected capacity change from 0 to 1024 [ 543.949715][T12209] EXT4-fs (loop2): dax option not supported [ 544.011607][T12222] netlink: 'syz-executor.4': attribute type 16 has an invalid length. [ 544.145555][T12233] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 544.175347][ T333] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 544.195748][ T333] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 544.224708][ T333] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 544.252931][ T333] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 544.264000][ T333] usb 2-1: config 0 descriptor?? [ 544.342869][ T30] kauditd_printk_skb: 23 callbacks suppressed [ 544.342904][ T30] audit: type=1326 audit(1718695696.425:5017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12240 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39540abf29 code=0x7ffc0000 [ 544.377193][ T30] audit: type=1326 audit(1718695696.425:5018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12240 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39540abf29 code=0x7ffc0000 [ 545.973378][ T30] audit: type=1326 audit(1718695696.425:5019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12240 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39540abf29 code=0x7ffc0000 [ 546.017665][ T30] audit: type=1326 audit(1718695696.445:5020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12240 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39540abf29 code=0x7ffc0000 [ 546.044358][ T30] audit: type=1326 audit(1718695696.445:5021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12240 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39540abf29 code=0x7ffc0000 [ 546.085082][ T30] audit: type=1326 audit(1718695696.445:5022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12240 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39540abf29 code=0x7ffc0000 [ 546.115739][ T30] audit: type=1326 audit(1718695696.465:5023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12240 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39540abf29 code=0x7ffc0000 [ 546.149442][ T30] audit: type=1326 audit(1718695696.465:5024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12240 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f39540a96a7 code=0x7ffc0000 [ 546.196737][ T30] audit: type=1326 audit(1718695696.465:5025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12240 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f395406f379 code=0x7ffc0000 [ 546.221623][ T30] audit: type=1326 audit(1718695696.465:5026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12240 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f39540a96a7 code=0x7ffc0000 [ 546.250809][ T333] hid-thrustmaster 0003:044F:B65D.0038: unknown main item tag 0x0 [ 546.260785][T12253] netlink: 'syz-executor.4': attribute type 16 has an invalid length. [ 546.270437][ T333] hid-thrustmaster 0003:044F:B65D.0038: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.1-1/input0 [ 546.291093][ T333] hid-thrustmaster 0003:044F:B65D.0038: Wrong number of endpoints? [ 546.381877][T12262] fscrypt (sda1, inode 1974): Can't use IV_INO_LBLK_32 policy on filesystem 'sda1' because it doesn't have stable inode numbers [ 546.473750][T12257] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 546.525741][T12192] UDC core: couldn't find an available UDC or it's busy: -16 [ 546.532994][T12192] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 546.551231][T12192] UDC core: couldn't find an available UDC or it's busy: -16 [ 546.564734][T12192] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 546.586528][ T820] usb 2-1: USB disconnect, device number 32 [ 546.595013][ C0] hid-thrustmaster 0003:044F:B65D.0038: URB to get model id failed with error -2 [ 547.293162][T12275] overlayfs: missing 'lowerdir' [ 547.361268][T12278] loop0: detected capacity change from 0 to 512 [ 548.300841][T12278] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 548.319088][T12278] ext4 filesystem being mounted at /root/syzkaller-testdir3165260272/syzkaller.LETrDW/89/file0 supports timestamps until 2038 (0x7fffffff) [ 548.383722][T12278] EXT4-fs error (device loop0): ext4_do_update_inode:5191: inode #2: comm syz-executor.0: corrupted inode contents [ 548.408006][T12278] EXT4-fs error (device loop0): ext4_dirty_inode:6024: inode #2: comm syz-executor.0: mark_inode_dirty error [ 548.420478][T12278] EXT4-fs error (device loop0): ext4_do_update_inode:5191: inode #2: comm syz-executor.0: corrupted inode contents [ 548.433320][T12278] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #2: comm syz-executor.0: mark_inode_dirty error [ 548.469206][T12278] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback. [ 548.482689][T12295] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 548.503604][T12278] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 548.555634][T12278] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback. [ 548.845044][ T20] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 549.965365][T12327] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 549.975276][ T20] usb 2-1: Using ep0 maxpacket: 32 [ 550.005216][ T333] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 550.012748][ T8345] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 550.082859][T12331] fuse: Bad value for 'fd' [ 550.188457][T12339] device syzkaller0 entered promiscuous mode [ 550.275197][ T20] usb 2-1: New USB device found, idVendor=257a, idProduct=260c, bcdDevice=a6.30 [ 550.284236][ T20] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 550.292402][ T20] usb 2-1: Product: syz [ 550.296574][ T20] usb 2-1: Manufacturer: syz [ 550.301027][ T20] usb 2-1: SerialNumber: syz [ 550.307950][ T20] usb 2-1: config 0 descriptor?? [ 550.385343][ T333] usb 5-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b [ 550.394372][ T333] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 550.403602][ T333] usb 5-1: config 0 descriptor?? [ 550.408661][ T8345] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 550.419597][ T8345] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 550.429740][ T8345] usb 3-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 550.438875][ T8345] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 550.447955][ T8345] usb 3-1: config 0 descriptor?? [ 550.547505][ T935] usb 2-1: USB disconnect, device number 33 [ 550.927322][ T8345] hid-thrustmaster 0003:044F:B65D.0039: unknown main item tag 0x0 [ 550.942046][ T8345] hid-thrustmaster 0003:044F:B65D.0039: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.2-1/input0 [ 550.964092][ T8345] hid-thrustmaster 0003:044F:B65D.0039: Wrong number of endpoints? [ 551.196301][T12320] UDC core: couldn't find an available UDC or it's busy: -16 [ 551.207163][T12320] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 551.231182][T12320] UDC core: couldn't find an available UDC or it's busy: -16 [ 551.245052][T12320] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 551.264085][ T935] usb 3-1: USB disconnect, device number 22 [ 551.275034][ C0] hid-thrustmaster 0003:044F:B65D.0039: URB to get model id failed with error -2 [ 551.291298][ T30] kauditd_printk_skb: 62 callbacks suppressed [ 551.291333][ T30] audit: type=1400 audit(1718695703.375:5089): avc: denied { search } for pid=12375 comm="syz-executor.3" name="/" dev="configfs" ino=12410 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 551.293404][T12376] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 551.565508][ T45] Bluetooth: hci0: Frame reassembly failed (-84) [ 551.615274][ T333] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 551.625757][ T333] asix: probe of 5-1:0.0 failed with error -71 [ 551.633456][ T333] usb 5-1: USB disconnect, device number 22 [ 551.968805][T12419] sit: Dst spoofed 0.0.0.0/2002::bfd8:a5dd -> 224.0.0.1/2002:c021:42c4:3911:45ba:dd28:fd7f:ffc [ 552.177767][T12422] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 552.438648][T12445] /dev/loop0: Can't open blockdev [ 552.525218][ T820] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 552.675046][ T316] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 552.765196][ T935] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 552.885517][ T820] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 552.904682][ T820] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 552.923547][ T820] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 552.933341][ T820] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 552.943934][ T820] usb 2-1: config 0 descriptor?? [ 552.997017][T12488] SELinux: Context d is not valid (left unmapped). [ 553.004421][ T30] audit: type=1400 audit(1718695705.085:5090): avc: denied { create } for pid=12487 comm="syz-executor.2" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="d" [ 553.026459][ T30] audit: type=1400 audit(1718695705.095:5091): avc: denied { write } for pid=12487 comm="syz-executor.2" name="file1" dev="sda1" ino=1953 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="d" [ 553.035389][ T316] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 553.055264][ T30] audit: type=1400 audit(1718695705.095:5092): avc: denied { rename } for pid=12487 comm="syz-executor.2" name="file0" dev="sda1" ino=1949 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="d" [ 553.081682][ T316] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 553.088642][ T30] audit: type=1400 audit(1718695705.095:5093): avc: denied { reparent } for pid=12487 comm="syz-executor.2" name="file0" dev="sda1" ino=1949 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="d" [ 553.118244][ T30] audit: type=1400 audit(1718695705.095:5094): avc: denied { add_name } for pid=12487 comm="syz-executor.2" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="d" [ 553.118950][ T316] usb 5-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 553.140395][ T30] audit: type=1400 audit(1718695705.105:5095): avc: denied { rmdir } for pid=11264 comm="syz-executor.2" name="file0" dev="sda1" ino=1949 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="d" [ 553.149616][ T935] usb 1-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b [ 553.184323][ T316] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.195045][ T935] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.203102][T12477] bridge0: port 1(bridge_slave_0) entered blocking state [ 553.212011][ T935] usb 1-1: config 0 descriptor?? [ 553.217309][T12477] bridge0: port 1(bridge_slave_0) entered disabled state [ 553.224819][ T316] usb 5-1: config 0 descriptor?? [ 553.230921][T12477] device bridge_slave_0 entered promiscuous mode [ 553.239560][T12477] bridge0: port 2(bridge_slave_1) entered blocking state [ 553.246927][T12477] bridge0: port 2(bridge_slave_1) entered disabled state [ 553.255270][T12477] device bridge_slave_1 entered promiscuous mode [ 553.430381][T12477] bridge0: port 2(bridge_slave_1) entered blocking state [ 553.437280][T12477] bridge0: port 2(bridge_slave_1) entered forwarding state [ 553.444472][T12477] bridge0: port 1(bridge_slave_0) entered blocking state [ 553.451460][T12477] bridge0: port 1(bridge_slave_0) entered forwarding state [ 553.513060][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 553.523098][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 553.531104][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 553.557930][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 553.566759][ T337] bridge0: port 1(bridge_slave_0) entered blocking state [ 553.573648][ T337] bridge0: port 1(bridge_slave_0) entered forwarding state [ 553.581793][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 553.590274][ T337] bridge0: port 2(bridge_slave_1) entered blocking state [ 553.597176][ T337] bridge0: port 2(bridge_slave_1) entered forwarding state [ 553.620162][ T612] device bridge_slave_1 left promiscuous mode [ 553.627667][ T612] bridge0: port 2(bridge_slave_1) entered disabled state [ 553.636056][ T612] device bridge_slave_0 left promiscuous mode [ 553.642110][ T612] bridge0: port 1(bridge_slave_0) entered disabled state [ 553.651926][ T612] device veth1_macvtap left promiscuous mode [ 553.657950][ T612] device veth0_vlan left promiscuous mode [ 553.720670][ T316] hid-thrustmaster 0003:044F:B65D.003B: unknown main item tag 0x0 [ 553.739042][ T316] hid-thrustmaster 0003:044F:B65D.003B: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.4-1/input0 [ 553.763568][ T316] hid-thrustmaster 0003:044F:B65D.003B: Wrong number of endpoints? [ 553.806167][ T820] usb 2-1: string descriptor 0 read error: -71 [ 553.826727][ T820] uclogic 0003:256C:006D.003A: failed retrieving string descriptor #200: -71 [ 553.839634][ T820] uclogic 0003:256C:006D.003A: failed retrieving pen parameters: -71 [ 553.850009][T12504] loop2: detected capacity change from 0 to 40427 [ 553.850541][ T820] uclogic 0003:256C:006D.003A: failed probing pen v2 parameters: -71 [ 553.865482][ T820] uclogic 0003:256C:006D.003A: failed probing parameters: -71 [ 553.872884][ T820] uclogic: probe of 0003:256C:006D.003A failed with error -71 [ 553.882809][ T820] usb 2-1: USB disconnect, device number 34 [ 553.896435][T12504] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 553.904195][T12504] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 553.921045][T12504] F2FS-fs (loop2): Found nat_bits in checkpoint [ 554.013245][T12504] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 554.031816][T12504] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 554.039058][T12504] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 554.039921][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 554.054865][T12441] UDC core: couldn't find an available UDC or it's busy: -16 [ 554.062322][T12441] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 554.070385][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 554.078983][T12441] UDC core: couldn't find an available UDC or it's busy: -16 [ 554.079854][T12504] attempt to access beyond end of device [ 554.079854][T12504] loop2: rw=2049, want=45224, limit=40427 [ 554.097697][T12441] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 554.105024][ T20] usb 5-1: USB disconnect, device number 23 [ 554.115051][ C1] hid-thrustmaster 0003:044F:B65D.003B: URB to get model id failed with error -71 [ 554.132882][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 554.143460][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 554.147493][T11264] f2fs_fill_dentries: 4 callbacks suppressed [ 554.147527][T11264] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 554.157380][T11264] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 554.158195][T12477] device veth0_vlan entered promiscuous mode [ 554.164809][T11264] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 554.164846][T11264] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 554.173310][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 554.184993][T11264] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 554.187000][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 554.192968][T11264] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 554.202679][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 554.207870][T11264] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 554.240418][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 554.269986][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 554.274259][ T9488] attempt to access beyond end of device [ 554.274259][ T9488] loop2: rw=1, want=45232, limit=40427 [ 554.279271][ T8345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 554.301148][T12477] device veth1_macvtap entered promiscuous mode [ 554.330952][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 554.347449][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 554.360826][ T333] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 554.388522][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 554.397611][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 554.439446][ T9488] Bluetooth: hci0: Frame reassembly failed (-84) [ 554.515157][ T935] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 554.535491][ T935] asix: probe of 1-1:0.0 failed with error -71 [ 554.545144][ T935] usb 1-1: USB disconnect, device number 26 [ 554.775256][T12536] incfs: Error accessing: ./file0. [ 554.780358][T12536] incfs: mount failed -20 [ 555.915211][ T820] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 556.040310][T12569] incfs: Error accessing: ./file0. [ 556.046272][T12569] incfs: mount failed -20 [ 556.096743][ T30] audit: type=1400 audit(1718695708.185:5096): avc: denied { connect } for pid=12576 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 556.271326][T12596] incfs: Error accessing: ./file0. [ 556.277258][T12596] incfs: mount failed -20 [ 556.295208][ T820] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 556.311077][ T820] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 556.475606][ T820] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 556.489016][ T820] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 556.497269][ T820] usb 4-1: Product: syz [ 556.501469][ T820] usb 4-1: Manufacturer: syz [ 556.506718][ T820] usb 4-1: SerialNumber: syz [ 556.514167][ T820] usb 4-1: config 0 descriptor?? [ 556.535221][ T935] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 556.575864][T12623] incfs: Error accessing: ./file0. [ 556.580930][T12623] incfs: mount failed -20 [ 556.847078][T12649] loop3: detected capacity change from 0 to 512 [ 556.913138][T12651] incfs: Error accessing: ./file0. [ 556.928682][T12651] incfs: mount failed -20 [ 556.980239][T12649] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 557.003140][T12658] loop2: detected capacity change from 0 to 512 [ 557.013509][T12649] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #16: comm syz-executor.3: invalid indirect mapped block 83886080 (level 1) [ 557.028033][T12649] EXT4-fs (loop3): Remounting filesystem read-only [ 557.035678][ T935] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 557.048256][T12649] EXT4-fs (loop3): 1 orphan inode deleted [ 557.053896][T12649] EXT4-fs (loop3): 1 truncate cleaned up [ 557.061521][T12658] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 557.070455][T12658] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 557.081541][T12649] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000000000000,block_validity,quota,. Quota mode: writeback. [ 557.781361][T12658] EXT4-fs (loop2): warning: checktime reached, running e2fsck is recommended [ 557.790908][T12658] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 557.798940][T12658] System zones: 0-2, 18-18, 34-34 [ 557.805732][T12658] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1053: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 557.821296][T12658] EXT4-fs (loop2): 1 truncate cleaned up [ 557.826837][T12658] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 558.011033][ T820] snd-usb-audio: probe of 4-1:0.0 failed with error -12 [ 558.019468][ T935] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 558.029335][ T820] usb 4-1: USB disconnect, device number 27 [ 558.038604][ T935] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 558.047686][ T935] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 558.056895][ T935] usb 1-1: config 0 descriptor?? [ 558.198015][T12669] EXT4-fs error (device loop2): ext4_find_dest_de:2112: inode #2: block 3: comm syz-executor.2: bad entry in directory: inode out of bounds - offset=0, inode=63, rec_len=12, size=4096 fake=1 [ 558.878583][ T935] lg-g15 0003:046D:C222.003C: item fetching failed at offset 10/11 [ 558.894478][ T935] lg-g15: probe of 0003:046D:C222.003C failed with error -22 [ 559.070939][T12682] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 559.095425][ T351] usb 1-1: USB disconnect, device number 27 [ 559.757667][T12711] loop3: detected capacity change from 0 to 512 [ 559.807049][T12711] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 559.820915][T12719] input: syz0 as /devices/virtual/input/input57 [ 559.825113][T12711] ext4 filesystem being mounted at /root/syzkaller-testdir1511091431/syzkaller.pixXOU/11/file0 supports timestamps until 2038 (0x7fffffff) [ 560.496940][T12736] loop0: detected capacity change from 0 to 512 [ 560.504337][ T30] audit: type=1400 audit(1718695712.485:5097): avc: denied { remount } for pid=12728 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 560.531844][T12736] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 560.640395][T12736] EXT4-fs (loop0): 1 orphan inode deleted [ 560.646134][T12736] EXT4-fs (loop0): 1 truncate cleaned up [ 560.651736][T12736] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000000010000,block_validity,quota,. Quota mode: writeback. [ 560.966140][T12740] netem: change failed [ 561.652546][T12774] device veth0_to_bridge entered promiscuous mode [ 561.675147][T12774] device macsec1 entered promiscuous mode [ 561.683772][T12774] device veth0_to_bridge left promiscuous mode [ 561.717665][T12778] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 561.735070][ T351] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 561.886844][T12784] syz-executor.2[12784] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 561.887002][T12784] syz-executor.2[12784] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 561.972794][T12681] loop1: detected capacity change from 0 to 131072 [ 562.105305][ T351] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 562.125055][ T351] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 562.134693][ T351] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 562.165075][ T351] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 562.182355][ T351] usb 1-1: config 0 descriptor?? [ 562.430535][T12803] device veth0_vlan left promiscuous mode [ 562.456244][T12803] device veth0_vlan entered promiscuous mode [ 562.586796][T12814] x_tables: unsorted underflow at hook 3 [ 562.803308][T12820] syz-executor.3[12820] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 562.803467][T12820] syz-executor.3[12820] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 562.899210][T12822] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 562.975153][ T351] usb 1-1: string descriptor 0 read error: -71 [ 562.995213][ T351] uclogic 0003:256C:006D.003D: failed retrieving string descriptor #200: -71 [ 563.009308][ T351] uclogic 0003:256C:006D.003D: failed retrieving pen parameters: -71 [ 563.026441][ T351] uclogic 0003:256C:006D.003D: failed probing pen v2 parameters: -71 [ 563.039985][T12831] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 563.050306][ T351] uclogic 0003:256C:006D.003D: failed probing parameters: -71 [ 563.067528][ T351] uclogic: probe of 0003:256C:006D.003D failed with error -71 [ 563.089440][ T351] usb 1-1: USB disconnect, device number 28 [ 563.157142][T12833] loop3: detected capacity change from 0 to 512 [ 563.206693][T12833] EXT4-fs (loop3): Ignoring removed bh option [ 563.236744][T12833] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz-executor.3: inode #11614: comm syz-executor.3: iget: illegal inode # [ 563.255451][T12833] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz-executor.3: error while reading EA inode 11614 err=-117 [ 563.295935][T12833] EXT4-fs (loop3): 1 truncate cleaned up [ 563.308914][T12833] EXT4-fs (loop3): mounted filesystem without journal. Opts: bh,noinit_itable,debug_want_extra_isize=0x000000000000005e,barrier=0x0000000000000008,delalloc,noload,nojournal_checksum,,errors=continue. Quota mode: none. [ 563.412422][T12843] syz-executor.4[12843] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 563.412586][T12843] syz-executor.4[12843] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 563.473799][T12847] loop4: detected capacity change from 0 to 512 [ 563.525468][T12850] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 563.557231][T12847] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 563.577181][T12847] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz-executor.4: iget: bad i_size value: -67835469387268086 [ 563.595124][T12847] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz-executor.4: couldn't read orphan inode 15 (err -117) [ 563.612263][T12847] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 563.629641][T12847] ext2 filesystem being mounted at /root/syzkaller-testdir3672247262/syzkaller.8e2Mvb/267/file0 supports timestamps until 2038 (0x7fffffff) [ 563.673687][T12862] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 563.773536][T12866] device veth0_vlan left promiscuous mode [ 563.780545][T12866] device veth0_vlan entered promiscuous mode [ 563.945049][ T333] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 563.965484][T12856] loop2: detected capacity change from 0 to 40427 [ 564.021735][T12856] F2FS-fs (loop2): Mismatch valid blocks 0 vs. 6 [ 564.028116][T12856] F2FS-fs (loop2): Failed to initialize F2FS segment manager (-117) [ 564.300997][T12856] ªªªªªª: renamed from vlan0 [ 564.315301][ T333] usb 5-1: config 0 has no interfaces? [ 564.409056][T12877] syz-executor.3[12877] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 564.409228][T12877] syz-executor.3[12877] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 564.423004][T12875] loop2: detected capacity change from 0 to 512 [ 564.475216][ T333] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 564.486468][T12875] EXT4-fs (loop2): Ignoring removed bh option [ 564.505661][ T333] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 564.513575][ T333] usb 5-1: Product: syz [ 564.523791][ T333] usb 5-1: Manufacturer: syz [ 564.532842][T12875] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz-executor.2: inode #11614: comm syz-executor.2: iget: illegal inode # [ 564.547569][ T333] usb 5-1: SerialNumber: syz [ 564.563695][ T333] usb 5-1: config 0 descriptor?? [ 564.569031][T12875] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 11614 err=-117 [ 564.591774][T12875] EXT4-fs (loop2): 1 truncate cleaned up [ 564.603153][T12875] EXT4-fs (loop2): mounted filesystem without journal. Opts: bh,noinit_itable,debug_want_extra_isize=0x000000000000005e,barrier=0x0000000000000008,delalloc,noload,nojournal_checksum,,errors=continue. Quota mode: none. [ 564.817653][T12890] syz-executor.0[12890] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 564.817815][T12890] syz-executor.0[12890] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 564.831788][ T333] usb 5-1: USB disconnect, device number 24 [ 564.849503][ T20] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 564.927833][T12893] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 566.023035][T12901] loop2: detected capacity change from 0 to 512 [ 566.075103][T12901] EXT4-fs (loop2): Ignoring removed orlov option [ 566.095158][ T20] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 566.106074][ T20] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 566.116408][T12901] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 566.124165][T12901] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c040e11c, mo2=0002] [ 566.213110][T12901] EXT4-fs (loop2): orphan cleanup on readonly fs [ 566.286166][T12901] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0 [ 566.370627][T12901] EXT4-fs warning (device loop2): ext4_enable_quotas:6410: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 566.518520][T12901] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 566.592941][T12901] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 40: padding at end of block bitmap is not set [ 566.917584][T12901] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6153: Corrupt filesystem [ 566.995439][T12901] EXT4-fs (loop2): 1 truncate cleaned up [ 567.010568][T12912] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 567.019877][T12901] EXT4-fs (loop2): mounted filesystem without journal. Opts: orlov,usrjquota=,noblock_validity,norecovery,bsdgroups,i_version,,errors=continue. Quota mode: writeback. [ 567.035830][ T20] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 567.045504][ T20] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 567.053384][ T20] usb 4-1: SerialNumber: syz [ 567.096561][ T30] audit: type=1400 audit(1718695719.185:5098): avc: denied { mounton } for pid=12900 comm="syz-executor.2" path="/root/syzkaller-testdir2150021487/syzkaller.HMCL0o/138/file2/file0" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 567.098022][T12901] fscrypt (loop2, inode 16): Error -61 getting encryption context [ 567.155104][ T30] audit: type=1400 audit(1718695719.185:5099): avc: denied { read } for pid=12900 comm="syz-executor.2" name="file2" dev="overlay" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 567.205541][ T30] audit: type=1400 audit(1718695719.185:5100): avc: denied { read } for pid=12900 comm="syz-executor.2" name="file2" dev="loop2" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 567.356673][ T20] usb 4-1: 0:2 : does not exist [ 567.376495][ T20] usb 4-1: USB disconnect, device number 28 [ 568.777991][T12943] loop3: detected capacity change from 0 to 512 [ 568.820256][T12945] loop0: detected capacity change from 0 to 512 [ 568.836665][T12943] EXT4-fs (loop3): Ignoring removed orlov option [ 568.866851][T12945] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 568.875981][T12945] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 568.876670][T12943] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 568.904914][T12945] EXT4-fs (loop0): warning: checktime reached, running e2fsck is recommended [ 568.904930][T12943] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c040e11c, mo2=0002] [ 568.921851][T12945] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 568.930102][T12945] System zones: 0-2, 18-18, 34-34 [ 568.946215][T12943] EXT4-fs (loop3): orphan cleanup on readonly fs [ 568.952483][T12943] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 568.964463][T12945] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1053: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 568.980222][T12945] EXT4-fs (loop0): 1 truncate cleaned up [ 568.985138][T12943] EXT4-fs warning (device loop3): ext4_enable_quotas:6410: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 568.986171][T12945] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 569.015845][ T9488] device bridge_slave_1 left promiscuous mode [ 569.021992][ T9488] bridge0: port 2(bridge_slave_1) entered disabled state [ 569.036844][ T9488] device bridge_slave_0 left promiscuous mode [ 569.049481][ T9488] bridge0: port 1(bridge_slave_0) entered disabled state [ 569.065331][T12943] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 569.082116][ T9488] device veth1_macvtap left promiscuous mode [ 569.092478][T12943] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor.3: bg 0: block 40: padding at end of block bitmap is not set [ 569.147715][T12943] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6153: Corrupt filesystem [ 569.171853][T12943] EXT4-fs (loop3): 1 truncate cleaned up [ 569.183881][T12955] loop4: detected capacity change from 0 to 1024 [ 569.193991][T12943] EXT4-fs (loop3): mounted filesystem without journal. Opts: orlov,usrjquota=,noblock_validity,norecovery,bsdgroups,i_version,,errors=continue. Quota mode: writeback. [ 569.269948][T12955] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 569.299801][T12955] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,resgid=0x0000000000000000,norecovery,commit=0x0000000000000005,nombcache,,errors=continue. Quota mode: writeback. [ 569.452723][T12962] EXT4-fs error (device loop0): ext4_find_dest_de:2112: inode #2: block 3: comm syz-executor.0: bad entry in directory: inode out of bounds - offset=0, inode=63, rec_len=12, size=4096 fake=1 [ 570.106221][T12943] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 570.330665][ T30] audit: type=1400 audit(1718695722.415:5101): avc: denied { accept } for pid=12971 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 570.371049][T12974] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 570.477328][T12940] bridge0: port 1(bridge_slave_0) entered blocking state [ 570.484240][T12940] bridge0: port 1(bridge_slave_0) entered disabled state [ 570.491968][T12989] loop0: detected capacity change from 0 to 1024 [ 570.493410][T12940] device bridge_slave_0 entered promiscuous mode [ 570.520050][T12940] bridge0: port 2(bridge_slave_1) entered blocking state [ 570.527292][T12940] bridge0: port 2(bridge_slave_1) entered disabled state [ 570.535467][T12940] device bridge_slave_1 entered promiscuous mode [ 570.558173][T12989] EXT4-fs (loop0): Ignoring removed orlov option [ 570.564553][T12989] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 570.593773][T12992] loop1: detected capacity change from 0 to 512 [ 570.619199][T12992] EXT4-fs (loop1): Ignoring removed orlov option [ 570.646003][T12989] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 570.693910][T12992] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 570.735692][T12992] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c040e11c, mo2=0002] [ 570.744942][T12992] EXT4-fs (loop1): orphan cleanup on readonly fs [ 570.785689][T12989] EXT4-fs error (device loop0): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.0: corrupt xattr in inline inode [ 570.804388][T12992] Quota error (device loop1): v2_read_header: Failed header read: expected=8 got=0 [ 570.812253][T12989] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.0: corrupted in-inode xattr [ 570.826753][T12992] EXT4-fs warning (device loop1): ext4_enable_quotas:6410: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 570.841456][T12992] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 570.848757][T12992] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 40: padding at end of block bitmap is not set [ 570.863859][T12992] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6153: Corrupt filesystem [ 570.886422][T12992] EXT4-fs (loop1): 1 truncate cleaned up [ 570.891950][T12992] EXT4-fs (loop1): mounted filesystem without journal. Opts: orlov,usrjquota=,noblock_validity,norecovery,bsdgroups,i_version,,errors=continue. Quota mode: writeback. [ 570.915948][T11198] ================================================================== [ 570.923884][T11198] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 570.926213][T12992] fscrypt (loop1, inode 16): Error -61 getting encryption context [ 570.931690][T11198] Read of size 4 at addr ffff888135d55000 by task syz-executor.0/11198 [ 570.931757][T11198] [ 570.949573][T11198] CPU: 1 PID: 11198 Comm: syz-executor.0 Tainted: G W 5.15.149-syzkaller-00165-g85445b5a2107 #0 [ 570.961118][T11198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 570.971016][T11198] Call Trace: [ 570.974143][T11198] [ 570.976910][T11198] dump_stack_lvl+0x151/0x1b7 [ 570.981429][T11198] ? io_uring_drop_tctx_refs+0x190/0x190 [ 570.986904][T11198] ? panic+0x751/0x751 [ 570.990822][T11198] print_address_description+0x87/0x3b0 [ 570.996188][T11198] kasan_report+0x179/0x1c0 [ 571.000528][T11198] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 571.005998][T11198] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 571.011466][T11198] __asan_report_load4_noabort+0x14/0x20 [ 571.016930][T11198] ext4_xattr_delete_inode+0xcd0/0xce0 [ 571.022236][T11198] ? sb_end_intwrite+0x120/0x120 [ 571.027002][T11198] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 571.032909][T11198] ? ext4_journal_check_start+0x16c/0x230 [ 571.038568][T11198] ? __kasan_check_read+0x11/0x20 [ 571.043422][T11198] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 571.049155][T11198] ? ext4_evict_inode+0xb8d/0x14e0 [ 571.054106][T11198] ext4_evict_inode+0xea1/0x14e0 [ 571.058993][T11198] ? _raw_spin_unlock+0x4d/0x70 [ 571.063691][T11198] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 571.069492][T11198] ? _raw_spin_unlock+0x4d/0x70 [ 571.074191][T11198] ? inode_io_list_del+0x18b/0x1a0 [ 571.079129][T11198] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 571.084861][T11198] evict+0x2a3/0x630 [ 571.088595][T11198] iput+0x63b/0x7e0 [ 571.092245][T11198] vfs_rmdir+0x359/0x470 [ 571.096318][T11198] do_rmdir+0x3ab/0x630 [ 571.100313][T11198] ? d_delete_notify+0x160/0x160 [ 571.105094][T11198] __x64_sys_unlinkat+0xdf/0xf0 [ 571.109771][T11198] do_syscall_64+0x3d/0xb0 [ 571.114033][T11198] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 571.119922][T11198] RIP: 0033:0x7fe6db721707 [ 571.124183][T11198] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 571.143625][T11198] RSP: 002b:00007ffc2ad5a4d8 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 571.151880][T11198] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007fe6db721707 [ 571.159683][T11198] RDX: 0000000000000200 RSI: 00007ffc2ad5b680 RDI: 00000000ffffff9c [ 571.167491][T11198] RBP: 00007fe6db77e6c6 R08: 0000000000000000 R09: 0000000000000000 [ 571.175299][T11198] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffc2ad5b680 [ 571.183114][T11198] R13: 00007fe6db77e6c6 R14: 000000000008b456 R15: 0000000000000008 [ 571.190948][T11198] [ 571.193796][T11198] [ 571.196049][T11198] The buggy address belongs to the page: [ 571.201528][T11198] page:ffffea0004d75540 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x135d55 [ 571.211586][T11198] flags: 0x4000000000000000(zone=1) [ 571.216647][T11198] raw: 4000000000000000 ffffea0004e55c88 ffffea0004b9db88 0000000000000000 [ 571.225069][T11198] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 571.233459][T11198] page dumped because: kasan: bad access detected [ 571.239715][T11198] page_owner tracks the page as freed [ 571.244919][T11198] page last allocated via order 0, migratetype Movable, gfp_mask 0x100cca(GFP_HIGHUSER_MOVABLE), pid 12899, ts 565972137723, free_ts 567006815200 [ 571.259511][T11198] post_alloc_hook+0x1a3/0x1b0 [ 571.264095][T11198] prep_new_page+0x1b/0x110 [ 571.268435][T11198] get_page_from_freelist+0x3550/0x35d0 [ 571.273830][T11198] __alloc_pages+0x27e/0x8f0 [ 571.278247][T11198] shmem_alloc_and_acct_page+0x4bd/0xa80 [ 571.283718][T11198] shmem_getpage_gfp+0x1388/0x23c0 [ 571.288664][T11198] shmem_fault+0x1b8/0x6c0 [ 571.292912][T11198] __do_fault+0x273/0x300 [ 571.297086][T11198] handle_pte_fault+0x167b/0x24d0 [ 571.301947][T11198] do_handle_mm_fault+0x1ea9/0x23a0 [ 571.306973][T11198] __get_user_pages+0x379/0xee0 [ 571.311671][T11198] __mm_populate+0x38d/0x560 [ 571.316090][T11198] vm_mmap_pgoff+0x271/0x450 [ 571.320515][T11198] ksys_mmap_pgoff+0xed/0x1e0 [ 571.325035][T11198] __x64_sys_mmap+0x103/0x120 [ 571.329546][T11198] do_syscall_64+0x3d/0xb0 [ 571.333804][T11198] page last free stack trace: [ 571.338314][T11198] free_unref_page_prepare+0x7c8/0x7d0 [ 571.343606][T11198] free_unref_page_list+0x14b/0xa60 [ 571.348651][T11198] release_pages+0x1310/0x1370 [ 571.353248][T11198] __pagevec_release+0x84/0x100 [ 571.357935][T11198] shmem_undo_range+0x604/0x1560 [ 571.362706][T11198] shmem_evict_inode+0x215/0x9d0 [ 571.367480][T11198] evict+0x2a3/0x630 [ 571.371212][T11198] iput+0x63b/0x7e0 [ 571.374854][T11198] dentry_unlink_inode+0x34f/0x440 [ 571.379817][T11198] __dentry_kill+0x447/0x660 [ 571.384229][T11198] dentry_kill+0xc0/0x2a0 [ 571.388392][T11198] dput+0x45/0x80 [ 571.391870][T11198] __fput+0x662/0x910 [ 571.395690][T11198] ____fput+0x15/0x20 [ 571.399505][T11198] task_work_run+0x129/0x190 [ 571.403931][T11198] do_exit+0xc48/0x2ca0 [ 571.407929][T11198] [ 571.410091][T11198] Memory state around the buggy address: [ 571.415580][T11198] ffff888135d54f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 571.423478][T11198] ffff888135d54f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 571.431381][T11198] >ffff888135d55000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 2024/06/18 07:28:43 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 571.439266][T11198] ^ [ 571.443182][T11198] ffff888135d55080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 571.451087][T11198] ffff888135d55100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 571.458966][T11198] ================================================================== [ 571.466861][T11198] Disabling lock debugging due to kernel taint