last executing test programs: 22.631218074s ago: executing program 1: r0 = open(&(0x7f0000000040)='./bus\x00', 0x1451c2, 0x0) ftruncate(r0, 0x2007ffb) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0xcd, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) sendfile(r0, r0, 0x0, 0x800000009) lseek(r0, 0x0, 0x4) 21.773490147s ago: executing program 1: r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f0000000300)='./file0\x00') mkdirat(r0, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) mkdirat(r0, &(0x7f0000000180)='./file0/file0\x00', 0x0) r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_open_pts(0xffffffffffffffff, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)=0x20020008) renameat2(r1, &(0x7f0000000140)='./file0/file0\x00', r1, &(0x7f00000002c0)='./file1\x00', 0x4) r2 = dup(r0) renameat2(r2, &(0x7f0000000100)='./file0/file0\x00', r0, &(0x7f00000001c0)='./file0\x00', 0x0) 21.738469642s ago: executing program 1: openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x240001, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x7ffe, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) dup(r2) sendmsg$nl_route(r1, &(0x7f0000000480)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x24040405}, 0xc, &(0x7f00000002c0)={&(0x7f0000000400)=@ipv4_getnetconf={0x44, 0x52, 0x730, 0x70bd26, 0x25dfdbfd, {}, [@NETCONFA_PROXY_NEIGH={0x8, 0x5, 0x8001}, @NETCONFA_RP_FILTER={0x8, 0x3, 0x100}, @NETCONFA_PROXY_NEIGH={0x8, 0x5, 0x5}, @NETCONFA_PROXY_NEIGH={0x8}, @NETCONFA_IFINDEX={0x8}, @NETCONFA_PROXY_NEIGH={0x8, 0x5, 0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x8810}, 0x1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @local}, 0x10) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendto$inet(r1, &(0x7f0000000540)="1721c45583b93da462e8df4209fa944b3bafdf1e682ba4795caa3479dd83aa6e8f300714b5031d1c654268955ee155a97442594d85c9d2a8aa649b98c1b6ea4cf7236adb217e5079e28f837ad554401e48253bacd6590d5266d60c831342928f5e287ef6d4a64a34c58897d1affb67766f17a0ea76e4d1ad93d259cbb847f81143ab2d5aaa361dcf802b0e075b56d24b2c4e5ae651c316abbe9c0af81097c1d1ee80f08806fe6ec0e922e07dfb44ba669e603b2223a2b2cdab3941fa6936c4f63578547f7642b219a6dc44e6e2edce7671ae66d822f6b4c094d1489fda221d586d0d5963a5ec87025638f8ed16e0ea599a164b0aede3018db11cc2ca508781928aaeb839eadf3f12dac8ccef10063dc1b7aeae30dd9e750909d045996daaf1860cf72a532cf44f1d022684afb8a36a0b0a5f4e4832a6dc39cde18e0180fe5618b9c52ea2de68773583b2d42c7926088e60cdd5382a7e47d7fb6bff474a707e54d95fbb5df9b50db6eed6a9722d3383fec535ff16764125bb816d27317a43a6eceaf89b59afe9acd75fc2ce35005d21f03075b384d97eba9dbf64e4b30f934db7e534f85a14f3155dc7569a542a212dbac86bb3eaeaa65d7dbea46fa8122bbf82b9b086e1a47ee53b8c17d3d6e017a5f280101a2d730b9523cfbb1f94add8ef35b6e1c8b484f5587f8bf8ad39caa205a1e24c238de24607a88b93731312001e0a996ce782ed499a794be4a819be8f09c7c86a11982ff45870e20229dbe09d9b6ec4398a7f597b0128767ec2d9357a0a796998f6254afd56f99f3e1c6fb7a0b58242f5ab10c68cde537b02945434630b4e77db28167969347f9e0545d6bc00191fb0242359f16822aabfdaad0841debcb904b87e23889d2f6a60235086f5d7a2122fcd49b41a935d8bfeea038513d0ec1a2e434620228191573bfb5b90ebeba919139b51d4022af89d2c43dfb90750b296dc21e0cfb322467b34d3d9ae96bdb18ce34761889135db220556761ea379a12f9a5a9afdc5752c780ee5e38c1dd829e89dae6ac46490db154fdec27bea80241b8410c81a779ba1171b96f1bdd08b73f321d3d4298c5006f0ca6b106e58cd67bc6bd58f0a249f1745b28cde114f83863f3f1ce987dbe20efe4c26e80cc8ae130c1d2a11ad760e3c96f9bf1e9dfb52d37787c2fc9c12d1ffad32982c334fa2fa4f988e0098f3c71a906f3dcde5dbb5f595fd2f1412f5b87c0e486af556ddfac1d0cd5e5501f767712b7b04741ab33264c9b12e0baa18d7bb3290e5d3092960e2ad727d167c5bf6cc2b6c8ceb838469e8a6e05de5248999b714091028d4b6f37909e6e9d37c534a01f3082c8a292a85a48bf6987ed985c1d83452dd4507e21abb77c1e25dd7c9b6f15c8f2d88f06149668b2835b34ae6724d8c3bdd1ae4e93ec9595e513243431f2e9b7a3491d20f38370a4f7c6adc0d8cf8686db6ea1bdffe463c5ed5bebfd0e9cdc5953a14229a1750206cf1b6338909daa35d8663bf29f475074f594a5d937006deba6cbb96e5b8e4c9eee5de96a2ce8dc78ea7f9e83f00f4b6c3aa50dee219798a41a5ab3e346dac93bc7f10ede18e41657417568b75e57cbe000ec844074d285e117245d6f37869850a58deaf7cf98fe7a93ddeaa95bdacce62a75455a76fd15b71ad548ba9dee225a31d8ddc09394a482d01e120e690b8608108735f8ebe19551a4fe7e4d5cf122a2e0942c5e475f5c0ceb635cc07e73fa94374bb0677b52b3958a3643bdf842ceb440b96786b2741ef4692b39bc14e6494cf6e56d5cb77c98887966d06cf9357dcf4b026356d3bbc5adf59ed9922c1ce142b304c1efe53082d3b476481d8908b2a83bf5d50f4ab0bd31b0b58b89c3c47ea7a06ee7ca9b682e9894012809752dd13b5ba1eafee6e8555bc7ce8a51609d468d9b600563143e6a95d7f64ca74b3f3168998d4dc2fe90944f65114030b9b2918694c8a348cf9d3f4f25329a60ffc25bcdbea95a326164c7584f97e0e84078586b01c0655bdb89089a7c8dbd9fd683533905e436626a71d03f39de0a42da42e7bb3a3b581a423cab985fae7bdd5dc25b58f961b69180acc62c00fa5c4df97a0e088830a3a2c55a070c542d1e9ff6cb0f0d74e1fd4de33e7bc1f2bac8d9cc2319f685b87f16e3752ae7b32163705aaf445f1b593e06f838cd398b06b23f9499d3ec5c82c797f6f2fc5876982181fc74cc5aca909d1dfd7885b0b814e479c94074c0ce1972706e5089b01a3fbba0202c870202e50d5eef642bdc6a424fbbf61ac3c64e8fe61ce1c0a00894e4ef7de4e1324e444930ee32aac545f489b44c8bbf052ec4858a5c6fdaf9e7e0a74ae1b5bbc95091f7f133e679c317a5512539a85037515264728132cf407e2409063c768d0736c8fb2a8244a7f1e30a0b01bdaf11ff8dde13c2680a0315ea89fdb1411d937eafbc391970fe6893fd1dc865ca2529b25c358da23b74068ddd406e5993c481daa3967328633bc3d4aaea3ec66a6ab3a12982ba3c743af8e586974b6566c7ee7d4bcf638902bb97f7faf5c53fcc7bd0a764d6514219e89d9a6227f9540f20c73cb47088d11ee742ffd7bbc368aff5e708f3968af81860b10e1fe6fbc2ecbc97f4c58a359034e48d54f2eb43fbc09669797de76031c4db87fca5433aaf48e173da1ec8a1d6c9d8a77e95977e771b8ad623e5430629262eb57e79bc4ca73d453e5741249984d50d2d1caaad7c210eb6346379cf89b29cac15126728cd6aaa57798b92f34d536979982b183cae6a66c9bd0aa2a6de6e4ec0af3dd9e956a25cfce08a891b2be6b1089e428b0bda3e7b03bf2a03685f81e90e3da7b92fb839558c80e761059fc013904b6edd752156aa0c1cfcdc63fbcef3ec446e412897deacfdcdecb70dc92ca6e60b282f54a18e4fa9afa9b787278dcb4f5730579961929d9ed729a0c69cf2c2b6beb9ab5c84474d793edfc4f5242ba668fe5f5404da535f6b04f48de583c8eb46ec7300dabfc58f0fd68e8a7df94c83ba0f6508244ec4466fdac884d725673a0d98b177abf57a43d2b55036919049ddbcd50fe52db8f063805720fe85e02426aeb476269ea0b6607dca0f155a9719f32596ed26ea592c413b3d36665edce8a200c7f17ca9788950b51b3fda12e95a352a1990bffd2c2c4f580c0b5eebe7bc90e985e532639d933e0bf20f4f1e9578468bf286332256bbf426dd0fbc0b69937852d1455d1a44e1d1b5c3d249c5782102d2d0c992e67b6dcd270353b5d79e8e03abee27685c3a558dbeed4bcacad03126ba0be5b22d15f2abd3285f55f090a87c23e3444e2fff3bc7b751336f2e78c876d9449c0a09b6180bcf43d266381d87677a4d993982db44ce030c2e874811f7f3d43c731a4c40169d7d8d225dfdf70c081bb20a6add541b4017174f9ee6193f5fc7a7fae970fff4ab1b1f79d0bf72af2120bcaccba89658f64a994ac7898df884e7bcc45d12618d62f8628f894afadc0e707a99c86ad629b2baa4bb2dc690a1b429fd6d34b748b16ad48f2a088bf9a332ec98af383e6437a7257bf14e65151ddb56580fa17f0adae86c534323e8936a856398ad23af536572288a46df45ce063f8d75386e2a74ef495b4156d58718d19a9afde8f63140e2378a31b5fa8435dd4eb2e9c810cefe87426e497666f6a18139c4fc86f19c5b80f65b0d3bc7a57279b6b9dbac74066954c848aeb238feee8c58c24822013b60501428bc204662071173abd88ec1d16178328bffb33c4074c8ee0f0c5bc7bbca8fb04d2734a9857bc25b6f4c19a3dc7fe1ba1740b8063be8ebf61e8143576db83d7dd9ead46ef4eb19182f7000b1960be5c3fb4f17205b42693f716abd9f0ce7f09d4986fcfd82978e861de582be172f2c998d733982433dcaaf4ceb75092a319c942034c5cba8c5d75007ec8ddce12ed7c7fe467a772e894bbc8fcc8e9e52356b48a27b68adcb0286902c40cf878ccba490af6ee0a5ac2e6007077ee1d1e6a3d594649b1b79bee15e0ba43bbde6226d803a339590a1e240c6b6c4a82c2bbe622c93447d88850c6ee81d2c5b3fb948585fa7c35ac9373148fadc97ff28b6b8f83b0a8c2af887b11ff16f298bdb088c993d87277c71f7e4e01abd61d340db0c26ef372fd7ca8e0c719b72e9e4ce78ddae6662d8ac7d254a3df7f63ea39a49a30847a90b5aafe68ef46fb54aaa9b4d1d75c40cc1bc511c7c8c528355c8a9938cdad9f8c019c66f4243464d6be474f9ef23856e1a6bd4eaf48e9faa3818506012327f33b0cd122f9b829d924747c4e6092edca7a39a05853e47f6f80cb4b836634a152251491df3f5271e23695429a0ffefa863bb3204b3989701071ab6192a6db67e6f355a9cb7364de299f464b3a92a980eaa238ea3a76352243aa45363ec4a5a04b5b634d405b6f01c1d1ec4499b26894a98e687a1712876f45bb5c97eef0cadca78321a2a0ef537788841c06d432ba831865bd2f07fa092ba8c5d12821c497ed0c7c8dd77062db22ecda729f40fd983695d70a64eb12f9dbb507f60d65ad46ea4b160046422a7b3e4a1c1db17a0a2f7c09057cd93aed50b4d220d6cbbc6bd6d99ecc8e202c3239e000e6be48a8af4f51d55f8835606d41b214559c7bc30c46ed3c2854f055a56b6e9fef641bc2cd003ec967468d34e088788ac238aaf22ae36acb68288090a60476026680d764e32590e0061787969466e569f9e16f33698f07ce1eaa83f874b272d1efcad7420598a500bd26edceff500fd2f75697deddab72c3edee95a4c7d4ab23c272220551b1222030c30ac029f02acabd9ad629bd091d1fd045f256c73bf17109c75510baab13e69e722bfd63d553e700733a243f6f13c9621775caf60fe9e6ec80af8a479d9a9145d697f6946e478f365c355a261f616addb093b4b2017bae7bbaf1a2ea32406781c294ba56ba2907ca0fa81d098de024cbb404554cec66a76bdd875386feaf4b1693ad9e7a33e5b61e1accf86a1e42c4d3db30152887f8e1b3a284099ef2ac1bc6f02744f984ead18a2908b5f3527bcf7e1245f5232784cc346bed7bca862436e62e3948586c2dac5ef11a0f3291c41de2a27d7cbbc8cabc2740310d25a1e6e874dbf932415eac155274d0d8662c8ce00d8f49e7862829344773a5f771ca76edfd8e46e88947432cee0df5893af3044735c1a24a129bd360600034e627b79058d2f0912ce0374c631c6b5afcec2291073b473d9e6141fff32e4baecdcec059b6024c51eb001853932b23bf7430e8e8f6f49216f3659630197c7bf6e8c3bbc9f0d357c7a63b2146360b12a9e26cc6dac4882463830dce42ae24d0e4dad78da645e2fbbcfe5e77952c7893ff4bea730a2cd8ee03107a9d20bf29bd5bca91a1b41acf37c7430f043d00d7c107314f893ec31c0d3252c037cf07ee3ca312e56f5b804c584c3246d8f9a4a200285952a325f0c5065a6b81386c136aa79ac95e846624a61803ebbd6edd1f58a2043d5312dd0f3c65319f9eaffe9c7a6e369ed9a5f5f4279bc4296fffb3eb6df166d0dbdb95df157d1eededff49aaadc572d9aecbd30a5fbd5736b0f804cc42cf339d752f86ae0355e905de52083b2df3ad609491234f2e29153cee7114f64ac6298b79418347a497f019c0ab3b15054d291026520918b9ff533fe39061edb352a5b3f1e0da9936c5ae8fe12d9350fe6023638d80ad7836b421c65961b642215ff52349eb57085c57c5b20e475d82ad281e46e985044f0270e4977ec22c561b5f1881eaf30c91ca62ec7a448ab2b8bbc863f26490f0bf85b0c889", 0x1000, 0x0, &(0x7f00000001c0)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x3e}}, 0x10) ioctl$sock_inet_SIOCSARP(r4, 0x8955, &(0x7f0000000100)={{0x2, 0x4e23, @loopback}, {0x1, @broadcast}, 0x12, {0x2, 0x4e21, @broadcast}, 'veth0_to_bridge\x00'}) pipe(&(0x7f0000000340)={0xffffffffffffffff}) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) splice(r5, 0x0, r6, &(0x7f0000000140), 0x12, 0x6) r7 = dup2(r0, r0) bind$inet6(r7, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @mcast1}, 0x1c) getsockopt$IP_VS_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x481, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x78) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) setsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000040)={0x1}, 0x8) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) close(r3) 21.684394391s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001040)={0xa, 0xe, &(0x7f0000002e40)=ANY=[@ANYRES64=r0], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x15}, 0x90) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001240)={r0, 0x58, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x9, 0x6, 0x1, 0x392, 0xffffffffffffffff, 0x2, '\x00', r2, 0xffffffffffffffff, 0x1, 0x2, 0x5, 0x8}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r3, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000300)=r1}, 0x20) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) close(r5) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x1, 0x3}, 0x48) sendmsg$unix(r6, &(0x7f00000007c0)={&(0x7f0000000600)=@abs, 0x6e, &(0x7f0000000740)=[{&(0x7f0000000680)="c122a26bc5a936beb620cae2570cc0ad7b8cce9139c2567ff4242f09ad626086a3a062f0152b80c3f740e75d09772d7d96ebcf51c84a11920d763a512419a70048116e4e43dd549df7fcbc19b7ffad7f98465c2f0026d18116538ea695ca62ace720bad320283d881cf9eb8ecb9f89f7c78e3886ba79d9676e45b5be0920fe03cccd9aa0edf35303be82bc5aabae454324c6e2b573", 0x95}, {&(0x7f0000000500)="10c2228aeda46a0cd0e396", 0xb}], 0x2, &(0x7f0000000780)=[@rights={{0x1c, 0x1, 0x1, [r5, r6, r6]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}], 0x40, 0x4000c11}, 0x0) r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='blkio.bfq.time\x00', 0x0, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x0, 0x16, &(0x7f0000000480)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b700000083000000bf0951cd7a00000000000055", @ANYRES8=0x0, @ANYRES16=r8], &(0x7f0000000040)='GPL\x00', 0xfffffff9, 0x0, 0x0, 0x0, 0x33, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x0, 0x0, 0x8, 0x8}, 0x10, 0xffffffffffffffff, r6, 0x0, &(0x7f0000000540)=[r6, r5, r5, r5, r7], 0x0, 0x10, 0x7}, 0x90) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000700)={0x3, 0x0}, 0x8) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000740)={r3, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0xb, 0x35, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfff}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}, @exit, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7ba2}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x7}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000580)='GPL\x00', 0x6, 0xc2, &(0x7f00000005c0)=""/194, 0x41000, 0x0, '\x00', 0x0, 0xa, r6, 0x8, 0x0, 0x0, 0x10, &(0x7f00000006c0)={0x0, 0x4, 0x10000, 0x401}, 0x10, r10, r1, 0x0, &(0x7f0000000780)=[r3, r3, r3, r3, r11, r3], 0x0, 0x10, 0x3}, 0x90) r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='net_dev_start_xmit\x00', r12}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r1, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000040)="76389e147583ddd0569ba56a655855", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x10}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$MAP_CREATE(0x0, &(0x7f0000000fc0)=@base={0x19, 0x30, 0x3f, 0x8001, 0x4, r11, 0x7, '\x00', 0x0, r8, 0x4, 0x4, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000015c0)={0x12, 0x6, &(0x7f0000001180)=@raw=[@generic={0x0, 0x1, 0x4, 0x4, 0x10000}, @generic={0xb6, 0x8, 0x2, 0xc000, 0x46c}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}], &(0x7f0000001100)='GPL\x00', 0x5a54d031, 0x14, &(0x7f0000001140)=""/20, 0x41000, 0x1, '\x00', 0x0, 0x1a, 0xffffffffffffffff, 0x8, &(0x7f00000014c0)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000001500)={0x1, 0x9, 0x2, 0x1}, 0x10, r10, r9, 0x1, &(0x7f0000001540)=[r5, r11, r3, r0, r4, r4], &(0x7f0000001580)=[{0x4, 0x3, 0xe, 0x9}]}, 0x90) r13 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r14 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x5, 0x1, 0x8e, 0xe7c9, 0x1}, 0x48) bpf$MAP_DELETE_BATCH(0x18, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xe30a, r14}, 0x38) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000dc0)={r13, 0xe0, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000980)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x9, &(0x7f0000000b00)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000b40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xb7, &(0x7f0000000b80)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x50, 0x10, &(0x7f0000000c00), &(0x7f0000000c40), 0x8, 0x23, 0x8, 0x8, &(0x7f0000000c80)}}, 0x10) r16 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020227b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b70300000000008d850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_request_inode\x00', r16}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000f00)={0x6, 0x11, &(0x7f0000000880)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xf91}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x5}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000940)='GPL\x00', 0x3, 0x95, &(0x7f0000000a40)=""/149, 0x41000, 0x4, '\x00', r15, 0x25, r5, 0x8, &(0x7f0000000e00)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000000e40)={0x3, 0xf, 0x7, 0x20}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000e80)=[r0, r7, r8, r7, r14], &(0x7f0000000ec0)=[{0x5, 0x2, 0xd, 0xc}, {0x3, 0x4, 0xe, 0xb}, {0x6, 0x2, 0x7, 0x7}], 0x10, 0x5}, 0x90) 21.665052164s ago: executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000200)={0x0, 0x0, 0x5, {0x5, 0x0, "a8c6df"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec8500000050000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r1}, 0x10) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0003120000001203"], 0x0, 0x0}, 0x0) 16.737750619s ago: executing program 1: ptrace(0x10, 0x1) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000001c000000000000002300850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000082505a8a44000010203f1"], 0x0) 5.556443167s ago: executing program 2: r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0xcb, &(0x7f0000000b80)=""/203}, 0x90) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/packet\x00') close_range(r2, 0xffffffffffffffff, 0x2) pread64(r2, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) getsockopt$sock_buf(r0, 0x1, 0x3d, &(0x7f00000004c0)=""/60, &(0x7f0000000500)=0x3c) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed000e, &(0x7f00000000c0)={[{@jqfmt_vfsold}, {@data_err_abort}, {@debug}, {@noload}, {@mblk_io_submit}, {@commit={'commit', 0x3d, 0x5}}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@grpquota}]}, 0xfe, 0x45a, &(0x7f0000000940)="$eJzs3M9vFFUcAPDvzLblt62IP0DQKhqJP1pafsjBi0YTDpqY6AHjqbYLqSzU0JoIIVo94NGQeDfe/QOMJ70Y9WTiVe+GhBguoKc1szMDS9ktXbplofv5JLP73syD974z83bezNttAH1rNHtJIrZGxJ8RMZxnby4wmr9du3J++t8r56eTqNff+SdplLt65fx0WbT8d1vyTL1e5De0qPfC+xFTtVr1TJEfXzj10fj82XMvzZ6aOlE9UT09eeTIwQN7hg5PHupKnFlcV3d9Ord759H3Lr41feziB79+l7V3a7G9OY5uGc33bkvPdruyHtvWlE4GetgQOlKJiOxwDTb6/3BUYtP1bcPxxhc9bRywpur1er3V9bmwWAfWsSR63QKgN8oLfXb/Wy53aehxT7j8an4DlMV9rVjyLQOR5oknB5fc33bTaEQcW/zvm2yJNXoOAQDQ7Mds/PNiq/FfGo/kiaHs5YFiDmUkIh6MiO0R8VBE7IiIhyMaZR+NiMc6rH/pDMmt45/00h0HtwLZ+O+VYm7r5vFfWhYZqRS5bY34B5Pjs7Xq/mKf7IvBDcdnk+rEMnX89PofX7Xb1jz+y5as/nIsWLTj0sCSB3QzUwtTq4m52eXPI3YNtIo/iXIaJ4mInRGx6w7rmH2+/YTQ7eNfRhfmmerfRjyXH//FWBJ/KWk7Pznx8uHJQ+Mbo1bdP16eFbf67fcLb7erf1Xxd0F2/De3PP+vxz+SbIyYP3vuZGO+dr7zOi789WXbe5oOz/+j24rzfyh5t7FiqNjwydTCwpmJiKHkzVvXT97438p8WT6Lf9/e1v1/e9zYE49HxO6I2BMRT2Q3hUXbn4qIpyNi7zLx//LaMx92Hv8yT+W7KIt/5nbHP5qPf+eJysmff+g8/lJ2/A82UvuKNSv5/FtpA1ez7wAAAOB+kTa+A5+kY9fTaTo2ln+Hf0dsTmtz8wsvHJ/7+PRM/l35kRhMyyddw03PQyeKZ8NlfnJJ/kDx3PjryqZGfmx6rjbT6+Chz21p0/8zf1d63Tpgzfm9FvQv/R/6l/4P/SnR/6Gv6f/Qv1r1/8/alh77fk0bA9xVrv/Qv1bQ/xfzt/ajAuD+5PoP/Uv/h77U9rfx6ap+8i+x7hOR3hPNWP+JgRX/MYsOEvXhvP9naza0LNPrTyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDu+D8AAP//Yz/jTQ==") close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = socket$packet(0x11, 0x3, 0x300) r5 = accept4$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000000)=0x1c, 0x0) setsockopt$inet6_int(r5, 0x29, 0x1, &(0x7f0000000080)=0x6, 0x4) accept4(r4, 0x0, 0x0, 0x0) syz_open_dev$mouse(&(0x7f00000000c0), 0x4, 0x747180) write(0xffffffffffffffff, &(0x7f0000594000)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_mtu(r6, 0x29, 0x17, &(0x7f0000000180), &(0x7f0000000100)=0x1) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000140)={'batadv_slave_0\x00', {0x2, 0x4e23, @private=0xa010101}}) r7 = openat$cgroup_int(r3, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_subtree(r7, &(0x7f0000000100)=ANY=[@ANYBLOB='N-N:N/8'], 0x6a) r8 = fcntl$dupfd(r1, 0x406, r0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xf, 0x9, &(0x7f0000000a00)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYRES32=0x1], &(0x7f00000000c0)='syzkaller\x00', 0x401, 0x4, &(0x7f0000000100)=""/4, 0x40f00, 0x10, '\x00', 0x0, 0xa, r8, 0x8, &(0x7f0000000140)={0xa}, 0x8, 0x10, &(0x7f0000000180)={0x7}, 0x10}, 0x90) r9 = socket$nl_generic(0x10, 0x3, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000980)={0x3, &(0x7f0000000940)=[{}, {0x1c}, {0x6}]}) sendmsg$WG_CMD_SET_DEVICE(r9, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000280)={0x80, 0x0, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @b}, @WGDEVICE_A_PEERS={0x34, 0x8, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x8, 0x9, 0x0, 0x1, [{0x4}]}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}]}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg2\x00'}]}, 0x80}, 0x1, 0x0, 0x0, 0x40000}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000300), 0xffffffffffffffff) 4.933067824s ago: executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendto$inet(r0, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10) mremap(&(0x7f0000000000/0x9000)=nil, 0x200003, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) sendto$inet(r0, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) 4.924821635s ago: executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x8, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8c18cffb703000008000000b704000000000000850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='rcu_utilization\x00', r1}, 0x10) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff9ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca711fcd0cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b24df41dc10d1e8bf076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b318e2ec0e1a00897a74a0091ff110026e6d2ef831ab7ea0c34f17efd36ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0cb82d2789cb132b8667c21476619f28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fbce841f8a97be6148ba532e6ea09c346dfebd31a08b32808b80200000000009dd27080e71113610e1019c12a73748b049604fa72c64ed858e8327ef01fb6c86adac12233f9a1fb9c2aec61ce63a3462fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6e97180aabc18cae2ed4b4390af9a9ceafd07ed00b0000002cab154ad029a119ca3c972780870014601c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f4b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a2a71bc85018e5ff2c910496f19afc91b47683db01a469398685211bbae0e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bde792c88c5b8dcdcc22ee17476d738992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5dc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffffd7917f23837a6b24db0e067345560942fa629fbef2461c96a08707671315c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e48455b588b90dfae158b94f50adab988dd8e12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859ac8e3c177b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2498d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d4a3e1a9e90d76c1993e0799d4894ee7f8249dc1e342892129369ee1b85afa1a5be5f6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355b17402a500587b603306a5af8d867d80a07f10b854b1c8c768c001496fa99ce5b5040be9194123e918914a71ad5a8521fb956dbc60f7d9719b55b3abb613a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c6775e19f0b7e70803000000b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989172a1bcd1e30280bc586e79a5dd8076c248e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fccf363361dcdba10c1547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5c759c3e5468f5874c24411d415b6b085fb73a2d7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aa0000000000000000532ff181c985f54b7ae20aa5e63055b4d6a36fa98a44e379d2bccf977c3e88538f406b598307c9912fb097601f3f88a2ea6fd1f9320cfe7f09aed4d1e72d26e5c7a93854c8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589ac5d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd92689192727a7267c47cf897853d160100b39b613faefe16bd91fc105dddd77ab929b95032d3717fa9fbdc2bdc0e98ae2c3f23a6131e2879f0484ee3bfe30b92dd493be66c2242f8184733b80ba28e824910844df31f3d4bb2f89049c5f6d63956995747639964217aacfe548fc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc1758763f0000009c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5a45706bda78ab602000000000000000000113a3065a478d1de98be3a66f6fbf68f2f5693050fa56db62e2f99cf916059ee364dad078fc88d17cbde37a2270f90a60afe8548f4c579b09c333382c6e7a316ac03aa23d379836b96173a5541fa96c27e7fb6d2585d828aa330f3438d8487912bb7742be1502e706644f7a937451beb7a5f6ca3ef21e8cb8f841af6d54334d82a8b816b6daccf0c66162f897623ee325d714f9f10636a7573582ff31c7f9c6f767c806ef4af486cc19a5355bdc814cb5557c6fa6404179c865980b0815b907a7f268e97828c196f5ac033d395a217b4e1e45663023a0292003c36a3b7461fc2c8566e0f3f693bfacae26aa2b7d17962989ccb943633c080aacc9b7d311c251686fc66aa80bf41a5bf6cd72d5aa995820fb318fad61a79a61d0a969fd6018ac9f131fe02fe31d565723cbf9b63841e21417fc29a3e7a03886d80566ae001861799a4aad91c72139e681ced8625b675dfbd6d458d4b2d9e6d565430248172ad942cdb41639f4113896827c8806e049218cd1eef89d6b9b14dd707da40705c07f878263ff9b71ccf28ec50178c7aac83bef7bd1045a5e4bcb6cfe05e2ac3e17c1f8f12ddf5b6770ce0da8cb3aba3a935a6b737b6d3ebf2c715dcc11c5759bd0acdecf333f2b77c52fb2251336bbd92f73ad1a30bb9162bd9d699c49d824b827f3e7c1096354946e09922db25904c83262c6dcb87457e4abefa0e9dcb17d79c173895b74aae2ed4419662690a16494e7b27d0d2688c69b4be3d21b783195f6a5e5dc5c07c73f0d0f0670db10ac9ef5b8295ff88df734e3c6ab8555c0390f962cbf559bce9c42e1034dba78997b2877b485d9d4ae2fcd3e757b84319879d0337785773c940af6e57d162f4606d101def01199325c8676a32e26303560271b720216d95e0013265a45b02bd2414bebda89b7b5e71e70e00"/2537], &(0x7f0000000340)='syzkaller\x00'}, 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000380)={&(0x7f0000000e00)={0xb4, 0x0, 0x8, 0x70bd2c, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5}}, {@pci={{0x8}, {0x11}}, {0xd}, {0x5}}, {@pci={{0x8}, {0x11}}, {0xd}, {0x5}}]}, 0xb4}, 0x1, 0x0, 0x0, 0x4000040}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r10}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r9, 0x18000000000002a0, 0xe, 0x10000000, &(0x7f0000000100)="b9ff03006044238cb89e14f088a81bffffff00004000632f77fbac14140be934a0a662079f4b4d2f87e5feca6aab845013f288a81a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x6}, 0x2c) r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r11}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) 4.578097359s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="8000000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000010000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r2}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0) 4.56852067s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r2}, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) close(r3) 4.498644011s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x4, 0x4}, 0x48) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{r0}, &(0x7f0000000700), &(0x7f0000000740)=r1}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000200000000000000000818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) recvmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000580)=""/70, 0x46}], 0x1}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='ext4_free_inode\x00', r2}, 0x10) unlink(&(0x7f0000000140)='./cgroup\x00') 3.375158596s ago: executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000000000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) pipe2(0x0, 0x0) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r3}, 0x4) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10) r5 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x650, 0x368, 0x25, 0x148, 0x0, 0x60, 0x5b8, 0x2a8, 0x2a8, 0x5b8, 0x2a8, 0x3, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x2f8, 0x368, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'veth1_to_team\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b9f28413d9d8ad470ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc2d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x1f0, 0x250, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve0\x00'}}, @inet=@rpfilter={{0x28}}]}, @common=@SET={0x60}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x6b0) gettid() kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, &(0x7f0000000200)) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0xfffffffffffffde9, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bind$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfb, 0x2000}, 0xc) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) 3.356569038s ago: executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x4) recvfrom$unix(0xffffffffffffffff, &(0x7f0000002a00)=""/4111, 0x100f, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000079000000090000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000070018110000", @ANYRES32=r3], 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000580)='sched_switch\x00', r4}, 0x10) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r5, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000003380)) r6 = eventfd2(0x0, 0x0) ioctl$VHOST_SET_VRING_ERR(r5, 0x4008af22, &(0x7f00000001c0)={0x0, r6}) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f00000016c0)=""/175, 0x0}) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000000)) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)) ioctl$VHOST_VSOCK_SET_GUEST_CID(r5, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r7 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r7, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) 2.248576991s ago: executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) unshare(0x22020600) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000440)={[{@noload}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@block_validity}, {@quota}]}, 0x3, 0x431, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') setns(r1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.150256016s ago: executing program 2: r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000000020961b0a9f15000000000109022d00010000000009040000050300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000d40)={0x18, &(0x7f0000000780)=ANY=[@ANYBLOB="00000700000007007673ed26"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hidraw(&(0x7f0000000940), 0x0, 0x4a141) syz_usb_control_io(r0, 0x0, 0x0) write$hidraw(r1, &(0x7f0000000180)=',#', 0x4000) 1.935808349s ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000080007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10) timer_create(0x0, 0x0, &(0x7f0000000000)) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r2}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) 1.897024565s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x1, 0x42, 0x40, 0x0, 0x1}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x0, 0x1, 0x0, 0x2a21, 0xffffffffffffffff, 0x1f, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x1}, 0x48) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8000002b) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000016c0)={0xffffffffffffffff, 0x20, &(0x7f0000001880)={0x0, 0x0, 0x0, &(0x7f0000000680)=""/4096, 0x1000}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x14, 0x2, &(0x7f0000000100)=@raw=[@map_val={0x18, 0x1, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x401}], &(0x7f0000000140)='syzkaller\x00', 0xff, 0x63, &(0x7f0000000180)=""/99, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x8, 0x1}, 0x8, 0x10, 0x0, 0x0, r1, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[0xffffffffffffffff]}, 0x90) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000140), 0x3af47044) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x1, 0x2, 0x7, 0x4, 0x0, 0x1}, 0x17) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000000c0)={&(0x7f0000000200)="f1", 0x0, 0x0, 0x0, 0x36, r3}, 0x38) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000880), 0xff6b) r4 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000640)={r2, 0x20, &(0x7f0000000600)={&(0x7f00000005c0), 0x0, 0x0, &(0x7f0000009a40)=""/4096, 0x1000}}, 0x10) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000a40)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0x10}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r6}]}, 0x3c}, 0x1, 0xba01}, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000080)={0x0, @loopback, @local}, &(0x7f00000000c0)=0xc) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0xeb21, 0x8, 0x5, 0x800, 0x1, 0x100, '\x00', r6, 0xffffffffffffffff, 0x3, 0x2, 0x2, 0x4}, 0x48) r7 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r7, 0x8922, &(0x7f0000000180)={'team0\x00', 0x44}) connect$pppl2tp(r7, &(0x7f00000002c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, r2, 0x0, 0x1, 0x4, 0x1, {0xa, 0x4e23, 0x9, @local, 0x9}}}, 0x3a) ioctl$SIOCSIFMTU(r7, 0x8923, &(0x7f0000000000)={'team0\x00', 0x18a1}) sendto(r7, &(0x7f00000001c0)="3a5012944f6a89c8f737a6d300a1542b03e9f6044835f9169af64495c16e439417682c0df38fc607c967567b986bfe931e4e57ebd05a6a79d890545331de56691a41dfd3fbce1c21c39a0052840018b5889c7ec85eeadc51c5a16f1e4c6d7b627350504e03519717c7f0142aebc339e77ecd073666d9a20da5cb24395fb8c2ef47c0528b4ed80fd16016a90af4fbeaf55c4c80e1827dbce88c1d52b8b618a2b0fe3e914b071cee39828d175df9af5befaf165f26eafeafbf4fbc5d164da90af9c0df1e678a40644b8762b297230a73cea8c03f48653bd17ff5aaf1ec47c972d0fd867b10f8204a8ed3decfde319f", 0xee, 0x20000010, 0x0, 0x0) ioctl$SIOCSIFMTU(r7, 0x8922, &(0x7f0000000540)={'tunl0\x00', 0x9}) ioctl$SIOCSIFMTU(r7, 0x8922, &(0x7f00000000c0)={'nr0\x00', 0x3ff}) writev(r7, &(0x7f000000acc0)=[{&(0x7f0000000380)="b28d34da395c5769f5745bb2211c9925190e37196558a67eaefd8f3e520ccf51efc17daa10ffe0f9d85bbaf9b0ab563a0056642eb132608d96fd7d9efa8c8a0de59f717136fdf26b98f2bd8a5498be3421df0386b11357", 0x57}, {&(0x7f0000000400)="cc8c10b02875f308344b9fe932536a915017c303083ad7548ebf20d323f6666771c4fe3f51d50e111214f8578ce856f0344e809f6a488bb73b6676ec4d8b5fbd95b71b3ef12bb84e5eabf247df32f5f475", 0x51}, {&(0x7f000000aa40)="77619f0844f43272438626c011da24a0460de3de3521a43efab69fe0fba61f966350db2c51fb546e294b0bd9877aa38f71ca9d7f04b74c0e173406231cf0f6f8e3cafb9fd21ffd17bd879c8167398da50ff2f3d853a34e9f15b6e92f35f008c82ab02bb02279130ff16e3f6f7b721005eda02c849f4312ea28459c9853e6fc860bb53a739fbdbbf45b5b8890466cbe8e0d666b793d9514f9e08808d6a452bc4dd58906a7afc2fe595886fca0b69bba59a6f9507abf938abcc1bcc74541589a5c9b0a9b27e2f201", 0xc7}, {&(0x7f000000ab40)="930d0ba974e3c7b20542f25ece62e36d903dfe3f41e564093dfd343c8065c469feee6feccb150d6f44ddfca135879c2127dc192a5db747f3458c2ad68e2496afa1b0315549028c743f158c2d23f101d265525a22be06757905e28936979cd23c62ba4c62bcb8189517fbdd3f2111f7932fb6f87ea54062862b5da36c5998c2d33e91afca5e5001fcc3196f7ed86927c2fa6c64d2f6bb27", 0x97}], 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x10, &(0x7f0000009940)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1ff}, {}, {}, [@exit], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r6}, 0x90) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="280055e21ee7ad7e83e2", @ANYRES32=r6, @ANYBLOB="08008100010000000800010001000000"], 0x28}, 0x1, 0x0, 0x0, 0x4001}, 0x20040000) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100), &(0x7f00000005c0)="69798f5c7d4865052a05723c1f3bb61a8727716b874a8fb964661238474faa59f72093276a4ab32a652c0225ab041f7f7c2e715c6a1f017c", 0x3080, r0}, 0x38) 1.80021459s ago: executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000240)={0x44, 0x5e, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @u32=0x1}, @nested={0x2a, 0x0, 0x0, 0x1, [@generic="25dc00ae07d1ef04c8de396d1073884d095537a2e7044884f17912923e15e6852e5173f6ed", @generic="96"]}]}, 0x44}], 0x1}, 0x0) ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f00000008c0)={0x0, 0x2, 0x0, [0x7fff, 0xa0000000, 0x4, 0xffff, 0x1], [0x1, 0x4, 0x1, 0x7, 0x401, 0x9, 0x8001, 0x620f, 0x8, 0x400, 0xfffffffffffffffa, 0x687, 0x6, 0x1, 0x5, 0x4d6e, 0x80000000, 0x4, 0xed, 0x2, 0x9, 0x800000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x9, 0x3f, 0x80, 0x0, 0x46000000, 0x0, 0x0, 0x1f, 0xffffffff7fffffff, 0xff, 0x8000000000000001, 0x5, 0x1, 0x200, 0x1, 0xfffffffffffffff7, 0x4, 0x20, 0x6, 0x1, 0x8, 0xd53, 0x0, 0x5, 0x2, 0x20, 0x800, 0x0, 0x2, 0x1, 0x8, 0x2, 0x8, 0xffffffffffffffc1, 0xffffffffffffffc5, 0x8000000000000001, 0x4, 0x1000, 0x6, 0x800, 0x3f, 0x4, 0x600, 0x3, 0x4, 0x4f43, 0x4, 0x81ce, 0x8, 0x1, 0xf67, 0x10001, 0x869, 0x4c0b, 0x2, 0x7fff, 0xfffffffffffffffc, 0x3, 0x18, 0x3, 0x9, 0x81, 0x219, 0xfffffffffffffffe, 0xffffffffffffffff, 0x6, 0x1, 0x8a70, 0x4, 0x5, 0x4, 0x0, 0x3f, 0x1c7, 0xe1b80000, 0x1f, 0x1, 0x6, 0x8001, 0x8000, 0x6, 0x400, 0x4, 0x8000000000000001, 0x6, 0x8, 0x855a, 0x155, 0x8000, 0xff, 0x5]}) sendmsg$MPTCP_PM_CMD_GET_ADDR(r0, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x64, 0x0, 0x100, 0x70bd29, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x14, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x18}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x18}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x2c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x40}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1f}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x18}]}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x7}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000040)={0x0, 'ipvlan1\x00', {0x28fd}, 0x8000}) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000440)=0xd4, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x11b0, 0x4) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000280)={0x1, &(0x7f00000001c0)="f1b158a8bdf59792e0af784ee60624ec31350991832cccf8de0f373252560b4b30bf7415ac0974f933ca37c17ba6d0a24b11dec7fd593be8546378b486c9b82b5ba90120ce907e1ae04e22256ed7274eb798606a341f594b373a993d32d70ed5c1a050195bc9a32de5", &(0x7f0000000240)=@tcp=r2, 0x4}, 0x20) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0xa, 0x6, 0xcd, 0xe8}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000002300)={0x0, 0x0, &(0x7f0000000240), &(0x7f0000002380), 0x806, r3}, 0x38) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000800)={r3, &(0x7f0000000a00), 0x20000000, 0x2}, 0x20) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_ULP(r4, 0x6, 0x1f, 0xfffffffffffffffe, 0x4) pipe(&(0x7f0000000500)={0xffffffffffffffff}) connect$inet(r5, &(0x7f0000000540)={0x2, 0x4e20, @rand_addr=0x64010101}, 0x10) bind$inet(r4, &(0x7f00000002c0)={0x2, 0x4e22, @multicast1}, 0x10) r6 = socket(0x8, 0x3, 0x81) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r3, &(0x7f0000000080)="6c4c4268c43f7a8efa4ec9c6c5a8857032d8bc7edbc09a1d722ad49905f15c79b3fe63d8de1f0a19a3167fb165ce7e31fe056ed9814ded9d112feccda68d276dcbcfad1dcc62aeacc712e8382a9225638dea800d2705abdc37054b3aad748aefe9dcfd1deb42ae4aea1ab78857b02548795fc3c54274c4c866f062e2db0560c57c21c9a66069b6880f4549cd97fa8210191777dd5d442c5de6959c0c71670d7ba612af3b6d4f3f", &(0x7f0000000140)=@tcp6=r6, 0x4}, 0x20) ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r1, 0x890b, &(0x7f0000000000)={0xffffc0fe, 'vlan0\x00'}) getsockopt$SO_COOKIE(r1, 0x1, 0x39, &(0x7f0000000480), &(0x7f00000004c0)=0x8) 1.656707263s ago: executing program 3: syz_mount_image$ext4(&(0x7f00000009c0)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000000)={[{@user_xattr}, {@journal_dev={'journal_dev', 0x3d, 0x7}}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x3}}, {@nolazytime}, {@jqfmt_vfsold}, {@data_err_abort}, {@errors_remount}, {@usrquota}, {@dioread_lock}]}, 0x0, 0x551, &(0x7f0000000340)="$eJzs3c9rHFUcAPDvbLL9rU2hFPUggR6s1G6axB8VPNSjaLGg97ok01Cy6ZbspjSxYHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZZDbdNrvJNt02G+fzgUnem5nNe2/ffF/e7NtlAyis0exHKeLViPg2iTjcdmw48oOja+ctP7w+lW1JrKx89lcSSb6vdX6S/z6YZ16JiN++jjhZ2lhuY3FptlqrpfN5fqw5d2Wssbh06tJcdSadSS9PTE6eeWdy4v333u1bW988/88Pn9796Mw3x5e//+X+kdtJnI1D+bH2djyDG+2Z0RjNn5NynH3ixPE+FDZIkp2uANsytB7n2RhwOIbWc8D/3VcRsQIUVCL+oaBa84DWvX2f7oN3jQcfrt0AbWz/8NprI7EvyhFxYDl57M4ou98d6UP5WRm//nnndrZF/16HANjSjZsRcXp4eOP4l+Tj3/ad7uGcJ8sw/sGLczeb/7zVaf5TWp//RIf5z8EOsbsdW8d/6X4fiukqm/990HH+u75oNTKU515anfOVk4uXamk2tr0cESeivDfLb7aec2b53kq3Y+3zv2zLym/NBfN63B/e+/hjpqvN6rO0ud2DmxGvdZz/Juv9n3To/+z5ON9jGcfSO693O7Z1+5+vlZ8j3ujY/49WtJLN1yfHVq+HsdZVsdHft4793q38nW5/1v8HNm//SNK+Xtt4+jJ+2vdv2u3Ydq//Pcnnq+k9+b5r1WZzfjxiT/LJxv0Tjx7byrfOz9p/4vjm41+n639/RHzRY/tvHb3V9dRB6P/pp+r/p0/c+/jLH7uV31v/v72aOpHv6WX867WCz/LcAQAAAAAAwKApRcShSEqV9XSpVKmsvb/jaBwo1eqN5smL9YXL07H6WdmRKJdaK92H294PMZ6/H7aVn3giPxkRRyLiu6H9q/nKVL02vdONBwAAAAAAAAAAAAAAAAAAgAFxsMvn/zN/DO107YDnzld+Q3FtGf/9+KYnYCD5/w/FJf6huMQ/FJf4h+IS/1Bc4h+KS/xDcYl/AAAAAAAAAAAAAAAAAAAAAAAAAAAA6Kvz585l28ryw+tTWX766uLCbP3qqem0MVuZW5iqTNXnr1Rm6vWZWlqZqs9t9fdq9fqV8YlYuDbWTBvNscbi0oW5+sLl5oVLc9WZ9EJafiGtAgAAAAAAAAAAAAAAAAAAgN2lsbg0W63V0vldmChHxABUo+CJ4cGohkSfEzs9MgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAI/8FAAD//1NGNt8=") r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da07000000000001090224000100000000090400000903000000092100000001222200090581"], 0x0) syz_usb_ep_write(r0, 0x81, 0x0, 0x0) 899.49852ms ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='ext4_drop_inode\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001180)={&(0x7f0000000840)='ext4_drop_inode\x00', r3}, 0x10) unlink(&(0x7f0000000000)='./cgroup\x00') 886.971022ms ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0x42400) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0x40001) 787.493198ms ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000080007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10) timer_create(0x0, 0x0, &(0x7f0000000000)) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r2}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) 776.824499ms ago: executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000008000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000380)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0/../file0\x00', &(0x7f0000000100)='tmpfs\x00', 0x0, 0x0) ioprio_get$uid(0x3, 0x0) syz_mount_image$fuse(&(0x7f0000000340), &(0x7f0000000480)='./bus\x00', 0x80000, &(0x7f0000000880)={{}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0x1c00}}], [{@dont_hash}, {@uid_lt}, {@subj_role={'subj_role', 0x3d, 'tmpfs\x00'}}, {@subj_type={'subj_type', 0x3d, 'debug_want_extra_isize'}}, {@hash}, {@dont_measure}, {@func={'func', 0x3d, 'MODULE_CHECK'}}, {@fsuuid={'fsuuid', 0x3d, {[0x65, 0x0, 0x65, 0x30, 0x66, 0x66, 0x61, 0x63], 0x2d, [0x31, 0x65, 0x31, 0x31], 0x2d, [0x66, 0x39, 0x38, 0x39], 0x2d, [0x64, 0x35, 0x30], 0x2d, [0x65, 0x33, 0x33, 0x31, 0x61, 0x32, 0x35, 0x64]}}}]}}, 0x0, 0x0, &(0x7f0000000580)="be236ca1d890f11e15a95f1f3fc7c54dc59de372bbb777701f9cb354189a66b6efff6fbc9119e200a09e878a0b4c73f95bb318284ce90096457648a6a07e") syz_mount_image$fuse(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x104421, &(0x7f00000005c0)=ANY=[], 0x0, 0x0, 0x0) r5 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', &(0x7f0000000080), 0x18) utimensat(r5, 0x0, 0x0, 0x0) r6 = socket$inet6(0xa, 0x800000000000002, 0x0) getsockopt$inet6_mreq(r6, 0x29, 0x14, &(0x7f0000002a80)={@empty}, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r6, 0x89f1, &(0x7f0000004700)={'syztnl1\x00', 0x0}) sendmmsg$inet(r1, &(0x7f0000004800)=[{{&(0x7f0000000440)={0x2, 0x0, @private}, 0x10, 0x0}}, {{&(0x7f0000000700)={0x2, 0x4e20, @empty}, 0x10, &(0x7f0000001040)=[{&(0x7f0000000ec0)}, {0x0}, {&(0x7f0000000fc0)="a210772562342c75e14ccd212549236908ac56628af6cebaea193e7db90b4e843ca367434eb6071fd528c037f9fc2d083b1c756b2cbb84d5ff665e10df5766532eadcfdf98cc947dd1bc93cea0bba17136207f3e3f036e2da64916485513a5400397e0f482efdc6fa78a2489b208a52626e940d07462f7", 0x77}], 0x3}}, {{0x0, 0x0, &(0x7f0000002800)=[{0x0}, {&(0x7f00000023c0)="1113208eb7d2a21913f6250bff25795aa81d286522a84e39b54dc33befd59de59afb00024c53847c21e1ea52171a7390f11c0661382d4796c9d4472889dc2f53dc8523d2a06939d553ae445c01a03338ca5bdc", 0x53}, {0x0}, {0x0}, {&(0x7f0000002780)}], 0x5, &(0x7f0000004b40)=[@ip_retopts={{0x40, 0x0, 0x7, {[@noop, @end, @timestamp_addr={0x44, 0x24, 0x23, 0x1, 0x6, [{@rand_addr=0x64010100, 0x8}, {@local}, {@loopback}, {@initdev={0xac, 0x1e, 0x0, 0x0}}]}, @timestamp={0x44, 0x8, 0x0, 0x0, 0xe, [0x5]}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x1f}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @multicast1, @private}}}, @ip_retopts={{0x18, 0x0, 0x7, {[@generic={0x83, 0x6, "856301c4"}]}}}, @ip_retopts={{0x48, 0x0, 0x7, {[@cipso={0x86, 0x1a, 0x0, [{0x2, 0x9, "48aac51c7682d6"}, {0x0, 0x2}, {0x1, 0x9, "4e2d80f25d03ea"}]}, @cipso={0x86, 0x8, 0x3, [{0x0, 0x2}]}, @ssrr={0x89, 0x13, 0x0, [@local, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty]}]}}}, @ip_tos_u8={{0x11}}], 0xf0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000003fc0)="4a1c76c77fc9996b3d80dba805f9b532d7229ad0a2e435718a5f41f78b11fe2997c4efc32c31f9681fc19efd3a2546c50037fc6040fc732b83ecebfb2849996e1a4987e1db9df0782482b33fbca57b6932e9e9f82cc286218c39802694d67a611f37608f1afffe7d902218823952634e04040d0f887eb44cb6a752b5faa451b5d9ccf367349207aefe825b138083150c6e0419dd7cf564e418133a16a1e8c72a5bad5cd19b2f2f01e676686fe6f455a41e607f79791e42e9d9ea24d866a32871291b453f2243e921c5f470a6d9d9eeb9cba8b1a62237e7aa0e6d538e57b7527bd3781963c7a292a283b1", 0xea}, {&(0x7f00000040c0)='g', 0x1}], 0x2, &(0x7f0000004180)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x4}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x5}}, @ip_ttl={{0x14, 0x0, 0x2, 0x8}}], 0x48}}, {{&(0x7f0000004200)={0x2, 0x4e23, @remote}, 0x10, &(0x7f00000045c0)=[{&(0x7f00000043c0)="99a0a80d8749f4f8b4f77f530681caac2c4249eff603f8b3c3", 0x19}, {0x0}], 0x2}}], 0x6, 0x40000) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f00000003c0)={0x1}, 0x8) sendto$inet6(r6, 0x0, 0x5cb, 0x1, &(0x7f0000000400)={0xa, 0x4e23, 0x0, @mcast1}, 0x1c) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x10e, &(0x7f0000000280)={[{@errors_remount}, {@nodelalloc}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x10000}}, {@block_validity}, {@quota}]}, 0x3, 0x44d, &(0x7f0000000a40)="$eJzs28tvG8UfAPDvrpP219cvoZRHH0CgICIeSZMW6IEDIJA4gITEpRxDklalboOaINGqgoBQOaJK3BFHJP4CTnBBwAmJK9xRpQrlQuFktPZu/IjtJsGJS/35SNvM7I498/Xs2LM73QAG1lj2TxKxNyJ+jYiRWra5wFjtz82VK7N/rVyZTaJSefOPpFruz5Urs0XR4nV78sx4GpF+ksThNvUuXrp8bqZcnr+Y5yeXzr87uXjp8tNnz8+cmT8zf2H65MkTx6eee3b6mZ7EeVfW1kMfLBw5+Opb116fPXXt7R+/Tor4W+LokbFuBx+rVHpcXX/ta0gnQ31sCBtSioisu4ar438kSlHvvJF45eO+Ng7YUpVch8PLFeAOlkS/WwD0R/FDn13/Ftv2zT7678aLtQugLO6b+VY7MhRp1C6Mhluub3tpLCJOLf/9RbbF1tyHAABo8m02/3mq3fwvjXsbyv0/XxsazddS9kfE3RFxICLuiaiWvS8i7t9g/a2LJGvnP+n1TQW2Ttn87/l8bat5/pcWRUZLeW5fNTOcnD5bnj+WfybjMbwzy091qeO7l3/5rNOxxvlftmX1F3PBvB3Xh3Y2v2ZuZmnm38Tc6MZHEYeG2sWfrK4EJBFxMCIObbKOs098daTTsdb4K0m3d3qhOduDdabKlxGP1/p/OVriLyTd1ycn/xfl+WOTxVmx1k8/X32jU/237v+tlfX/7rbn/2r8o0njeu3ixuu4+tunHa9pJjZ1/td37Mj/vj+ztHRxKmJH8lqt0Y37p+uvLfJF+Sz+8aPtx//+qH8ShyMiO4kfiIgHI+KhvO8ejohHIuJol/h/eOnRdzodux36f66l/0ebi7T0fz2xI1r3tE+Uzn3/TfM71pPr+/47UU2N53vW8/23nnZt7mwGAACA/540IvZGkk6sptN0YqL2f/gPxO60vLC49OTphfcuzNWeERiN4bS401W7H1y7HzqVX9YX+emW/PH8vvHnpV3V/MTsQnmu38HDgNvTYfxnfi/1u3XAlvO8Fgwu4x8Gl/EPg8v4h8HVZvzv6kc7gO3X7vf/w3qyMrKdjQG2Vcv4t+wHA8T1Pwwu4x8GV+P47/r8PXAnWdwVt35IXkJiTSLS26IZvUkkWzwK9vY7wI0n+v3NBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Bv/BAAA///oO+WP") 210.858957ms ago: executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000001c0)='block_plug\x00', r1}, 0x10) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000e88b0000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='block_plug\x00', r3}, 0x10) write$cgroup_type(r0, &(0x7f0000000000), 0x248800) 142.092558ms ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) 129.72479ms ago: executing program 0: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) socket$nl_route(0x10, 0x3, 0x0) getpeername$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000240)=0x14) 122.419521ms ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000bf080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000057"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r2}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 109.836513ms ago: executing program 0: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 0s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='kmem_cache_free\x00', r1}, 0x10) fspick(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0) kernel console output (not intermixed with test programs): [T11581] EXT4-fs (loop2): group descriptors corrupted! [ 433.850828][T11591] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 433.884163][T11591] exFAT-fs (loop1): error, exfat_alloc_cluster: invalid used clusters(t:15,u:4294930442) [ 433.884163][T11591] [ 433.906670][T11591] exFAT-fs (loop1): Filesystem has been set read-only [ 433.919267][T11591] exFAT-fs (loop1): error, exfat_alloc_cluster: invalid used clusters(t:15,u:4294930442) [ 433.919267][T11591] [ 433.940925][T11591] exFAT-fs (loop1): error, failed to bmap (inode : ffff88811c659660 iblock : 0, err : -5) [ 434.319361][T11615] syz-executor.2[11615] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 434.319447][T11615] syz-executor.2[11615] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 434.418195][ T8366] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 434.437999][ T1514] Bluetooth: hci0: command 0x1001 tx timeout [ 434.443931][ T47] Bluetooth: hci0: sending frame failed (-49) [ 434.687707][ T8366] usb 2-1: Using ep0 maxpacket: 32 [ 434.852772][ T8366] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 75, changing to 10 [ 434.879644][ T8366] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 33383, setting to 1024 [ 434.909676][ T8366] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 434.918560][ T8366] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 434.950827][T11624] syz-executor.2[11624] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 434.950917][T11624] syz-executor.2[11624] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 434.967397][ T8366] hub 2-1:4.0: USB hub found [ 434.995880][T11628] loop0: detected capacity change from 0 to 256 [ 435.012949][T11629] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 435.060886][T11628] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 435.262576][ T8366] hub 2-1:4.0: config failed, can't read hub descriptor (err -22) [ 435.308097][ T8366] usb 2-1: USB disconnect, device number 28 [ 436.408601][T11662] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 436.449108][T11667] loop0: detected capacity change from 0 to 256 [ 436.498045][T11667] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 436.517845][ T1514] Bluetooth: hci0: command 0x1009 tx timeout [ 436.560462][T11675] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 436.714219][T11692] loop4: detected capacity change from 0 to 512 [ 436.720972][T11694] loop0: detected capacity change from 0 to 256 [ 436.854478][T11694] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 436.967910][ T3029] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 436.990661][T11694] exFAT-fs (loop0): error, exfat_alloc_cluster: invalid used clusters(t:15,u:4294930442) [ 436.990661][T11694] [ 437.003143][T11694] exFAT-fs (loop0): Filesystem has been set read-only [ 437.010133][T11692] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 437.011283][T11694] exFAT-fs (loop0): error, exfat_alloc_cluster: invalid used clusters(t:15,u:4294930442) [ 437.011283][T11694] [ 437.021082][T11692] ext4 filesystem being mounted at /root/syzkaller-testdir3725350234/syzkaller.uIX5lo/65/bus supports timestamps until 2038 (0x7fffffff) [ 437.032983][T11694] exFAT-fs (loop0): error, failed to bmap (inode : ffff88811c65abf0 iblock : 0, err : -5) [ 437.211455][T11700] SELinux: security_context_str_to_sid() failed for (dev ?, type ?) errno=-22 [ 437.222477][T11700] SELinux: security_context_str_to_sid() failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 437.267720][ T3029] usb 2-1: Using ep0 maxpacket: 16 [ 437.387920][ T3029] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 437.399397][ T3029] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 437.412312][ T3029] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 437.421175][ T3029] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 437.429935][ T3029] usb 2-1: config 0 descriptor?? [ 437.578519][T11710] syz-executor.2[11710] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 437.578600][T11710] syz-executor.2[11710] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 437.746011][T11722] loop2: detected capacity change from 0 to 8192 [ 437.809736][T11722] loop2: p1 p2 p4 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 [ 437.877814][ T7969] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 437.968936][ T3029] microsoft 0003:045E:07DA.0039: unknown main item tag 0x0 [ 437.979584][ T3029] microsoft 0003:045E:07DA.0039: unknown main item tag 0x0 [ 437.986667][ T3029] microsoft 0003:045E:07DA.0039: unknown main item tag 0x0 [ 437.993742][ T3029] microsoft 0003:045E:07DA.0039: unknown main item tag 0x0 [ 438.000722][ T3029] microsoft 0003:045E:07DA.0039: unknown main item tag 0x0 [ 438.007776][ T3029] microsoft 0003:045E:07DA.0039: unknown main item tag 0x0 [ 438.014725][ T3029] microsoft 0003:045E:07DA.0039: unknown main item tag 0x0 [ 438.021787][ T3029] microsoft 0003:045E:07DA.0039: unknown main item tag 0x0 [ 438.028903][ T3029] microsoft 0003:045E:07DA.0039: unknown main item tag 0x0 [ 438.035993][ T3029] microsoft 0003:045E:07DA.0039: unknown main item tag 0x0 [ 438.045753][ T3029] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0039/input/input47 [ 438.129558][ T3029] microsoft 0003:045E:07DA.0039: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 438.407673][ T3029] usb 2-1: USB disconnect, device number 29 [ 438.547826][ T7969] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 438.558567][ T7969] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 438.568111][ T7969] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 438.576973][ T7969] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 438.585356][ T7969] usb 5-1: config 0 descriptor?? [ 439.067529][T11736] loop1: detected capacity change from 0 to 512 [ 439.074374][ T7969] keytouch 0003:0926:3333.003A: fixing up Keytouch IEC report descriptor [ 439.084169][ T7969] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.003A/input/input48 [ 439.109777][T11736] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 439.120718][T11736] ext4 filesystem being mounted at /root/syzkaller-testdir1139905446/syzkaller.kOPMe2/172/bus supports timestamps until 2038 (0x7fffffff) [ 439.203722][ T7969] keytouch 0003:0926:3333.003A: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 439.279570][ T407] usb 5-1: USB disconnect, device number 33 [ 439.330416][T11751] SELinux: security_context_str_to_sid() failed for (dev ?, type ?) errno=-22 [ 439.347785][T11751] SELinux: security_context_str_to_sid() failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 439.850311][ T30] kauditd_printk_skb: 2295 callbacks suppressed [ 439.850327][ T30] audit: type=1400 audit(2000000812.097:5610): avc: denied { connect } for pid=11755 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 441.108433][T11793] loop4: detected capacity change from 0 to 512 [ 441.134586][T11773] loop0: detected capacity change from 0 to 40427 [ 441.160131][T11773] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 441.167752][T11773] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 441.170774][T11793] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 441.177225][T11773] F2FS-fs (loop0): invalid crc value [ 441.186744][T11793] ext4 filesystem being mounted at /root/syzkaller-testdir3725350234/syzkaller.uIX5lo/72/bus supports timestamps until 2038 (0x7fffffff) [ 441.193593][T11773] F2FS-fs (loop0): Found nat_bits in checkpoint [ 441.250373][T11773] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 441.257400][T11773] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 441.283168][ T9627] attempt to access beyond end of device [ 441.283168][ T9627] loop0: rw=2049, want=45104, limit=40427 [ 441.347754][ T1514] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 441.401878][T11803] SELinux: security_context_str_to_sid() failed for (dev ?, type ?) errno=-22 [ 441.427639][T11803] SELinux: security_context_str_to_sid() failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 441.528073][T11809] loop0: detected capacity change from 0 to 256 [ 441.707757][ T1514] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 441.727693][ T1514] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 441.737456][ T1514] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 441.758261][ T1514] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 441.766910][ T1514] usb 3-1: config 0 descriptor?? [ 442.624643][ T1514] keytouch 0003:0926:3333.003B: fixing up Keytouch IEC report descriptor [ 442.634849][ T1514] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.003B/input/input49 [ 442.709315][ T1514] keytouch 0003:0926:3333.003B: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 442.797883][ T3029] usb 3-1: USB disconnect, device number 35 [ 442.863935][T11826] bridge0: port 1(bridge_slave_0) entered blocking state [ 442.864559][T11832] loop1: detected capacity change from 0 to 512 [ 442.870917][T11826] bridge0: port 1(bridge_slave_0) entered disabled state [ 442.884874][T11826] device bridge_slave_0 entered promiscuous mode [ 442.892098][T11826] bridge0: port 2(bridge_slave_1) entered blocking state [ 442.899310][T11826] bridge0: port 2(bridge_slave_1) entered disabled state [ 442.906665][T11826] device bridge_slave_1 entered promiscuous mode [ 442.939011][T11832] EXT4-fs (loop1): Mount option "nouser_xattr" will be removed by 3.5 [ 442.939011][T11832] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 442.939011][T11832] [ 442.981336][T11832] EXT4-fs error (device loop1): ext4_do_update_inode:5191: inode #3: comm syz-executor.1: corrupted inode contents [ 443.001469][T11832] EXT4-fs (loop1): Remounting filesystem read-only [ 443.008070][T11832] EXT4-fs error (device loop1): ext4_dirty_inode:6024: inode #3: comm syz-executor.1: mark_inode_dirty error [ 443.019992][T11832] EXT4-fs error (device loop1): ext4_do_update_inode:5191: inode #3: comm syz-executor.1: corrupted inode contents [ 443.032225][T11832] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #3: comm syz-executor.1: mark_inode_dirty error [ 443.043945][T11832] Quota error (device loop1): write_blk: dquota write failed [ 443.051330][T11832] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 443.061196][T11832] EXT4-fs (loop1): 1 truncate cleaned up [ 443.064235][T11826] bridge0: port 2(bridge_slave_1) entered blocking state [ 443.066651][T11832] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,nouser_xattr,. Quota mode: writeback. [ 443.073525][T11826] bridge0: port 2(bridge_slave_1) entered forwarding state [ 443.073636][T11826] bridge0: port 1(bridge_slave_0) entered blocking state [ 443.099697][T11826] bridge0: port 1(bridge_slave_0) entered forwarding state [ 443.106900][T11832] ext4 filesystem being mounted at /root/syzkaller-testdir1139905446/syzkaller.kOPMe2/179/file1 supports timestamps until 2038 (0x7fffffff) [ 443.148652][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 443.156493][ T3029] bridge0: port 1(bridge_slave_0) entered disabled state [ 443.164913][ T3029] bridge0: port 2(bridge_slave_1) entered disabled state [ 443.168183][T11834] loop4: detected capacity change from 0 to 40427 [ 443.191424][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 443.199460][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 443.206281][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 443.213743][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 443.222421][T11834] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 443.222442][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 443.230012][T11834] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 443.236829][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 443.246452][T11834] F2FS-fs (loop4): invalid crc value [ 443.252262][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 443.258837][T11834] F2FS-fs (loop4): Found nat_bits in checkpoint [ 443.265088][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 443.293245][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 443.304614][T11826] device veth0_vlan entered promiscuous mode [ 443.305986][T11834] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 443.311003][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 443.317394][T11834] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 443.333961][T11826] device veth1_macvtap entered promiscuous mode [ 443.341582][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 443.350673][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 443.358151][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 443.365528][T10363] attempt to access beyond end of device [ 443.365528][T10363] loop4: rw=2049, want=45104, limit=40427 [ 443.378160][ T1514] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 443.386860][ T1514] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 443.418501][ T45] device bridge_slave_1 left promiscuous mode [ 443.430991][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 443.438236][ T6] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 443.447875][ T45] device bridge_slave_0 left promiscuous mode [ 443.455231][T11847] syz-executor.2[11847] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 443.455307][T11847] syz-executor.2[11847] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 443.455331][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 443.488198][ T45] device veth1_macvtap left promiscuous mode [ 443.813263][T11869] syz-executor.2[11869] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 443.813600][T11869] syz-executor.2[11869] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 444.038442][ T1514] Bluetooth: hci0: command 0x1003 tx timeout [ 444.055974][ T47] Bluetooth: hci0: sending frame failed (-49) [ 444.077924][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 444.089244][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 444.102065][ T6] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 444.114787][ T6] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 444.128431][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 444.137340][ T6] usb 2-1: config 0 descriptor?? [ 444.157866][T11832] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 444.207773][ T1514] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 444.558467][T11875] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 444.567841][ T1514] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 444.578784][ T1514] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 444.588386][ T1514] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 444.597277][ T1514] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 444.605987][ T1514] usb 5-1: config 0 descriptor?? [ 444.618399][ T6] plantronics 0003:047F:FFFF.003C: unknown main item tag 0x0 [ 444.625673][ T6] plantronics 0003:047F:FFFF.003C: unknown main item tag 0x0 [ 444.632970][ T6] plantronics 0003:047F:FFFF.003C: unknown main item tag 0x0 [ 444.640232][ T6] plantronics 0003:047F:FFFF.003C: unknown main item tag 0x0 [ 444.647377][ T6] plantronics 0003:047F:FFFF.003C: unknown main item tag 0x0 [ 444.655455][ T6] plantronics 0003:047F:FFFF.003C: unknown main item tag 0x0 [ 444.662964][ T6] plantronics 0003:047F:FFFF.003C: unknown main item tag 0x0 [ 444.670473][ T6] plantronics 0003:047F:FFFF.003C: No inputs registered, leaving [ 444.679258][ T6] plantronics 0003:047F:FFFF.003C: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 444.702013][T11881] 9pnet: p9_errstr2errno: server reported unknown error õ1 g;-‡~ [ 445.024254][T11895] syz-executor.2[11895] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 445.024627][T11895] syz-executor.2[11895] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 445.214672][ T1514] keytouch 0003:0926:3333.003D: fixing up Keytouch IEC report descriptor [ 445.235586][ T1514] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.003D/input/input50 [ 445.309572][ T1514] keytouch 0003:0926:3333.003D: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 445.413528][ T1401] usb 5-1: USB disconnect, device number 34 [ 445.779410][T11902] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 446.143572][T11924] syz-executor.4[11924] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 446.143904][T11924] syz-executor.4[11924] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 446.317128][ T407] Bluetooth: hci0: command 0x1001 tx timeout [ 446.334691][ T47] Bluetooth: hci0: sending frame failed (-49) [ 446.473189][T11930] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 446.751850][T11947] loop2: detected capacity change from 0 to 128 [ 446.810960][T11947] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 446.829194][T11947] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 446.838526][ T1514] usb 2-1: reset high-speed USB device number 30 using dummy_hcd [ 446.919338][T11959] syz-executor.2[11959] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 446.919392][T11959] syz-executor.2[11959] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 447.117817][ T1514] usb 2-1: device firmware changed [ 447.136493][ T1401] usb 2-1: USB disconnect, device number 30 [ 447.274235][T11977] loop2: detected capacity change from 0 to 40427 [ 447.287501][T11984] input: syz1 as /devices/virtual/input/input51 [ 447.307716][ T1401] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 447.310955][T11977] F2FS-fs (loop2): invalid crc value [ 447.325347][T11977] F2FS-fs (loop2): Found nat_bits in checkpoint [ 447.365024][T11977] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 447.717958][ T1401] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 447.780226][ T1401] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 447.789864][ T1401] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 447.798817][ T1401] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.807143][ T1401] usb 2-1: config 0 descriptor?? [ 447.880647][T12009] loop4: detected capacity change from 0 to 1024 [ 447.919298][T12009] EXT4-fs (loop4): Ignoring removed orlov option [ 447.929513][T12009] EXT4-fs (loop4): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000001000,data_err=abort,barrier=0x0000000000000002,jqfmt=vfsv1,block_validity,max_dir_size_kb=0x00000000000007b1,orlov,bsdgroups,max_batch_time=0x0000000000000400,user_xattr,quota,,errors=continue. Quota mode: writeback. [ 448.035707][T11489] attempt to access beyond end of device [ 448.035707][T11489] loop2: rw=2049, want=45112, limit=40427 [ 448.060356][ T30] audit: type=1400 audit(2000000820.307:5611): avc: denied { unmount } for pid=10363 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 448.262150][T12022] bridge0: port 1(bridge_slave_0) entered blocking state [ 448.269228][T12022] bridge0: port 1(bridge_slave_0) entered disabled state [ 448.276694][T12022] device bridge_slave_0 entered promiscuous mode [ 448.283714][T12022] bridge0: port 2(bridge_slave_1) entered blocking state [ 448.290633][T12022] bridge0: port 2(bridge_slave_1) entered disabled state [ 448.297980][T12022] device bridge_slave_1 entered promiscuous mode [ 448.297997][ T1401] hid (null): bogus close delimiter [ 448.355869][T12022] bridge0: port 2(bridge_slave_1) entered blocking state [ 448.357916][ T7969] Bluetooth: hci0: command 0x1009 tx timeout [ 448.362742][T12022] bridge0: port 2(bridge_slave_1) entered forwarding state [ 448.362844][T12022] bridge0: port 1(bridge_slave_0) entered blocking state [ 448.382432][T12022] bridge0: port 1(bridge_slave_0) entered forwarding state [ 448.408299][ T407] bridge0: port 1(bridge_slave_0) entered disabled state [ 448.415433][ T407] bridge0: port 2(bridge_slave_1) entered disabled state [ 448.423149][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 448.430501][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 448.440592][ T8026] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 448.448842][ T8026] bridge0: port 1(bridge_slave_0) entered blocking state [ 448.455689][ T8026] bridge0: port 1(bridge_slave_0) entered forwarding state [ 448.474267][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 448.482399][ T3029] bridge0: port 2(bridge_slave_1) entered blocking state [ 448.489274][ T3029] bridge0: port 2(bridge_slave_1) entered forwarding state [ 448.496735][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 448.510776][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 448.525409][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 448.533445][ T1401] usb 2-1: language id specifier not provided by device, defaulting to English [ 448.546626][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 448.554864][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 448.562499][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 448.570831][T12022] device veth0_vlan entered promiscuous mode [ 448.582034][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 448.592342][T12022] device veth1_macvtap entered promiscuous mode [ 448.602713][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 448.613381][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 448.666759][T12036] loop4: detected capacity change from 0 to 256 [ 448.959415][ T1401] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.003E/input/input52 [ 448.972305][ T1401] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.003E/input/input53 [ 448.985144][ T1401] uclogic 0003:256C:006D.003E: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.1-1/input0 [ 448.996777][ T42] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 449.088351][ T429] device bridge_slave_1 left promiscuous mode [ 449.094485][ T429] bridge0: port 2(bridge_slave_1) entered disabled state [ 449.102200][ T429] device bridge_slave_0 left promiscuous mode [ 449.108327][ T429] bridge0: port 1(bridge_slave_0) entered disabled state [ 449.116263][ T429] device veth1_macvtap left promiscuous mode [ 449.122212][ T429] device veth0_vlan left promiscuous mode [ 449.165352][ T1514] usb 2-1: USB disconnect, device number 31 [ 449.238201][ T42] usb 5-1: Using ep0 maxpacket: 8 [ 449.427851][ T42] usb 5-1: unable to get BOS descriptor or descriptor too short [ 449.489955][T12040] loop2: detected capacity change from 0 to 512 [ 449.507830][ T42] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 449.516472][ T42] usb 5-1: config 1 has an invalid descriptor of length 53, skipping remainder of the config [ 449.526649][ T42] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 449.535494][ T42] usb 5-1: config 1 has no interface number 1 [ 449.543543][T12040] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 449.553312][ T42] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 449.567453][ T42] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x2 has an invalid bInterval 52, changing to 7 [ 449.592281][T12040] EXT4-fs (loop2): 1 orphan inode deleted [ 449.607679][ T42] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x2 has invalid maxpacket 9272, setting to 1024 [ 449.618570][T12040] EXT4-fs (loop2): 1 truncate cleaned up [ 449.624041][T12040] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000000010000,block_validity,quota,. Quota mode: writeback. [ 449.694543][ T30] audit: type=1400 audit(2000000821.937:5612): avc: denied { mount } for pid=12044 comm="syz-executor.1" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 449.727932][ T30] audit: type=1326 audit(2000000821.967:5613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12044 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb71b4a9f29 code=0x7ffc0000 [ 449.752189][ T30] audit: type=1326 audit(2000000821.967:5614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12044 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb71b4a9f29 code=0x7ffc0000 [ 449.762806][T12043] loop0: detected capacity change from 0 to 40427 [ 449.782546][ T30] audit: type=1326 audit(2000000821.967:5615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12044 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb71b4a9f29 code=0x7ffc0000 [ 449.806835][ T30] audit: type=1326 audit(2000000821.967:5616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12044 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb71b4a9f29 code=0x7ffc0000 [ 449.830904][ T30] audit: type=1326 audit(2000000821.967:5617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12044 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb71b4a9f29 code=0x7ffc0000 [ 449.854957][ T30] audit: type=1326 audit(2000000821.967:5618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12044 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fb71b4a76a7 code=0x7ffc0000 [ 449.858045][ T42] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 449.880954][ T30] audit: type=1326 audit(2000000821.967:5619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12044 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fb71b46d379 code=0x7ffc0000 [ 449.911560][ T42] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.912350][ T30] audit: type=1326 audit(2000000821.967:5620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12044 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb71b4a9f29 code=0x7ffc0000 [ 449.930736][ T42] usb 5-1: Product: syz [ 449.943923][T12043] F2FS-fs (loop0): invalid crc value [ 449.948451][ T42] usb 5-1: Manufacturer: syz [ 449.954152][T12043] F2FS-fs (loop0): Found nat_bits in checkpoint [ 449.960114][ T42] usb 5-1: SerialNumber: syz [ 450.003050][T12043] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 450.329304][ T42] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor [ 450.359292][ T42] usb 5-1: 2:1 : unknown format tag 0x5 is detected. processed as MPEG. [ 450.450832][ T42] usb 5-1: found format II with max.bitrate = 0, frame size=39301 [ 450.458688][ T42] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor [ 450.466384][ T42] usb 5-1: 2:1 : unknown format tag 0x5 is detected. processed as MPEG. [ 450.474804][ T42] usb 5-1: found format II with max.bitrate = 0, frame size=39301 [ 450.492323][T11826] attempt to access beyond end of device [ 450.492323][T11826] loop0: rw=2049, want=45112, limit=40427 [ 450.549913][ T42] usb 5-1: USB disconnect, device number 35 [ 451.200486][T12098] loop2: detected capacity change from 0 to 40427 [ 451.239602][T12098] F2FS-fs (loop2): invalid crc value [ 451.248693][T12098] F2FS-fs (loop2): Found nat_bits in checkpoint [ 451.270212][T12103] loop4: detected capacity change from 0 to 512 [ 451.304363][T12098] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 451.308284][T12103] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 451.324201][T12103] EXT4-fs (loop4): 1 orphan inode deleted [ 451.329941][T12103] EXT4-fs (loop4): 1 truncate cleaned up [ 451.335578][T12103] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000000010000,block_validity,quota,. Quota mode: writeback. [ 451.824987][T12112] syz-executor.0[12112] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 451.825059][T12112] syz-executor.0[12112] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 451.843673][T12114] loop1: detected capacity change from 0 to 256 [ 451.866660][T12116] loop0: detected capacity change from 0 to 128 [ 451.900116][T12116] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 451.910628][T12116] ext4 filesystem being mounted at /root/syzkaller-testdir4198883534/syzkaller.85apT3/9/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 452.000715][T11489] attempt to access beyond end of device [ 452.000715][T11489] loop2: rw=2049, want=45112, limit=40427 [ 452.170207][T12129] loop4: detected capacity change from 0 to 256 [ 452.477699][ T1514] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 452.717721][ T1514] usb 5-1: Using ep0 maxpacket: 8 [ 452.738872][T12148] loop1: detected capacity change from 0 to 1024 [ 452.768567][T12148] EXT4-fs (loop1): Ignoring removed orlov option [ 452.779419][T12148] EXT4-fs (loop1): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000001000,data_err=abort,barrier=0x0000000000000002,jqfmt=vfsv1,block_validity,max_dir_size_kb=0x00000000000007b1,orlov,bsdgroups,max_batch_time=0x0000000000000400,user_xattr,quota,,errors=continue. Quota mode: writeback. [ 452.830347][T12152] loop3: detected capacity change from 0 to 512 [ 452.888138][ T1514] usb 5-1: unable to get BOS descriptor or descriptor too short [ 452.909894][T12152] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 452.936812][T12152] EXT4-fs (loop3): 1 orphan inode deleted [ 452.947887][T12152] EXT4-fs (loop3): 1 truncate cleaned up [ 452.953954][T12152] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000000010000,block_validity,quota,. Quota mode: writeback. [ 452.987813][ T1514] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 452.996421][ T1514] usb 5-1: config 1 has an invalid descriptor of length 53, skipping remainder of the config [ 453.006550][ T1514] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 453.015409][ T1514] usb 5-1: config 1 has no interface number 1 [ 453.021344][ T1514] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 453.054310][ T1514] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x2 has an invalid bInterval 52, changing to 7 [ 453.072020][ T1514] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x2 has invalid maxpacket 9272, setting to 1024 [ 453.248342][ T1514] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 453.273161][ T1514] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.283362][T12168] bridge0: port 1(bridge_slave_0) entered blocking state [ 453.290285][ T1514] usb 5-1: Product: syz [ 453.294298][T12168] bridge0: port 1(bridge_slave_0) entered disabled state [ 453.301145][ T1514] usb 5-1: Manufacturer: syz [ 453.305564][ T1514] usb 5-1: SerialNumber: syz [ 453.310745][T12168] device bridge_slave_0 entered promiscuous mode [ 453.321815][T12168] bridge0: port 2(bridge_slave_1) entered blocking state [ 453.330677][T12168] bridge0: port 2(bridge_slave_1) entered disabled state [ 453.338209][T12168] device bridge_slave_1 entered promiscuous mode [ 453.426216][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 453.426249][ T30] audit: type=1326 audit(2000000825.667:5634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12178 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96691e9f29 code=0x7ffc0000 [ 453.468795][ T30] audit: type=1326 audit(2000000825.707:5635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12178 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96691e9f29 code=0x7ffc0000 [ 453.493824][ T30] audit: type=1326 audit(2000000825.707:5636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12178 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f96691e9f29 code=0x7ffc0000 [ 453.517986][ T30] audit: type=1326 audit(2000000825.707:5637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12178 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96691e9f29 code=0x7ffc0000 [ 453.541923][ T30] audit: type=1326 audit(2000000825.707:5638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12178 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96691e9f29 code=0x7ffc0000 [ 453.566229][ T30] audit: type=1326 audit(2000000825.707:5639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12178 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f96691e9f29 code=0x7ffc0000 [ 453.590359][ T30] audit: type=1326 audit(2000000825.707:5640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12178 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96691e9f29 code=0x7ffc0000 [ 453.614366][ T30] audit: type=1326 audit(2000000825.707:5641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12178 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96691e9f29 code=0x7ffc0000 [ 453.657843][ T1514] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor [ 453.666061][ T1514] usb 5-1: 2:1 : unknown format tag 0x5 is detected. processed as MPEG. [ 453.666496][ T45] device bridge_slave_1 left promiscuous mode [ 453.680926][ T1514] usb 5-1: found format II with max.bitrate = 0, frame size=39301 [ 453.688872][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 453.696239][ T1514] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor [ 453.706831][ T45] device bridge_slave_0 left promiscuous mode [ 453.708948][ T1514] usb 5-1: 2:1 : unknown format tag 0x5 is detected. processed as MPEG. [ 453.713840][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 453.721906][ T1514] usb 5-1: found format II with max.bitrate = 0, frame size=39301 [ 453.745283][ T45] device veth1_macvtap left promiscuous mode [ 453.830273][ T1514] usb 5-1: USB disconnect, device number 36 [ 453.972647][ T1401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 453.980169][ T1401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 453.990387][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 453.999267][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 454.007499][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 454.014351][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 454.074913][T12217] syz-executor.0[12217] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 454.075211][T12217] syz-executor.0[12217] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 454.320077][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 454.346393][ T1401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 454.359999][T12220] loop2: detected capacity change from 0 to 512 [ 454.366514][ T1401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 454.375066][ T1401] bridge0: port 2(bridge_slave_1) entered blocking state [ 454.381940][ T1401] bridge0: port 2(bridge_slave_1) entered forwarding state [ 454.398301][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 454.406509][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 454.417228][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 454.429111][T12220] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 454.441143][T12220] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 454.456730][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 454.457303][T12220] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended [ 454.488200][T12220] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 454.498164][T12220] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.2: corrupted in-inode xattr [ 454.510630][T12220] EXT4-fs (loop2): Remounting filesystem read-only [ 454.515163][T12236] loop3: detected capacity change from 0 to 256 [ 454.517048][T12220] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz-executor.2: couldn't read orphan inode 15 (err -117) [ 454.535770][T12220] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,abort,init_itable,auto_da_alloc,grpjquota=.nouid32,errors=remount-ro,jqfmt=vfsv1,grpid,,. Quota mode: writeback. [ 454.559960][T12168] device veth0_vlan entered promiscuous mode [ 454.560047][T12220] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 454.574904][T12168] device veth1_macvtap entered promiscuous mode [ 454.597531][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 454.598374][T12220] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 454.606540][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 454.628301][T12236] attempt to access beyond end of device [ 454.628301][T12236] loop3: rw=2049, want=268, limit=256 [ 454.630793][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 454.647372][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 454.655034][T12220] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended [ 454.669055][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 454.669329][T12220] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 454.677376][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 454.688990][T12220] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 454.707135][T12220] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended [ 454.722191][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 454.722191][T12220] EXT4-fs error (device loop2): ext4_find_dest_de:2112: inode #2: block 3: comm syz-executor.2: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 454.729613][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 454.769504][T12220] EXT4-fs (loop2): Remounting filesystem read-only [ 454.808807][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 454.818767][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 454.827012][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 454.835170][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 454.889828][T12253] loop2: detected capacity change from 0 to 256 [ 454.956964][T12275] loop4: detected capacity change from 0 to 512 [ 454.991912][T12275] EXT4-fs warning (device loop4): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 455.003777][T12275] EXT4-fs warning (device loop4): dx_probe:880: Enable large directory feature to access it [ 455.013808][T12275] EXT4-fs warning (device loop4): dx_probe:965: inode #2: comm syz-executor.4: Corrupt directory, running e2fsck is recommended [ 455.014045][T12275] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -2 [ 455.035130][T12275] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.4: corrupted in-inode xattr [ 455.049725][T12275] EXT4-fs (loop4): Remounting filesystem read-only [ 455.056086][T12275] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz-executor.4: couldn't read orphan inode 15 (err -117) [ 455.068545][T12275] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,abort,init_itable,auto_da_alloc,grpjquota=.nouid32,errors=remount-ro,jqfmt=vfsv1,grpid,,. Quota mode: writeback. [ 455.096753][T12275] EXT4-fs warning (device loop4): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 455.108371][T12275] EXT4-fs warning (device loop4): dx_probe:880: Enable large directory feature to access it [ 455.119081][T12275] EXT4-fs warning (device loop4): dx_probe:965: inode #2: comm syz-executor.4: Corrupt directory, running e2fsck is recommended [ 455.132356][T12275] EXT4-fs warning (device loop4): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 455.143722][T12275] EXT4-fs warning (device loop4): dx_probe:880: Enable large directory feature to access it [ 455.153822][T12275] EXT4-fs warning (device loop4): dx_probe:965: inode #2: comm syz-executor.4: Corrupt directory, running e2fsck is recommended [ 455.167874][T12275] EXT4-fs error (device loop4): ext4_find_dest_de:2112: inode #2: block 3: comm syz-executor.4: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 455.178510][T12284] loop0: detected capacity change from 0 to 256 [ 455.193376][T12275] EXT4-fs (loop4): Remounting filesystem read-only [ 455.216701][T12286] loop3: detected capacity change from 0 to 1024 [ 455.237922][ T3029] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 455.250342][T12286] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 455.270048][T12286] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,bsddf,barrier=0x0000000000000000,jqfmt=vfsv1,debug_want_extra_isize=0x0000000000000042,lazytime,nodelalloc,noblock_validity,nomblk_io_submit,,errors=continue. Quota mode: none. [ 455.302569][T12286] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 455.334907][T12298] loop4: detected capacity change from 0 to 512 [ 455.389996][T12298] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 455.401105][T12298] ext4 filesystem being mounted at /root/syzkaller-testdir1323198381/syzkaller.bxygH5/21/bus supports timestamps until 2038 (0x7fffffff) [ 455.497804][ T3029] usb 3-1: Using ep0 maxpacket: 8 [ 455.602149][T12316] SELinux: security_context_str_to_sid() failed for (dev ?, type ?) errno=-22 [ 455.613424][T12316] SELinux: security_context_str_to_sid() failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 455.678066][ T3029] usb 3-1: unable to get BOS descriptor or descriptor too short [ 455.767873][ T3029] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 455.776530][ T3029] usb 3-1: config 1 has an invalid descriptor of length 53, skipping remainder of the config [ 455.786965][ T3029] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 455.795857][ T3029] usb 3-1: config 1 has no interface number 1 [ 455.802003][ T3029] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 455.814801][ T3029] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x2 has an invalid bInterval 52, changing to 7 [ 455.825807][ T3029] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x2 has invalid maxpacket 9272, setting to 1024 [ 456.017849][ T3029] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 456.026889][ T3029] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.034730][ T3029] usb 3-1: Product: syz [ 456.038737][ T3029] usb 3-1: Manufacturer: syz [ 456.043148][ T3029] usb 3-1: SerialNumber: syz [ 456.080696][ T30] audit: type=1326 audit(2000000828.327:5642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12329 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33ff643f29 code=0x7ffc0000 [ 456.105371][ T30] audit: type=1326 audit(2000000828.327:5643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12329 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33ff643f29 code=0x7ffc0000 [ 456.130763][ T26] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 456.148578][T12334] syz-executor.0[12334] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 456.148654][T12334] syz-executor.0[12334] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 456.222365][T12338] netem: change failed [ 456.248196][T12340] loop0: detected capacity change from 0 to 512 [ 456.281271][T12340] EXT4-fs (loop0): orphan cleanup on readonly fs [ 456.288770][T12340] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 97: padding at end of block bitmap is not set [ 456.304213][T12340] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2925: inode #15: comm syz-executor.0: corrupted xattr block 19 [ 456.317038][T12340] EXT4-fs warning (device loop0): ext4_evict_inode:303: xattr delete (err -117) [ 456.326289][T12340] EXT4-fs (loop0): 1 orphan inode deleted [ 456.337919][T12340] EXT4-fs (loop0): mounted filesystem without journal. Opts: noload,,errors=continue. Quota mode: writeback. [ 456.352008][T12340] fuse: Bad value for 'fd' [ 456.387818][ T3029] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor [ 456.395564][ T3029] usb 3-1: 2:1 : unknown format tag 0x5 is detected. processed as MPEG. [ 456.403962][ T26] usb 4-1: Using ep0 maxpacket: 8 [ 456.413426][ T3029] usb 3-1: found format II with max.bitrate = 0, frame size=39301 [ 456.421136][ T3029] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor [ 456.424058][T12349] loop0: detected capacity change from 0 to 2048 [ 456.429091][ T3029] usb 3-1: 2:1 : unknown format tag 0x5 is detected. processed as MPEG. [ 456.443590][ T3029] usb 3-1: found format II with max.bitrate = 0, frame size=39301 [ 456.489348][T12349] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 456.500119][T12349] ext4 filesystem being mounted at /root/syzkaller-testdir4198883534/syzkaller.85apT3/29/file0 supports timestamps until 2038 (0x7fffffff) [ 456.529832][ T3029] usb 3-1: USB disconnect, device number 36 [ 456.547239][T12354] loop4: detected capacity change from 0 to 128 [ 456.557816][ T26] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 456.558480][T12349] kvm: pic: non byte write [ 456.566424][ T26] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 456.576848][T12349] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (122629963744 ns) > initial count (67108864 ns). Using initial count to start timer. [ 456.580830][ T26] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 456.603273][T12354] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 456.616876][T12354] ext4 filesystem being mounted at /root/syzkaller-testdir1323198381/syzkaller.bxygH5/24/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 456.877953][ T26] usb 4-1: string descriptor 0 read error: -22 [ 456.884412][ T26] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 456.893334][ T26] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.918150][ T7969] Bluetooth: hci0: command 0x1003 tx timeout [ 456.926775][ T47] Bluetooth: hci0: sending frame failed (-49) [ 456.958790][ T26] usb 4-1: 0:2 : does not exist [ 456.967094][T12360] kvm: pic: level sensitive irq not supported [ 456.967247][T12360] kvm: pic: non byte read [ 457.036002][T12365] fscrypt: AES-128-CBC-ESSIV using implementation "essiv(cbc-aes-aesni,sha256-avx2)" [ 457.170495][ T26] usb 4-1: USB disconnect, device number 38 [ 457.391195][T12375] netem: change failed [ 457.447776][ T407] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 457.525445][T12377] bridge0: port 1(bridge_slave_0) entered blocking state [ 457.532541][T12377] bridge0: port 1(bridge_slave_0) entered disabled state [ 457.539732][T12377] device bridge_slave_0 entered promiscuous mode [ 457.546789][T12377] bridge0: port 2(bridge_slave_1) entered blocking state [ 457.553757][T12377] bridge0: port 2(bridge_slave_1) entered disabled state [ 457.561516][T12377] device bridge_slave_1 entered promiscuous mode [ 457.620429][T12377] bridge0: port 2(bridge_slave_1) entered blocking state [ 457.627272][T12377] bridge0: port 2(bridge_slave_1) entered forwarding state [ 457.634409][T12377] bridge0: port 1(bridge_slave_0) entered blocking state [ 457.641178][T12377] bridge0: port 1(bridge_slave_0) entered forwarding state [ 457.667352][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 457.675049][ T26] bridge0: port 1(bridge_slave_0) entered disabled state [ 457.683515][ T26] bridge0: port 2(bridge_slave_1) entered disabled state [ 457.698584][ T1514] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 457.706724][ T1514] bridge0: port 1(bridge_slave_0) entered blocking state [ 457.709354][T12386] loop3: detected capacity change from 0 to 128 [ 457.713584][ T1514] bridge0: port 1(bridge_slave_0) entered forwarding state [ 457.726965][ T1514] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 457.735436][ T1514] bridge0: port 2(bridge_slave_1) entered blocking state [ 457.742284][ T1514] bridge0: port 2(bridge_slave_1) entered forwarding state [ 457.759430][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 457.767318][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 457.787464][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 457.800506][T12386] attempt to access beyond end of device [ 457.800506][T12386] loop3: rw=0, want=241, limit=128 [ 457.801520][ T1514] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 457.819536][ T1514] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 457.826939][ T1514] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 457.827432][ T4684] attempt to access beyond end of device [ 457.827432][ T4684] loop3: rw=1, want=1041, limit=128 [ 457.834195][ T407] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 457.857605][ T407] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 457.868342][ T407] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 457.878406][ T407] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 457.886946][T12377] device veth0_vlan entered promiscuous mode [ 457.894227][ T407] usb 3-1: config 0 descriptor?? [ 457.908385][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 457.922161][T12377] device veth1_macvtap entered promiscuous mode [ 457.934346][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 457.942851][T12390] kvm: pic: level sensitive irq not supported [ 457.942913][T12390] kvm: pic: non byte read [ 457.956752][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 457.991842][T12395] loop3: detected capacity change from 0 to 512 [ 458.008772][ T45] device bridge_slave_1 left promiscuous mode [ 458.014810][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 458.022510][ T45] device bridge_slave_0 left promiscuous mode [ 458.028654][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 458.036966][ T45] device veth1_macvtap left promiscuous mode [ 458.045371][ T45] device veth0_vlan left promiscuous mode [ 458.049084][T12395] EXT4-fs warning (device loop3): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 458.063464][T12395] EXT4-fs warning (device loop3): dx_probe:880: Enable large directory feature to access it [ 458.073475][T12395] EXT4-fs warning (device loop3): dx_probe:965: inode #2: comm syz-executor.3: Corrupt directory, running e2fsck is recommended [ 458.086733][T12395] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2 [ 458.095275][T12395] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.3: corrupted in-inode xattr [ 458.107776][T12395] EXT4-fs (loop3): Remounting filesystem read-only [ 458.114155][T12395] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz-executor.3: couldn't read orphan inode 15 (err -117) [ 458.127435][T12395] EXT4-fs (loop3): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,abort,init_itable,auto_da_alloc,grpjquota=.nouid32,errors=remount-ro,jqfmt=vfsv1,grpid,,. Quota mode: writeback. [ 458.153133][T12395] EXT4-fs warning (device loop3): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 458.165766][T12395] EXT4-fs warning (device loop3): dx_probe:880: Enable large directory feature to access it [ 458.178019][T12395] EXT4-fs warning (device loop3): dx_probe:965: inode #2: comm syz-executor.3: Corrupt directory, running e2fsck is recommended [ 458.179075][T12400] : Can't open blockdev [ 458.205158][T12395] EXT4-fs warning (device loop3): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 458.216609][T12395] EXT4-fs warning (device loop3): dx_probe:880: Enable large directory feature to access it [ 458.226717][T12395] EXT4-fs warning (device loop3): dx_probe:965: inode #2: comm syz-executor.3: Corrupt directory, running e2fsck is recommended [ 458.240279][T12395] EXT4-fs error (device loop3): ext4_find_dest_de:2112: inode #2: block 3: comm syz-executor.3: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 458.260041][T12395] EXT4-fs (loop3): Remounting filesystem read-only [ 458.328464][T12408] loop4: detected capacity change from 0 to 1024 [ 458.349764][T12408] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 458.378707][ T407] hid (null): bogus close delimiter [ 458.387594][T12408] EXT4-fs (loop4): mounted filesystem without journal. Opts: nolazytime,bsddf,barrier=0x0000000000000000,jqfmt=vfsv1,debug_want_extra_isize=0x0000000000000042,lazytime,nodelalloc,noblock_validity,nomblk_io_submit,,errors=continue. Quota mode: none. [ 458.419512][T12408] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 458.451031][T12415] loop0: detected capacity change from 0 to 256 [ 458.544297][T12425] kvm: pic: level sensitive irq not supported [ 458.544366][T12425] kvm: pic: non byte read [ 458.572617][T12428] loop4: detected capacity change from 0 to 512 [ 458.598014][ T407] usb 3-1: string descriptor 0 read error: -22 [ 458.602343][T12432] loop0: detected capacity change from 0 to 512 [ 458.611694][T12428] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 458.623379][T12428] EXT4-fs (loop4): 1 truncate cleaned up [ 458.629021][T12428] EXT4-fs (loop4): mounted filesystem without journal. Opts: init_itable,resuid=0x0000000000000000,stripe=0x0000000000000000,,errors=continue. Quota mode: none. [ 458.649221][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 458.649236][ T30] audit: type=1400 audit(2000000830.897:5647): avc: denied { setattr } for pid=12427 comm="syz-executor.4" name="file1" dev="overlay" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 458.652192][T12432] EXT4-fs warning (device loop0): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 458.655055][ T30] audit: type=1400 audit(2000000830.897:5648): avc: denied { write } for pid=12427 comm="syz-executor.4" dev="loop4" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 458.679195][T12432] EXT4-fs warning (device loop0): dx_probe:880: Enable large directory feature to access it [ 458.698754][ T30] audit: type=1400 audit(2000000830.897:5649): avc: denied { open } for pid=12427 comm="syz-executor.4" path=2F202864656C6574656429 dev="loop4" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 458.710750][T12432] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor.0: Corrupt directory, running e2fsck is recommended [ 458.720549][ T3029] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 458.745784][ T30] audit: type=1400 audit(2000000830.897:5650): avc: denied { link } for pid=12427 comm="syz-executor.4" name="#20" dev="loop4" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 458.757744][T12432] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2 [ 458.795421][T12432] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.0: corrupted in-inode xattr [ 458.807898][T12432] EXT4-fs (loop0): Remounting filesystem read-only [ 458.814308][T12432] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor.0: couldn't read orphan inode 15 (err -117) [ 458.826586][T12432] EXT4-fs (loop0): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,abort,init_itable,auto_da_alloc,grpjquota=.nouid32,errors=remount-ro,jqfmt=vfsv1,grpid,,. Quota mode: writeback. [ 458.858101][T12432] EXT4-fs warning (device loop0): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 458.869540][T12432] EXT4-fs warning (device loop0): dx_probe:880: Enable large directory feature to access it [ 458.879496][T12432] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor.0: Corrupt directory, running e2fsck is recommended [ 458.892880][T12432] EXT4-fs warning (device loop0): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 458.905443][T12432] EXT4-fs warning (device loop0): dx_probe:880: Enable large directory feature to access it [ 458.916213][T12432] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor.0: Corrupt directory, running e2fsck is recommended [ 458.929853][T12432] EXT4-fs error (device loop0): ext4_find_dest_de:2112: inode #2: block 3: comm syz-executor.0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4294967295, rec_len=17, size=1024 fake=0 [ 458.949062][T12432] EXT4-fs (loop0): Remounting filesystem read-only [ 458.959113][ T407] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.003F/input/input54 [ 458.974408][ T407] uclogic 0003:256C:006D.003F: input,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.2-1/input0 [ 458.998326][ T1514] Bluetooth: hci0: command 0x1001 tx timeout [ 459.004193][ T47] Bluetooth: hci0: sending frame failed (-49) [ 459.017708][ T3029] usb 4-1: Using ep0 maxpacket: 8 [ 459.050548][ T30] audit: type=1326 audit(2000000831.297:5651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12439 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f411c8f29 code=0x7ffc0000 [ 459.076729][ T30] audit: type=1326 audit(2000000831.297:5652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12439 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=282 compat=0 ip=0x7f5f411c8f29 code=0x7ffc0000 [ 459.101971][ T30] audit: type=1326 audit(2000000831.297:5653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12439 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f411c8f29 code=0x7ffc0000 [ 459.126196][ T30] audit: type=1326 audit(2000000831.347:5654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12439 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f411c8f29 code=0x7ffc0000 [ 459.190153][ T26] usb 3-1: USB disconnect, device number 37 [ 459.197743][ T3029] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 459.206438][ T3029] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 459.221230][ T3029] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 459.245872][T12441] bridge0: port 1(bridge_slave_0) entered blocking state [ 459.253121][T12441] bridge0: port 1(bridge_slave_0) entered disabled state [ 459.260489][T12441] device bridge_slave_0 entered promiscuous mode [ 459.267558][T12441] bridge0: port 2(bridge_slave_1) entered blocking state [ 459.274579][T12441] bridge0: port 2(bridge_slave_1) entered disabled state [ 459.282094][T12441] device bridge_slave_1 entered promiscuous mode [ 459.333412][T12454] kvm: pic: level sensitive irq not supported [ 459.333478][T12454] kvm: pic: non byte read [ 459.383783][T12441] bridge0: port 2(bridge_slave_1) entered blocking state [ 459.390683][T12441] bridge0: port 2(bridge_slave_1) entered forwarding state [ 459.398000][T12441] bridge0: port 1(bridge_slave_0) entered blocking state [ 459.404934][T12441] bridge0: port 1(bridge_slave_0) entered forwarding state [ 459.440196][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 459.447819][ T407] bridge0: port 1(bridge_slave_0) entered disabled state [ 459.454913][ T407] bridge0: port 2(bridge_slave_1) entered disabled state [ 459.471876][ T1401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 459.480979][ T1401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 459.489501][ T1401] bridge0: port 1(bridge_slave_0) entered blocking state [ 459.496353][ T1401] bridge0: port 1(bridge_slave_0) entered forwarding state [ 459.503550][ T1401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 459.511740][ T1401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 459.519782][ T1401] bridge0: port 2(bridge_slave_1) entered blocking state [ 459.526604][ T1401] bridge0: port 2(bridge_slave_1) entered forwarding state [ 459.533780][ T3029] usb 4-1: string descriptor 0 read error: -22 [ 459.539819][ T3029] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 459.548738][ T3029] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 459.556916][ T429] device bridge_slave_1 left promiscuous mode [ 459.563256][ T429] bridge0: port 2(bridge_slave_1) entered disabled state [ 459.570832][ T429] device bridge_slave_0 left promiscuous mode [ 459.576842][ T429] bridge0: port 1(bridge_slave_0) entered disabled state [ 459.584992][ T429] device veth1_macvtap left promiscuous mode [ 459.591424][ T3029] usb 4-1: 0:2 : does not exist [ 459.596432][ T429] device veth0_vlan left promiscuous mode [ 459.678835][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 459.686714][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 459.694516][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 459.708128][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 459.724886][T12441] device veth0_vlan entered promiscuous mode [ 459.732767][ T1514] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 459.741521][ T1514] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 459.749800][ T1514] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 459.757522][ T1514] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 459.772903][T12441] device veth1_macvtap entered promiscuous mode [ 459.780265][ T1514] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 459.787553][ T1514] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 459.795209][ T1514] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 459.803413][ T1514] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 459.811471][ T1514] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 459.823777][ T26] usb 4-1: USB disconnect, device number 39 [ 459.830580][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 459.839154][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 459.847323][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 459.855366][ T407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 459.890990][T12468] loop4: detected capacity change from 0 to 1024 [ 459.919467][T12468] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 459.926871][ T429] tipc: Left network mode [ 459.947564][T12468] EXT4-fs (loop4): mounted filesystem without journal. Opts: nolazytime,bsddf,barrier=0x0000000000000000,jqfmt=vfsv1,debug_want_extra_isize=0x0000000000000042,lazytime,nodelalloc,noblock_validity,nomblk_io_submit,,errors=continue. Quota mode: none. [ 459.977029][T12470] loop2: detected capacity change from 0 to 512 [ 459.986565][T12468] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 460.039846][T12470] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 460.067994][T12474] netem: change failed [ 460.075310][T12470] EXT4-fs (loop2): 1 orphan inode deleted [ 460.084453][T12470] EXT4-fs (loop2): 1 truncate cleaned up [ 460.094793][T12470] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000000010000,block_validity,quota,. Quota mode: writeback. [ 460.126256][ T30] audit: type=1326 audit(2000000832.367:5655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12475 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff365608f29 code=0x7ffc0000 [ 460.157904][ T30] audit: type=1326 audit(2000000832.367:5656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12475 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff365608f29 code=0x7ffc0000 [ 460.336175][T12486] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=12486 comm=syz-executor.4 [ 460.424288][T12498] loop4: detected capacity change from 0 to 512 [ 460.471426][T12498] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 460.482516][T12498] ext4 filesystem being mounted at /root/syzkaller-testdir3361692108/syzkaller.1wXh2g/10/bus supports timestamps until 2038 (0x7fffffff) [ 460.506830][T12508] loop3: detected capacity change from 0 to 512 [ 460.570162][T12508] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 460.584380][T12508] EXT4-fs (loop3): 1 truncate cleaned up [ 460.590003][T12508] EXT4-fs (loop3): mounted filesystem without journal. Opts: init_itable,resuid=0x0000000000000000,stripe=0x0000000000000000,,errors=continue. Quota mode: none. [ 460.628872][ T429] device macsec0 left promiscuous mode [ 460.634280][ T429] bridge0: port 3(macsec0) entered disabled state [ 460.648697][ T429] device bridge_slave_1 left promiscuous mode [ 460.654662][ T429] bridge0: port 2(bridge_slave_1) entered disabled state [ 460.678090][ T429] device bridge_slave_0 left promiscuous mode [ 460.684159][ T429] bridge0: port 1(bridge_slave_0) entered disabled state [ 460.708034][ T429] device macsec0 left promiscuous mode [ 460.713448][ T429] bridge0: port 3(macsec0) entered disabled state [ 460.728174][ T429] device bridge_slave_1 left promiscuous mode [ 460.734617][ T429] bridge0: port 2(bridge_slave_1) entered disabled state [ 460.741758][T12513] SELinux: security_context_str_to_sid() failed for (dev ?, type ?) errno=-22 [ 460.751114][ T429] device bridge_slave_0 left promiscuous mode [ 460.757071][ T429] bridge0: port 1(bridge_slave_0) entered disabled state [ 460.775036][T12513] SELinux: security_context_str_to_sid() failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 460.787737][ T429] device veth1_macvtap left promiscuous mode [ 460.793570][ T429] device veth0_vlan left promiscuous mode [ 460.807085][ T429] device veth1_macvtap left promiscuous mode [ 460.817741][ T429] device veth0_vlan left promiscuous mode [ 460.893948][T12512] loop2: detected capacity change from 0 to 40427 [ 460.943856][T12512] F2FS-fs (loop2): invalid crc value [ 460.967736][T12512] F2FS-fs (loop2): Found nat_bits in checkpoint [ 461.077704][ T421] Bluetooth: hci0: command 0x1009 tx timeout [ 461.085553][T12512] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 461.565153][T11489] attempt to access beyond end of device [ 461.565153][T11489] loop2: rw=2049, want=45112, limit=40427 [ 461.808512][T12525] bridge0: port 1(bridge_slave_0) entered blocking state [ 461.815360][T12525] bridge0: port 1(bridge_slave_0) entered disabled state [ 461.822694][T12525] device bridge_slave_0 entered promiscuous mode [ 461.829761][T12525] bridge0: port 2(bridge_slave_1) entered blocking state [ 461.829783][T12525] bridge0: port 2(bridge_slave_1) entered disabled state [ 461.830288][T12525] device bridge_slave_1 entered promiscuous mode [ 461.877743][ T407] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 461.906649][T12525] bridge0: port 2(bridge_slave_1) entered blocking state [ 461.913536][T12525] bridge0: port 2(bridge_slave_1) entered forwarding state [ 461.920618][T12525] bridge0: port 1(bridge_slave_0) entered blocking state [ 461.927382][T12525] bridge0: port 1(bridge_slave_0) entered forwarding state [ 461.951618][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 461.959295][ T7969] bridge0: port 1(bridge_slave_0) entered disabled state [ 461.966369][ T7969] bridge0: port 2(bridge_slave_1) entered disabled state [ 461.976205][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 461.984540][ T3029] bridge0: port 1(bridge_slave_0) entered blocking state [ 461.991563][ T3029] bridge0: port 1(bridge_slave_0) entered forwarding state [ 462.015036][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 462.023053][ T3029] bridge0: port 2(bridge_slave_1) entered blocking state [ 462.029919][ T3029] bridge0: port 2(bridge_slave_1) entered forwarding state [ 462.037087][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 462.045352][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 462.057578][ T7969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 462.071071][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 462.078998][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 462.086199][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 462.094939][T12525] device veth0_vlan entered promiscuous mode [ 462.107788][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 462.117330][T12525] device veth1_macvtap entered promiscuous mode [ 462.123551][ T407] usb 5-1: Using ep0 maxpacket: 8 [ 462.129641][ T1401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 462.142484][ T1401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 462.247789][ T407] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 462.256396][ T407] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 462.266269][ T407] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 462.507784][ T407] usb 5-1: string descriptor 0 read error: -22 [ 462.513895][ T407] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 462.522966][ T407] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 462.568439][ T407] usb 5-1: 0:2 : does not exist [ 462.668461][ T429] device bridge_slave_1 left promiscuous mode [ 462.674438][ T429] bridge0: port 2(bridge_slave_1) entered disabled state [ 462.682129][ T429] device bridge_slave_0 left promiscuous mode [ 462.688176][ T429] bridge0: port 1(bridge_slave_0) entered disabled state [ 462.696219][ T429] device veth1_macvtap left promiscuous mode [ 462.702189][ T429] device veth0_vlan left promiscuous mode [ 462.761884][T12546] loop2: detected capacity change from 0 to 2048 [ 462.771595][ T7969] usb 5-1: USB disconnect, device number 37 [ 462.819568][T12546] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 462.830283][T12546] ext4 filesystem being mounted at /root/syzkaller-testdir1477479952/syzkaller.EPIDy4/117/file0 supports timestamps until 2038 (0x7fffffff) [ 462.871153][T12546] kvm: pic: non byte write [ 462.876778][T12546] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (122629963744 ns) > initial count (67108864 ns). Using initial count to start timer. [ 462.979511][T12554] loop0: detected capacity change from 0 to 512 [ 463.042324][T12554] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 463.054201][T12554] EXT4-fs (loop0): 1 orphan inode deleted [ 463.060492][T12554] EXT4-fs (loop0): 1 truncate cleaned up [ 463.077422][T12554] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000000010000,block_validity,quota,. Quota mode: writeback. [ 463.153521][T12564] loop3: detected capacity change from 0 to 128 [ 463.205764][T12564] attempt to access beyond end of device [ 463.205764][T12564] loop3: rw=0, want=241, limit=128 [ 463.221227][ T4684] attempt to access beyond end of device [ 463.221227][ T4684] loop3: rw=1, want=1041, limit=128 [ 463.374064][T12578] syz-executor.3[12578] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 463.374122][T12578] syz-executor.3[12578] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 463.640187][T12584] loop2: detected capacity change from 0 to 256 [ 463.694465][T12584] FAT-fs (loop2): Directory bread(block 64) failed [ 463.700946][T12584] FAT-fs (loop2): Directory bread(block 65) failed [ 463.707394][T12584] FAT-fs (loop2): Directory bread(block 66) failed [ 463.713823][T12584] FAT-fs (loop2): Directory bread(block 67) failed [ 463.721709][T12584] FAT-fs (loop2): Directory bread(block 68) failed [ 463.728251][T12584] FAT-fs (loop2): Directory bread(block 69) failed [ 463.734693][T12584] FAT-fs (loop2): Directory bread(block 70) failed [ 463.741159][T12584] FAT-fs (loop2): Directory bread(block 71) failed [ 463.747585][T12584] FAT-fs (loop2): Directory bread(block 72) failed [ 463.753890][T12584] FAT-fs (loop2): Directory bread(block 73) failed [ 463.813265][T12590] loop0: detected capacity change from 0 to 1024 [ 463.859412][T12590] EXT4-fs (loop0): mounted filesystem without journal. Opts: nombcache,abort,dioread_lock,norecovery,discard,lazytime,noload,usrquota,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 463.884362][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 463.884378][ T30] audit: type=1400 audit(2000000836.127:5669): avc: denied { write } for pid=12589 comm="syz-executor.0" name="/" dev="overlay" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 463.913937][T12590] syz-executor.0 (12590) used greatest stack depth: 18368 bytes left [ 463.917366][T12377] EXT4-fs error (device loop0): ext4_empty_dir:3087: inode #11: comm syz-executor.0: invalid size [ 463.927069][ T30] audit: type=1400 audit(2000000836.127:5670): avc: denied { add_name } for pid=12589 comm="syz-executor.0" name=".log" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 463.937471][T12377] EXT4-fs error (device loop0): ext4_empty_dir:3087: inode #11: comm syz-executor.0: invalid size [ 463.964137][T12377] EXT4-fs error (device loop0): ext4_empty_dir:3087: inode #11: comm syz-executor.0: invalid size [ 463.975105][T12377] EXT4-fs error (device loop0): ext4_empty_dir:3087: inode #11: comm syz-executor.0: invalid size [ 463.985942][T12377] EXT4-fs error (device loop0): ext4_empty_dir:3087: inode #11: comm syz-executor.0: invalid size [ 463.996775][T12377] EXT4-fs error (device loop0): ext4_empty_dir:3087: inode #11: comm syz-executor.0: invalid size [ 464.007552][T12377] EXT4-fs error (device loop0): ext4_empty_dir:3087: inode #11: comm syz-executor.0: invalid size [ 464.018358][T12377] EXT4-fs error (device loop0): ext4_empty_dir:3087: inode #11: comm syz-executor.0: invalid size [ 464.029141][T12377] EXT4-fs error (device loop0): ext4_empty_dir:3087: inode #11: comm syz-executor.0: invalid size [ 464.040048][T12377] EXT4-fs error (device loop0): ext4_empty_dir:3087: inode #11: comm syz-executor.0: invalid size [ 464.127709][ T42] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 464.168298][T12602] loop4: detected capacity change from 0 to 16 [ 464.190875][T12602] erofs: (device loop4): check_layout_compatibility: unidentified incompatible feature 30, please upgrade kernel version [ 464.267488][T12610] loop3: detected capacity change from 0 to 256 [ 464.281129][T12602] loop4: detected capacity change from 0 to 512 [ 464.296027][T12604] bridge0: port 1(bridge_slave_0) entered blocking state [ 464.303015][T12604] bridge0: port 1(bridge_slave_0) entered disabled state [ 464.310153][T12604] device bridge_slave_0 entered promiscuous mode [ 464.317159][T12604] bridge0: port 2(bridge_slave_1) entered blocking state [ 464.317404][T12602] EXT4-fs (loop4): corrupt root inode, run e2fsck [ 464.324183][T12604] bridge0: port 2(bridge_slave_1) entered disabled state [ 464.338240][T12604] device bridge_slave_1 entered promiscuous mode [ 464.342386][T12610] FAT-fs (loop3): Directory bread(block 64) failed [ 464.349409][T12602] EXT4-fs (loop4): mount failed [ 464.350879][T12610] FAT-fs (loop3): Directory bread(block 65) failed [ 464.362383][T12610] FAT-fs (loop3): Directory bread(block 66) failed [ 464.369111][T12610] FAT-fs (loop3): Directory bread(block 67) failed [ 464.375512][T12610] FAT-fs (loop3): Directory bread(block 68) failed [ 464.381841][T12610] FAT-fs (loop3): Directory bread(block 69) failed [ 464.388243][ T42] usb 3-1: Using ep0 maxpacket: 8 [ 464.389346][T12610] FAT-fs (loop3): Directory bread(block 70) failed [ 464.399736][T12610] FAT-fs (loop3): Directory bread(block 71) failed [ 464.406183][T12610] FAT-fs (loop3): Directory bread(block 72) failed [ 464.412613][T12610] FAT-fs (loop3): Directory bread(block 73) failed [ 464.496119][ T30] audit: type=1400 audit(2000000836.737:5671): avc: denied { shutdown } for pid=12601 comm="syz-executor.4" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 464.517838][ T42] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 464.526374][ T42] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 464.536369][ T42] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 467.017728][ T42] usb 3-1: string descriptor 0 read error: -71 [ 467.023898][ T42] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 467.032731][ T42] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 468.007806][ T42] usb 3-1: can't set config #1, error -71 [ 468.013740][ T42] usb 3-1: USB disconnect, device number 38 [ 468.085096][ T30] audit: type=1326 audit(2000000840.327:5672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12630 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fec0f0a3f29 code=0x0 [ 468.152719][ T30] audit: type=1326 audit(2000000840.397:5673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12638 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd23a07df29 code=0x0 [ 468.170019][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 468.185111][T12643] syz-executor.4[12643] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 468.185196][T12643] syz-executor.4[12643] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 468.188662][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 468.241654][ T1401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 468.250204][ T1401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 468.258950][ T1401] bridge0: port 1(bridge_slave_0) entered blocking state [ 468.265828][ T1401] bridge0: port 1(bridge_slave_0) entered forwarding state [ 468.273673][ T1401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 468.284991][ T1401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 468.293191][ T1401] bridge0: port 2(bridge_slave_1) entered blocking state [ 468.300084][ T1401] bridge0: port 2(bridge_slave_1) entered forwarding state [ 468.307813][ T1401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 468.326230][ T1401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 468.334541][ T1401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 468.345835][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 468.354004][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 468.368254][ T429] device bridge_slave_1 left promiscuous mode [ 468.374256][ T429] bridge0: port 2(bridge_slave_1) entered disabled state [ 468.385599][ T429] device bridge_slave_0 left promiscuous mode [ 468.391982][ T429] bridge0: port 1(bridge_slave_0) entered disabled state [ 468.400583][ T429] device veth1_macvtap left promiscuous mode [ 468.406422][ T429] device veth0_vlan left promiscuous mode [ 472.058759][T12667] syz-executor.1[12667] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 472.058851][T12667] syz-executor.1[12667] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 472.060669][T12662] loop3: detected capacity change from 0 to 40427 [ 472.130012][T12662] F2FS-fs (loop3): invalid crc value [ 472.136352][T12662] F2FS-fs (loop3): Found nat_bits in checkpoint [ 472.196735][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 472.205318][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 472.214381][T12662] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 472.217296][T12604] device veth0_vlan entered promiscuous mode [ 472.242092][ T1401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 472.328067][ T1401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 472.336520][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 472.344137][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 472.374953][ T1514] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 472.383598][ T1514] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 472.678763][T12604] device veth1_macvtap entered promiscuous mode [ 472.734649][ T421] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 472.748283][T12525] attempt to access beyond end of device [ 472.748283][T12525] loop3: rw=2049, want=45112, limit=40427 [ 472.768376][ T421] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 472.815999][ T421] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 472.834464][ T421] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 472.883781][ T421] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 472.899134][ T30] audit: type=1326 audit(2000000845.147:5674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12688 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd23a07df29 code=0x0 [ 473.118875][T12704] incfs: Options parsing error. -22 [ 473.138352][T12704] incfs: mount failed -22 [ 473.211410][T12698] loop0: detected capacity change from 0 to 40427 [ 473.269086][T12698] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 473.283625][T12698] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 473.302990][T12708] loop4: detected capacity change from 0 to 40427 [ 473.310647][T12698] F2FS-fs (loop0): Found nat_bits in checkpoint [ 473.350950][T12698] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 473.358141][T12698] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 473.366687][T12708] F2FS-fs (loop4): invalid crc value [ 473.381105][T12708] F2FS-fs (loop4): Found nat_bits in checkpoint [ 473.413002][ T45] attempt to access beyond end of device [ 473.413002][ T45] loop0: rw=1, want=45104, limit=40427 [ 473.440015][T12708] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 473.520481][T12735] loop2: detected capacity change from 0 to 16 [ 473.561377][T12735] erofs: (device loop2): check_layout_compatibility: unidentified incompatible feature 30, please upgrade kernel version [ 473.574745][T12739] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 473.888718][ T421] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 473.951300][T12735] loop2: detected capacity change from 0 to 512 [ 473.989423][T12735] EXT4-fs (loop2): corrupt root inode, run e2fsck [ 473.996176][T12735] EXT4-fs (loop2): mount failed [ 474.002594][T12441] attempt to access beyond end of device [ 474.002594][T12441] loop4: rw=2049, want=45112, limit=40427 [ 474.227939][ T407] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 474.248219][ T421] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 474.266839][ T421] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 474.292065][ T421] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 474.310046][ T421] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 474.338136][ T421] usb 4-1: config 0 descriptor?? [ 474.413475][T12771] loop0: detected capacity change from 0 to 512 [ 474.494085][T12765] loop4: detected capacity change from 0 to 40427 [ 474.538846][T12765] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 474.556532][T12765] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 474.589924][T12765] F2FS-fs (loop4): Found nat_bits in checkpoint [ 474.598285][ T407] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 474.611261][ T30] audit: type=1400 audit(2000000846.857:5675): avc: denied { map } for pid=12770 comm="syz-executor.0" path="socket:[72127]" dev="sockfs" ino=72127 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 474.638452][ T407] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 474.657738][ T407] usb 2-1: New USB device found, idVendor=056a, idProduct=0084, bcdDevice= 0.00 [ 474.676481][ T407] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 474.693369][ T407] usb 2-1: config 0 descriptor?? [ 474.705323][T12765] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 474.718250][T12765] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 474.788440][ T4684] attempt to access beyond end of device [ 474.788440][ T4684] loop4: rw=1, want=45104, limit=40427 [ 474.808011][ T421] hid (null): bogus close delimiter [ 475.237870][ T407] usbhid 2-1:0.0: can't add hid device: -71 [ 475.243765][ T407] usbhid: probe of 2-1:0.0 failed with error -71 [ 475.251381][ T407] usb 2-1: USB disconnect, device number 32 [ 475.307932][ T421] uclogic 0003:256C:006D.0040: failed retrieving Huion firmware version: -71 [ 475.316731][ T421] uclogic 0003:256C:006D.0040: failed probing parameters: -71 [ 475.326132][ T421] uclogic: probe of 0003:256C:006D.0040 failed with error -71 [ 475.334550][ T421] usb 4-1: USB disconnect, device number 40 [ 475.932743][T12859] x_tables: duplicate underflow at hook 4 [ 476.627286][ T30] audit: type=1400 audit(2000000848.867:5676): avc: denied { getopt } for pid=12891 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 476.683696][T12900] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 476.990444][T12938] x_tables: duplicate underflow at hook 4 [ 477.060981][T12948] loop4: detected capacity change from 0 to 512 [ 477.070266][ T30] audit: type=1326 audit(2000000849.317:5677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12945 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd23a07df29 code=0x0 [ 477.128693][T12948] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 477.173314][T12948] EXT4-fs (loop4): 1 orphan inode deleted [ 477.189920][T12948] EXT4-fs (loop4): 1 truncate cleaned up [ 477.197767][T12948] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000000010000,block_validity,quota,. Quota mode: writeback. [ 477.672322][T12974] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.3'. [ 478.100488][T13003] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.3'. [ 478.183814][T13008] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 478.351520][T13020] loop2: detected capacity change from 0 to 512 [ 478.444077][T13020] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 478.476206][T13020] EXT4-fs (loop2): 1 orphan inode deleted [ 478.487759][T13020] EXT4-fs (loop2): 1 truncate cleaned up [ 478.517045][T13020] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000000010000,block_validity,quota,. Quota mode: writeback. [ 478.975525][T13037] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 479.257723][ T8026] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 479.667783][ T8026] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 479.678770][ T8026] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 479.688425][ T8026] usb 3-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 479.697287][ T8026] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.705723][ T8026] usb 3-1: config 0 descriptor?? [ 480.168434][ T8026] sony 0003:054C:0268.0041: unknown main item tag 0x0 [ 480.176504][ T8026] sony 0003:054C:0268.0041: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.2-1/input0 [ 480.227860][ T8026] sony 0003:054C:0268.0041: failed to claim input [ 480.327683][ T1514] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 480.372111][ T421] usb 3-1: USB disconnect, device number 39 [ 480.566862][T13087] loop0: detected capacity change from 0 to 512 [ 480.610633][T13087] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 480.618816][T13087] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz-executor.0: invalid indirect mapped block 2683928664 (level 1) [ 480.633153][T13087] EXT4-fs (loop0): Remounting filesystem read-only [ 480.639766][T13087] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 480.654445][T13087] EXT4-fs (loop0): 1 truncate cleaned up [ 480.660010][T13087] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,errors=continue,errors=remount-ro,minixdf,jqfmt=vfsv0,usrjquota=.smackfsfloor=ext4. Quota mode: writeback. [ 480.687755][ T1514] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 480.698589][ T1514] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 480.708121][ T1514] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 480.716931][ T1514] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.725895][ T1514] usb 2-1: config 0 descriptor?? [ 480.803619][T13094] loop0: detected capacity change from 0 to 256 [ 480.977870][T13103] syz-executor.2[13103] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 480.977958][T13103] syz-executor.2[13103] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 481.147984][T13123] loop2: detected capacity change from 0 to 512 [ 481.207906][ T1514] hid (null): bogus close delimiter [ 481.427745][ T421] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 481.707746][ T1514] uclogic 0003:256C:006D.0042: failed retrieving Huion firmware version: -71 [ 481.716344][ T1514] uclogic 0003:256C:006D.0042: failed probing parameters: -71 [ 481.725096][ T1514] uclogic: probe of 0003:256C:006D.0042 failed with error -71 [ 481.738461][ T1514] usb 2-1: USB disconnect, device number 33 [ 481.797782][ T421] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 481.808925][ T421] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 481.819355][ T421] usb 4-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 481.828667][ T421] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 481.843045][ T421] usb 4-1: config 0 descriptor?? [ 483.988729][ T421] sony 0003:054C:0268.0043: unknown main item tag 0x0 [ 484.008324][ T421] sony 0003:054C:0268.0043: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.3-1/input0 [ 484.020041][ T421] sony 0003:054C:0268.0043: failed to claim input [ 484.988742][ T421] usb 4-1: USB disconnect, device number 41 [ 485.035357][T13141] syz-executor.4[13141] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 485.035441][T13141] syz-executor.4[13141] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 485.153264][T13154] loop2: detected capacity change from 0 to 256 [ 485.174627][T13156] loop0: detected capacity change from 0 to 512 [ 485.220244][T13156] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 485.228578][T13156] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz-executor.0: invalid indirect mapped block 2683928664 (level 1) [ 485.245375][T13156] EXT4-fs (loop0): Remounting filesystem read-only [ 485.252097][T13156] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 485.267329][T13156] EXT4-fs (loop0): 1 truncate cleaned up [ 485.269722][T13160] loop2: detected capacity change from 0 to 512 [ 485.272978][T13156] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,errors=continue,errors=remount-ro,minixdf,jqfmt=vfsv0,usrjquota=.smackfsfloor=ext4. Quota mode: writeback. [ 485.298562][ T8026] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 485.321656][T13160] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 485.337788][T13160] ext4 filesystem being mounted at /root/syzkaller-testdir1477479952/syzkaller.EPIDy4/163/bus supports timestamps until 2038 (0x7fffffff) [ 485.497910][T13175] x_tables: duplicate underflow at hook 4 [ 485.526564][T13178] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 485.536496][T13178] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 485.557692][ T8026] usb 2-1: Using ep0 maxpacket: 8 [ 485.607840][ T8026] usb 2-1: too many configurations: 241, using maximum allowed: 8 [ 485.747763][ T8026] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 485.755524][ T8026] usb 2-1: can't read configurations, error -61 [ 485.867696][ T2025] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 485.907788][ T8026] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 486.127825][ T2025] usb 4-1: Using ep0 maxpacket: 32 [ 486.204092][ T8026] usb 2-1: Using ep0 maxpacket: 8 [ 486.247843][ T8026] usb 2-1: too many configurations: 241, using maximum allowed: 8 [ 486.408233][ T2025] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 486.447930][ T8026] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 486.471264][ T8026] usb 2-1: can't read configurations, error -61 [ 486.487725][ T2025] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 486.537736][ T8026] usb usb2-port1: attempt power cycle [ 486.588045][ T2025] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 486.597381][ T2025] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 486.608799][ T2025] usb 4-1: config 0 descriptor?? [ 486.641367][ T30] audit: type=1400 audit(2000000858.887:5678): avc: denied { getopt } for pid=13188 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 486.663047][ T2025] hub 4-1:0.0: USB hub found [ 486.708589][T13203] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 486.719434][T13203] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 486.745734][T13209] syz-executor.2[13209] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 486.745795][T13209] syz-executor.2[13209] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 486.759153][T13209] syz-executor.2[13209] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 486.771197][T13209] syz-executor.2[13209] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 486.853034][T13213] x_tables: duplicate underflow at hook 4 [ 486.870253][ T2025] hub 4-1:0.0: 1 port detected [ 487.033334][ T8026] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 487.137766][ T8026] usb 2-1: Using ep0 maxpacket: 8 [ 487.186618][T13223] loop4: detected capacity change from 0 to 512 [ 487.192893][ T8026] usb 2-1: too many configurations: 241, using maximum allowed: 8 [ 487.231024][T13223] EXT4-fs (loop4): 1 orphan inode deleted [ 487.236657][T13223] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,sysvgroups,resuid=0x000000000000ee00,grpquota,resgid=0x0000000000000000,grpquota,delalloc,usrquota,. Quota mode: writeback. [ 487.257409][T13223] ext4 filesystem being mounted at /root/syzkaller-testdir3361692108/syzkaller.1wXh2g/60/file1 supports timestamps until 2038 (0x7fffffff) [ 487.280756][ T30] audit: type=1326 audit(2000000859.527:5679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13222 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff365608f29 code=0x0 [ 487.330746][ T30] audit: type=1326 audit(2000000859.577:5680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13222 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=436 compat=0 ip=0x7ff365608f29 code=0x0 [ 487.357765][ T8026] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 487.365248][ T8026] usb 2-1: can't read configurations, error -61 [ 487.507821][ T2025] hub 4-1:0.0: activate --> -90 [ 487.527715][ T8026] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 487.563712][T13239] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 487.573945][T13239] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 487.691621][ T8026] usb 2-1: Using ep0 maxpacket: 8 [ 487.729198][ T8026] usb 2-1: too many configurations: 241, using maximum allowed: 8 [ 487.921682][ T1401] usb 4-1: USB disconnect, device number 42 [ 487.938206][ T8026] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 487.945874][ T2025] hub 4-1:0.0: hub_ext_port_status failed (err = -71) [ 487.998747][ T8026] usb 2-1: can't read configurations, error -61 [ 488.061234][ T8026] usb usb2-port1: unable to enumerate USB device [ 488.166231][T13257] loop4: detected capacity change from 0 to 512 [ 488.220305][T13257] EXT4-fs (loop4): 1 orphan inode deleted [ 488.225964][T13257] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,sysvgroups,resuid=0x000000000000ee00,grpquota,resgid=0x0000000000000000,grpquota,delalloc,usrquota,. Quota mode: writeback. [ 488.246639][T13257] ext4 filesystem being mounted at /root/syzkaller-testdir3361692108/syzkaller.1wXh2g/68/file1 supports timestamps until 2038 (0x7fffffff) [ 488.272047][ T30] audit: type=1326 audit(2000000860.517:5681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13256 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff365608f29 code=0x0 [ 488.322106][ T30] audit: type=1326 audit(2000000860.567:5682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13256 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=436 compat=0 ip=0x7ff365608f29 code=0x0 [ 488.403858][ T30] audit: type=1400 audit(2000000860.647:5683): avc: denied { mount } for pid=13265 comm="syz-executor.4" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 488.448532][T13270] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 488.457914][T13270] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 488.546540][T13282] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 488.575687][T13286] loop3: detected capacity change from 0 to 512 [ 488.633806][T13286] EXT4-fs (loop3): 1 orphan inode deleted [ 488.640180][T13286] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,sysvgroups,resuid=0x000000000000ee00,grpquota,resgid=0x0000000000000000,grpquota,delalloc,usrquota,. Quota mode: writeback. [ 488.660779][T13286] ext4 filesystem being mounted at /root/syzkaller-testdir67669477/syzkaller.fcoHs2/66/file1 supports timestamps until 2038 (0x7fffffff) [ 488.682541][ T30] audit: type=1326 audit(2000000860.927:5684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13285 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fec0f0a3f29 code=0x0 [ 488.732541][ T30] audit: type=1326 audit(2000000860.977:5685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13285 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=436 compat=0 ip=0x7fec0f0a3f29 code=0x0 [ 489.019142][ T421] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 489.447748][ T403] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 489.497831][ T421] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 489.508621][ T421] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 489.518124][ T421] usb 5-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 489.526933][ T421] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.535406][ T421] usb 5-1: config 0 descriptor?? [ 489.668463][T13306] loop3: detected capacity change from 0 to 512 [ 489.707882][ T403] usb 3-1: Using ep0 maxpacket: 32 [ 489.713790][T13306] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 489.729723][T13306] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #17: comm syz-executor.3: iget: bad i_size value: -6917529027641081756 [ 489.743372][T13306] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz-executor.3: couldn't read orphan inode 17 (err -117) [ 489.755657][T13306] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 489.771354][T13306] EXT4-fs error (device loop3): ext4_readdir:260: inode #12: block 13: comm syz-executor.3: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=12, rec_len=0, size=4096 fake=0 [ 489.827788][ T403] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 489.838704][ T403] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 489.848403][ T403] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 489.903505][ T403] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.912297][ T403] usb 3-1: config 0 descriptor?? [ 489.948129][ T403] hub 3-1:0.0: USB hub found [ 490.208607][ T421] sony 0003:054C:0268.0044: unknown main item tag 0x0 [ 490.216672][ T421] sony 0003:054C:0268.0044: hiddev96,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.4-1/input0 [ 490.223020][ T403] hub 3-1:0.0: 1 port detected [ 490.228396][ T421] sony 0003:054C:0268.0044: failed to claim input [ 490.324860][ T2025] usb 5-1: USB disconnect, device number 38 [ 490.867763][ T2025] hub 3-1:0.0: activate --> -90 [ 491.017804][ T421] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 491.168183][ T1514] usb 3-1: USB disconnect, device number 40 [ 491.197781][ T2025] hub 3-1:0.0: hub_ext_port_status failed (err = -71) [ 491.227045][T13338] x_tables: duplicate underflow at hook 4 [ 491.377798][ T421] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 491.388525][ T421] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 491.398470][ T421] usb 4-1: New USB device found, idVendor=056a, idProduct=0084, bcdDevice= 0.00 [ 491.407328][ T421] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 491.415834][ T421] usb 4-1: config 0 descriptor?? [ 491.610335][T13349] loop0: detected capacity change from 0 to 1024 [ 491.638655][T13349] EXT4-fs error (device loop0): __ext4_get_inode_loc:4340: comm syz-executor.0: Invalid inode table block 0 in block_group 0 [ 491.652127][T13349] EXT4-fs (loop0): Remounting filesystem read-only [ 491.658718][T13349] EXT4-fs (loop0): get root inode failed [ 491.664240][T13349] EXT4-fs (loop0): mount failed [ 491.938245][ T421] usbhid 4-1:0.0: can't add hid device: -71 [ 491.944028][ T421] usbhid: probe of 4-1:0.0 failed with error -71 [ 491.950872][ T421] usb 4-1: USB disconnect, device number 43 [ 492.807783][ T7969] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 493.047700][ T7969] usb 4-1: Using ep0 maxpacket: 32 [ 493.083604][ T30] audit: type=1326 audit(2000000865.327:5686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13393 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96691e9f29 code=0x7ffc0000 [ 493.107987][ T30] audit: type=1326 audit(2000000865.327:5687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13393 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96691e9f29 code=0x7ffc0000 [ 493.121851][T13396] loop2: detected capacity change from 0 to 512 [ 493.138288][ T30] audit: type=1326 audit(2000000865.327:5688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13393 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f96691e9f29 code=0x7ffc0000 [ 493.163081][ T30] audit: type=1326 audit(2000000865.327:5689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13393 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96691e9f29 code=0x7ffc0000 [ 493.187062][ T7969] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 493.197843][ T30] audit: type=1326 audit(2000000865.327:5690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13393 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96691e9f29 code=0x7ffc0000 [ 493.222455][ T7969] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 493.232283][ T7969] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 493.242093][ T7969] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 493.250027][ T30] audit: type=1326 audit(2000000865.327:5691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13393 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f96691e9f29 code=0x7ffc0000 [ 493.275561][ T7969] usb 4-1: config 0 descriptor?? [ 493.280670][ T30] audit: type=1326 audit(2000000865.327:5692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13393 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96691e9f29 code=0x7ffc0000 [ 493.305232][ T30] audit: type=1326 audit(2000000865.327:5693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13393 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96691e9f29 code=0x7ffc0000 [ 493.329366][T13396] EXT4-fs (loop2): 1 truncate cleaned up [ 493.334822][T13396] EXT4-fs (loop2): mounted filesystem without journal. Opts: noauto_da_alloc,auto_da_alloc=0x0000000000010001,noload,jqfmt=vfsold,,errors=continue. Quota mode: none. [ 493.353160][ T7969] hub 4-1:0.0: USB hub found [ 493.358077][ T30] audit: type=1326 audit(2000000865.327:5694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13393 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=439 compat=0 ip=0x7f96691e9f29 code=0x7ffc0000 [ 493.382067][ T30] audit: type=1326 audit(2000000865.327:5695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13393 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96691e9f29 code=0x7ffc0000 [ 493.577804][ T7969] hub 4-1:0.0: 1 port detected [ 494.227748][ T1514] hub 4-1:0.0: activate --> -90 [ 494.668400][ T8366] usb 4-1: USB disconnect, device number 44 [ 494.687773][ T1514] hub 4-1:0.0: hub_ext_port_status failed (err = -71) [ 495.006207][T13458] loop0: detected capacity change from 0 to 1024 [ 495.039025][T13458] EXT4-fs error (device loop0): __ext4_get_inode_loc:4340: comm syz-executor.0: Invalid inode table block 0 in block_group 0 [ 495.052250][T13458] EXT4-fs (loop0): Remounting filesystem read-only [ 495.058634][T13458] EXT4-fs (loop0): get root inode failed [ 495.064045][T13458] EXT4-fs (loop0): mount failed [ 495.487806][ T421] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 495.780082][T13493] loop3: detected capacity change from 0 to 512 [ 495.799162][T13493] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 495.808092][T13493] EXT4-fs (loop3): orphan cleanup on readonly fs [ 495.815060][T13493] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor.3: bg 0: block 248: padding at end of block bitmap is not set [ 495.830426][T13493] EXT4-fs (loop3): 1 truncate cleaned up [ 495.836245][T13493] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,grpquota,quota,noblock_validity,nodiscard,nomblk_io_submit,,errors=continue. Quota mode: writeback. [ 495.847832][ T421] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 495.863962][ T421] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 495.874375][ T421] usb 5-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 495.883340][ T421] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.892096][ T421] usb 5-1: config 0 descriptor?? [ 496.230346][T13501] loop2: detected capacity change from 0 to 512 [ 496.260215][T13501] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 496.278473][T13501] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b816c118, mo2=0002] [ 496.286437][T13501] System zones: 1-12 [ 496.291026][T13501] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.2: corrupted in-inode xattr [ 496.303427][T13501] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz-executor.2: couldn't read orphan inode 15 (err -117) [ 496.315795][T13501] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsold,data_err=abort,debug,noload,mblk_io_submit,commit=0x0000000000000005,init_itable=0x0000000000000601,grpquota,,errors=continue. Quota mode: writeback. [ 496.378918][ T421] hid-rmi 0003:06CB:81A7.0045: item fetching failed at offset 3/5 [ 496.386723][ T421] hid-rmi 0003:06CB:81A7.0045: parse failed [ 496.392491][ T421] hid-rmi: probe of 0003:06CB:81A7.0045 failed with error -22 [ 496.582058][ T8366] usb 5-1: USB disconnect, device number 39 [ 497.181646][T13515] device pim6reg1 entered promiscuous mode [ 497.289390][T13524] loop4: detected capacity change from 0 to 512 [ 497.311043][T13524] EXT4-fs warning (device loop4): ext4_block_to_path:107: block 3279945729 > max in inode 13 [ 497.324162][T13524] EXT4-fs warning (device loop4): ext4_block_to_path:107: block 3279945730 > max in inode 13 [ 497.334520][T13524] EXT4-fs (loop4): 1 truncate cleaned up [ 497.340020][T13524] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 498.388941][T13529] loop4: detected capacity change from 0 to 40427 [ 498.398234][ T30] kauditd_printk_skb: 17 callbacks suppressed [ 498.398249][ T30] audit: type=1326 audit(2000000870.647:5711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13533 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e67a4df29 code=0x7ffc0000 [ 498.448464][T13529] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 498.456048][T13529] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 498.465122][ T30] audit: type=1326 audit(2000000870.677:5712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13533 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f3e67a4df29 code=0x7ffc0000 [ 498.489360][ T30] audit: type=1326 audit(2000000870.677:5713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13533 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e67a4df29 code=0x7ffc0000 [ 498.513483][ T30] audit: type=1326 audit(2000000870.677:5714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13533 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f3e67a4df29 code=0x7ffc0000 [ 499.434236][ T30] audit: type=1326 audit(2000000871.677:5715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13533 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e67a4df29 code=0x7ffc0000 [ 499.481691][T13529] F2FS-fs (loop4): Found nat_bits in checkpoint [ 499.527541][T13548] loop3: detected capacity change from 0 to 512 [ 499.534241][T13529] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 499.541152][T13529] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 499.572478][T13528] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 499.572543][ T30] audit: type=1326 audit(2000000871.677:5716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13533 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e67a4df29 code=0x7ffc0000 [ 499.581209][T13528] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 499.623305][ T30] audit: type=1326 audit(2000000871.867:5717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13533 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7f3e67a4df29 code=0x7ffc0000 [ 499.647340][ T30] audit: type=1326 audit(2000000871.867:5718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13533 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e67a4df29 code=0x7ffc0000 [ 499.671432][ T30] audit: type=1326 audit(2000000871.867:5719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13533 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e67a4df29 code=0x7ffc0000 [ 499.695634][T13548] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 499.708023][T13548] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 499.721328][T13548] EXT4-fs (loop3): 1 truncate cleaned up [ 499.726782][T13548] EXT4-fs (loop3): mounted filesystem without journal. Opts: noload,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,lazytime,block_validity,quota,,errors=continue. Quota mode: writeback. [ 499.887674][ T7969] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 499.932500][T13568] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13568 comm=syz-executor.4 [ 499.990364][T13570] loop0: detected capacity change from 0 to 256 [ 500.010728][T13570] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x02a07125, utbl_chksum : 0xe619d30d) [ 500.036709][ T30] audit: type=1400 audit(2000000872.277:5720): avc: denied { create } for pid=13567 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1 [ 500.081202][T13573] loop3: detected capacity change from 0 to 1024 [ 500.127733][ T7969] usb 3-1: Using ep0 maxpacket: 32 [ 500.133562][T13573] EXT4-fs error (device loop3): __ext4_get_inode_loc:4340: comm syz-executor.3: Invalid inode table block 0 in block_group 0 [ 500.146682][T13573] EXT4-fs (loop3): Remounting filesystem read-only [ 500.153197][T13573] EXT4-fs (loop3): get root inode failed [ 500.158983][T13573] EXT4-fs (loop3): mount failed [ 500.247816][ T7969] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 500.257810][ T7969] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 500.268477][ T7969] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 500.278322][ T7969] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 500.292167][ T7969] usb 3-1: New USB device found, idVendor=1b96, idProduct=9f0a, bcdDevice= 0.15 [ 500.292196][ T7969] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 500.309555][ T7969] usb 3-1: config 0 descriptor?? [ 500.517712][ T1401] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 500.905368][T13589] loop0: detected capacity change from 0 to 40427 [ 500.919211][ T7969] hid-generic 0003:1B96:9F0A.0046: hidraw0: USB HID v0.00 Device [HID 1b96:9f0a] on usb-dummy_hcd.2-1/input0 [ 500.948281][T13589] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 500.955879][T13589] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 500.966992][T13589] F2FS-fs (loop0): Found nat_bits in checkpoint [ 501.008453][T13589] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 501.015336][T13589] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 501.046054][T13588] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 501.054815][T13588] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 501.097671][ T1401] usb 4-1: Using ep0 maxpacket: 16 [ 501.220740][T13605] loop4: detected capacity change from 0 to 512 [ 501.281147][T13605] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 501.354396][T13605] EXT4-fs (loop4): 1 orphan inode deleted [ 501.360013][T13605] EXT4-fs (loop4): 1 truncate cleaned up [ 501.365458][T13605] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,debug_want_extra_isize=0x000000000000002e,inode_readahead_blks=0x0000000000010000,block_validity,quota,. Quota mode: writeback. [ 501.418198][ T1401] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 11380, setting to 1024 [ 501.429553][ T1401] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1024 [ 501.439375][ T1401] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 501.452103][ T1401] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 501.461036][ T1401] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 501.477887][ T1401] usb 4-1: config 0 descriptor?? [ 501.497923][T13573] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 501.528082][ T1401] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 501.619225][T13618] loop0: detected capacity change from 0 to 1024 [ 501.638945][T13618] EXT4-fs (loop0): Ignoring removed orlov option [ 501.645102][T13618] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 501.659675][T13618] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 501.691141][T13618] EXT4-fs error (device loop0): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.0: corrupt xattr in inline inode [ 501.704617][T13618] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.0: corrupted in-inode xattr [ 501.723580][T12604] ================================================================== [ 501.731463][T12604] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 501.732013][ T1514] usb 4-1: USB disconnect, device number 45 [ 501.739263][T12604] Read of size 4 at addr ffff888136f5d000 by task syz-executor.0/12604 [ 501.739285][T12604] [ 501.739292][T12604] CPU: 1 PID: 12604 Comm: syz-executor.0 Not tainted 5.15.149-syzkaller-00165-g85445b5a2107 #0 [ 501.739314][T12604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 501.739334][T12604] Call Trace: [ 501.739347][T12604] [ 501.739356][T12604] dump_stack_lvl+0x151/0x1b7 [ 501.785698][T12604] ? io_uring_drop_tctx_refs+0x190/0x190 [ 501.791173][T12604] ? panic+0x751/0x751 [ 501.795088][T12604] print_address_description+0x87/0x3b0 [ 501.800459][T12604] kasan_report+0x179/0x1c0 [ 501.804791][T12604] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 501.810261][T12604] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 501.815725][T12604] __asan_report_load4_noabort+0x14/0x20 [ 501.821196][T12604] ext4_xattr_delete_inode+0xcd0/0xce0 [ 501.826490][T12604] ? sb_end_intwrite+0x120/0x120 [ 501.831266][T12604] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 501.837166][T12604] ? ext4_journal_check_start+0x16c/0x230 [ 501.842718][T12604] ? __kasan_check_read+0x11/0x20 [ 501.847577][T12604] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 501.853307][T12604] ? ext4_evict_inode+0xb8d/0x14e0 [ 501.858261][T12604] ext4_evict_inode+0xea1/0x14e0 [ 501.863027][T12604] ? _raw_spin_unlock+0x4d/0x70 [ 501.867718][T12604] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 501.873442][T12604] ? _raw_spin_unlock+0x4d/0x70 [ 501.878133][T12604] ? inode_io_list_del+0x18b/0x1a0 [ 501.883079][T12604] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 501.888806][T12604] evict+0x2a3/0x630 [ 501.892541][T12604] iput+0x63b/0x7e0 [ 501.896183][T12604] vfs_rmdir+0x359/0x470 [ 501.900263][T12604] do_rmdir+0x3ab/0x630 [ 501.904258][T12604] ? d_delete_notify+0x160/0x160 [ 501.909031][T12604] __x64_sys_unlinkat+0xdf/0xf0 [ 501.913715][T12604] do_syscall_64+0x3d/0xb0 [ 501.917968][T12604] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 501.923707][T12604] RIP: 0033:0x7f3e67a4d707 [ 501.927951][T12604] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 501.947390][T12604] RSP: 002b:00007ffe2251f9d8 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 501.955636][T12604] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f3e67a4d707 [ 501.963446][T12604] RDX: 0000000000000200 RSI: 00007ffe22520b80 RDI: 00000000ffffff9c [ 501.971260][T12604] RBP: 00007f3e67aaa6c6 R08: 0000000000000000 R09: 0000000000000000 [ 501.979070][T12604] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffe22520b80 [ 501.986879][T12604] R13: 00007f3e67aaa6c6 R14: 000000000007a75d R15: 0000000000000007 [ 501.994695][T12604] [ 501.997555][T12604] [ 501.999728][T12604] The buggy address belongs to the page: [ 502.005204][T12604] page:ffffea0004dbd740 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x136f5d [ 502.015261][T12604] flags: 0x4000000000000000(zone=1) [ 502.020304][T12604] raw: 4000000000000000 ffffea0004ccfa88 ffffea0004d02d88 0000000000000000 [ 502.028721][T12604] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 502.037138][T12604] page dumped because: kasan: bad access detected [ 502.043411][T12604] page_owner tracks the page as freed [ 502.048593][T12604] page last allocated via order 0, migratetype Movable, gfp_mask 0x100cca(GFP_HIGHUSER_MOVABLE), pid 13617, ts 501616130332, free_ts 501720420757 [ 502.063179][T12604] post_alloc_hook+0x1a3/0x1b0 [ 502.067770][T12604] prep_new_page+0x1b/0x110 [ 502.072109][T12604] get_page_from_freelist+0x3550/0x35d0 [ 502.077491][T12604] __alloc_pages+0x27e/0x8f0 [ 502.081919][T12604] wp_page_copy+0x200/0x1b00 [ 502.086344][T12604] do_wp_page+0x6fa/0xb60 [ 502.090511][T12604] handle_pte_fault+0x7c0/0x24d0 [ 502.095287][T12604] do_handle_mm_fault+0x1ea9/0x23a0 [ 502.100320][T12604] exc_page_fault+0x3b5/0x830 [ 502.104831][T12604] asm_exc_page_fault+0x27/0x30 [ 502.109519][T12604] page last free stack trace: [ 502.114030][T12604] free_unref_page_prepare+0x7c8/0x7d0 [ 502.119330][T12604] free_unref_page_list+0x14b/0xa60 [ 502.124361][T12604] release_pages+0x1310/0x1370 [ 502.128962][T12604] free_pages_and_swap_cache+0x8a/0xa0 [ 502.134255][T12604] tlb_finish_mmu+0x177/0x320 [ 502.138768][T12604] exit_mmap+0x40d/0x940 [ 502.142846][T12604] __mmput+0x95/0x310 [ 502.146665][T12604] mmput+0x5b/0x170 [ 502.150315][T12604] do_exit+0xb9c/0x2ca0 [ 502.154308][T12604] do_group_exit+0x141/0x310 [ 502.158732][T12604] __x64_sys_exit_group+0x3f/0x40 [ 502.163589][T12604] do_syscall_64+0x3d/0xb0 [ 502.167844][T12604] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 502.173573][T12604] [ 502.175740][T12604] Memory state around the buggy address: [ 502.181215][T12604] ffff888136f5cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 502.189112][T12604] ffff888136f5cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 502.197013][T12604] >ffff888136f5d000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 502.204911][T12604] ^ [ 502.208814][T12604] ffff888136f5d080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 502.216711][T12604] ffff888136f5d100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 2033/05/18 03:47:54 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 502.224869][T12604] ================================================================== [ 502.232763][T12604] Disabling lock debugging due to kernel taint [ 502.245762][ T7969] usb 3-1: USB disconnect, device number 41