last executing test programs: 3.87959445s ago: executing program 0 (id=6): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f00000002c0)=ANY=[@ANYBLOB="401583"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) 3.751720591s ago: executing program 1 (id=10): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r0}, 0x38) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x3c, r2, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x10, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x8, 0x3, 0x0, 0x1, [{0x4}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x3c}}, 0x0) 3.726664681s ago: executing program 1 (id=11): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='hrtimer_init\x00', r1}, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) 3.549733212s ago: executing program 1 (id=12): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) fdatasync(r0) 3.509557742s ago: executing program 1 (id=16): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x3}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x182, 0x0, 0x27) 3.468348632s ago: executing program 1 (id=19): r0 = timerfd_create(0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x1c5c7e, 0x0) r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) close(r1) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 3.219966803s ago: executing program 4 (id=29): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x8, 0x8, 0x8, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{r0}, &(0x7f0000000680)=0x2, &(0x7f00000006c0)}, 0x20) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$AUTOFS_IOC_FAIL(r2, 0x4c80, 0xffffffffffffffb6) 3.161718914s ago: executing program 4 (id=31): syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000001c0), 0xfe, 0x25e, &(0x7f0000001000)="$eJzs3T9o3FYcB/Cf7k9d16a47VIo/QOllNZg3KFQ6NIuLRhKMaUU2oJLKZ2CHXBssvkyZcmQzEnwlMWEbHEyhiwmSyCrk3hwlgwxGWIyJMMFne7C+Xwmjs93CtbnA7L09J70nkDfZ3mQHEBhjUXEDxFRjojxiKhGRNLe4LNsGWsWl4fXZiLq9d8eJ412WTnTOm4kImoR8V1EpVW3uPrX5tP1n788s1D94tLqn8ODur52W5sbv2xf/PX01alvFkvNfaPNdft1HKaky75KEvF+Pzp7QySVvEfAfkyfvHI3zf0HEfF5I//VKDUje3b+rZvV+PrCXseee3Tno0GOFTh89Xo1/R1YqwOFU2o8AyeliYjItkuliYnsGf5eOYljc/Mnxv+fW5j9L++ZCjgESS37u3fjp+tD10Y68v+wnOV/X77t80iBvkjz//v0yv10e7uc92iAgfg4W6X5H/9n6auQfygc+Yfikn8oLvmHI+CA2ZV/KC75h+KSfzjCqq2NWtdq+Yfikn8oro785/I+LpCP9vwDAMVSH8r7DWQgL3nPPwAAAAAAAAAAAAAAAAAAwG7Lw2szrWVQfd46H7H1Y0RUdvY/1KgtN/4fccTbjZ/vPEnSZi8l2WE9+fvTHk/Qo8s5v3397oN8+7/9SX/Oe2pncc9v2y3NRtTSxpOVyu77P2nefwf33ivqq//22MFrSjrK3/8x2P47PV/Jt/+p9Ygb6fwz2W3+K8WHjXX3+We0/RPLB3T8WY8nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYGBeBAAA//9hymrI") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800006, 0x11, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 2.981264904s ago: executing program 4 (id=35): close(0xffffffffffffffff) socket$pptp(0x18, 0x1, 0x2) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x6, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) ioctl$sock_bt_hci(r0, 0x400448c8, &(0x7f0000000000)) 2.888582285s ago: executing program 4 (id=39): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000e09d7040460a2196324f01020301090224000100000000090400000206d3450009050102100000000009058b0240"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000880)={0x44, &(0x7f0000000640)={0x40, 0xd, 0x6, "b5713f3eceff"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x34, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 2.754481666s ago: executing program 3 (id=44): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18080000000000000000000000000002850000000f000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}, 0x11}], 0x400000000000172, 0x4000000) 2.726959856s ago: executing program 3 (id=45): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1fd2, 0x6007, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10) syz_usb_control_io(r0, &(0x7f0000000700)={0x2c, &(0x7f0000001a40)={0xbe2713d43fa5a249, 0x0, 0x57, {0x57, 0xd, "820027b5c200000000000000000000000000ad17f2a43bee1e7cad00b4a9fc895e2438813d4fdbfb7a64e2fb1b2f9de42bb0cf4725574f38efe0268a45a6539a0bbc2b610a3003aa706442d2d5d0f77fea4779f8d0"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 2.702467906s ago: executing program 2 (id=46): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000001ec0), 0x1, 0x475, &(0x7f0000001f80)="$eJzs3Mtv3MQfAPCvvUnf+SW/Uh59AIGCiHgkTVqgByQEAqkXJCQ4lGNI06o0bVATJFpFNCBUjqh/AXADib+AE1wQcKLiCneEVKFcWjggI+/a6eaxIZvNdtvu5yO5nbHHnhmPJx574gTQtQbzf5KIXRHxa0T016JLEwzW/ruxMDfx18LcRBJZ9safSTXd9YW5iTJpud/OIjKURqQfJ7F/lXxnLlw8Mz41NXm+iI/Mnn13ZObCxWdOnx0/NXlq8tzY0aNHDo8+/9zYs5tSz768rPs+mD6w99hbV16bOH7l7R+/zsu7q9h+fWFuy9I9BlrOczAGl57LOo+3fPTbS19dOOnpYEFoSiUi8ubqrfb//qjEzcbrj1c/6mjhgLbKsizbumJtpQzMZ8BdLIlOlwDojPJGnz/Hl8stHH503LWXag9Aeb1vFEttS0+k+TP8QO3ZqK9N+Q9GxPH5vz/Ll1j2PgUAoB2+zcc/T682/kvjvrp0/yvmhgYi4v8RsTsi7omIPRFxb0Q17f0R8UCT+Q8ui68c/1zd3njvL1ueacjHfy8Uc1tLx39pmWSgUsT6qvXvTU6enpo8VJyToejdmsdH18jju1d++bTRtvrxX77k+ZdjwaIcf/Qse0F3Ynx2vJU617v2YcS+ntXqnyzOBCQRsTci9m3g+Pk5O/3kVwcabf/v+q9hE+aZsi8inqi1/3wsq38pWXt+cmRbTE0eGimvipV++vny643yb6n+myBv/x2rXv+L9R9I6udrZ5rP4/JvnzR8pmnm+u8t1uTX/5bkzWq4nLR9f3x29vxoxJZkfuX6sZtHK+Nl+rz+QwdX7/+7I/75vNhvf0TkF/GDEfFQRDxclP2RiHg0Ig6uUf8fXn7snY3Xv73y+p9oqv2bD1TOfP9No/zX1/5HqqGhYs16fv7VMt9WxBoXcKPnDQAAAO4kafV34JN0eDF8057YkU5Nz8w+dXL6vXMnatsGojct33T1170PHS3eDZfxsWXxw9X3xlmWZdur8eGJ6al2zakD67NzRf9P0+Hh2rbfK0vTvtiREgJt1dQ8WqMv2oA7ku81oXuto/+768Ndyv0fupf+D91rtf5/KeJGB4oC3GLu/9C99H/oXvo/dC/9H7rSOr/iv5pGNPXt/+5jrfzFgG4KVFo+TkQnCh9px0/dxgPp7VGMWmBrrL8FL0WbilH+QdDFNZ3+yQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALA5/g0AAP//el/opQ==") chmod(&(0x7f0000000180)='./file0\x00', 0x23f) 2.617496777s ago: executing program 1 (id=47): r0 = syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x64, 0x2, 0x1, 0x0, 0x40, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x80}, {0xd}, {0x6, 0x24, 0x1a, 0x1}, [@mbim_extended={0x8, 0x24, 0x1c, 0x0, 0x5, 0x7}]}, {{0x9, 0x5, 0x81, 0x3, 0x240}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x8}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000001280)={0x20, 0x80, 0x1c, {0x0, 0xd, 0x0, 0xfffc, 0x5, 0x2, 0x0, 0x6, 0x800, 0x0, 0xfff, 0x2}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 2.494666717s ago: executing program 2 (id=48): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000000d40)={0x0, 0x7000003, &(0x7f00000023c0)=[{&(0x7f0000000b40)='?', 0x1}, {0x0, 0x1}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x20001) 2.448724407s ago: executing program 2 (id=49): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x204092, &(0x7f0000000000), 0x6, 0x50d, &(0x7f00000006c0)="$eJzs3U1vI3cZAPBnHLubbQNOWw6lEtvQF2URrJM0fYk4lEbi5VQJUe7ZkDhRFCdeJU67iVaQfgIQqgCJC5y4IPEBkFA/AkKqBDcOnEAVZOmBCzIae9xNHDs4Wsezm/x+0mT+8//Hfp7HiSfzFk8AV9ZURLwdEWMR8UpElLP+QjbFYXtKv+/+0b2VdEqi2Xz3n0kkWV/3cz6VPSz1ve9E/CA5HXd3/2BzuVar7pzsPri1sbW8Xl2vbs/Pz72x8ObC6wuzA1aSFM8afToi3vrmpz/78W++/dYfvvb+35b+cfOHaVq3s/FedQxDu/RSjJ9YvjzS35tiq0IAAB4Hz0bEMxHxYkR8JcoxFmduRgMAAACPoeY3Jq51mgAAAMDlVIiIiUgKlex634koFCqV9jW8X4gnC7X6buOra/W97dV0LGIySoW1jVp1NrtWeDJKSbo812o/WH61a3k+uwb3w/L1dLk1BgAAAIzGYtf+/6fl9v4/AAAAcMn0Phk/NvI8AAAAgIvjYnwAAAC4/Oz/AwAAwKX23XfeSafm/aN7rfsArL63v7dZf+/WanV3s7K1t1JZqe/cqazX6+u1amWA/wio1et3XovtvbszjeJuY2Z3/2Bpq7633Vhq3dd7qfrMCGoCAAAATnr6hY/+kkTE4devt6bUE9lYKdfMgEdIUuzquP3lnDIBhuLcH/IztXcxiQAj1/03Hbg67OMDSXdH14bBeL9NhT92d9z4v7FscwAAQD6mv+j8P1xVhbwTAHLzk7wTAHIz8LH4qYvNAxi9ktv8wZV36vx/l/F+A6fO//fTbJ4rIQAAYOgm2rPDyM4FTkShUKl8dlowWduoVWcj4vMR8edy6Vq6PJdjvgAAAAAAAAAAAAAAAAAAAAAAAADwOGo2k2gCAAAAl1pE4e9Jdv+v6fLLE93HB55I/lNuzSPi/V+++/O7y43Gzlza/6/P+hu/yPpfzeMIBgAAAFxFpTNHO/vpnf14AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABim+0f3VjrTKON+shjXY7JX/GKMt+bjUYqIJ/+dRPHY45KIGBtC/MMPIuK5XvGTNK2YzLLojl+IiOs5x39qCPHhKvtoMSLe7vX+K8RUa977/VfMpof1yWLrTd4zfmf9N9Zn/fe5AWM8//HvZvrG/yDi+WLv9U8nftIn/ksDxr/9/YODfmPNX0dM9/z7k7RnhewbG1t3Znb3D25tbC2vV9er2/Pzc28svLnw+sLszNpGrZp97Rnjp1/6/eGHfetvBzgev1PnZDvDH/Wr/+UB6//vx3ePnm03S6fjR9x8qffP/7nWvPfrn/5OvJK9POn4dKd92G4fd+O3f7rRL7c0/mqf17/98y83H8Qvnqj/5mDlH6/5V4M9BAC4SLv7B5vLtVp1ZwSNF18b3hMmrUa6FTSi5PNudA52PCr5jOcT/VrkW/u3Hvp5OpvDD/M8fx1aXek+Q++hHFdKAADAhXiw0Z93JgAAAAAAAAAAAAAAAAAAAHB1tf7/f+ycHwT4wvk+aaw75mE+pQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnOl/AQAA//9DhsFC") r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x19, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xb, &(0x7f0000000200)="0635f699174632a0b6f33369494649d2f8ec85b76ab08ecd7a4465d64184b47019911d94f54222d501126d03866bc3894652335acc988bad81addb49adea50a5f15b7703644a96157b08", 0x4a) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000480)='ext4_read_block_bitmap_load\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x26e1, 0x0) 2.254066948s ago: executing program 2 (id=50): syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x0, &(0x7f0000000340)={[{@noblock_validity}, {@dioread_nolock}, {@noinit_itable}, {@acl}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x2c}, 0xc4, 0x452, &(0x7f0000000480)="$eJzs20tvG1UUAOAz46bvklDKow/AUBARj6RJC3TBBgRSN0hIsCjLkKZVqdugJki0qmhAqCxRfwGwROIXsIINAlYgtrBHSBXqhsICDRp7nBrHDnbs1Gn9fdIk986Mfc/xzLXvzLUDGFrl/E8SsTMifomI0YgoNe9Qrv27cf3S7F/XL80mkWWv/5HkD4s/r1+are+aFP93FJXxNCL9KIn9LdpduHDxzEylMne+qE8unn1ncuHCxWdOn505NXdq7tz00aNHDk89/9z0s33Jc1ce67735w/sPfbm1Vdnj1996/sv83h3Ftsb86gZ67nNcpSXX5Nmj/f87BvLroZysmmAgdCVvK/nh2uk2v9HoxQ3D95ovPLhQIMD1lWWZdmWFWuXRwBLGXAHS2LQEQCDUf+gz69/68stHH4M3LUXaxdAed43iqW2ZVOkxT4jTde3/VSOiONLf3+aL9HyPgQAQH99nY9/nm41/kvjvob97irmhsYi4u6I2B0R90TEnoi4N6K67/0R8UCX7Zeb6ivHPz9tW1NiHcrHfy8Uc1v/Hf/VR38xVipqu6r5jyQnT1fmDhWvyXiMbMnrU6u08c3LP3/Sblvj+C9f8vbrY8Eijt83Nd2gOzGzONNLzo2ufVC9B3h5Zf7J8kxAEhF7I2LfGp5/a0ScfvKLA+22/3/+q+jDPFP2ecQTteO/FE351yWrz09Obo3K3KHJ+lmx0g8/XnmtXfs95d8H+fHf3vL8X85/LGmcr13ovo0rv37c9ppmref/5uSNanlzse69mcXF81MRm5Olleunbz62Xq/vn+c/frB1/98d8c9nxeP2R0R+Ej8YEQ9FxMNF7I9ExKMRcXCV/L976bG3157/+srzP9HV8e++UDrz7Vft2u/s+B+plsaLNZ28/3UaYC+vHQAAANwu0up34JN0YrmcphMTte/w74ntaWV+YfGpk/PvnjtR+678WIyk9Ttdow33Q6eKe8P1+nRT/XD1vnGWZdm2an1idr6yXnPqQGd2tOn/ud9Kg44OWHddzaO1+0UbcFvye00YXvo/DC/9H4aX/g/Dq1X/vxxxYwChALeYz38YXvo/DC/9H4aX/g9DqZff9a9W2H1svZ75TiuUNkYYXRci3RBhrK2QbowwaoUtEdHpzpfjVgU26HcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/vg3AAD//zLQ7Dk=") syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8052, &(0x7f0000000000), 0x7, 0x4c6, &(0x7f0000000100)="$eJzs3EFsFFUfAPD/bFtaoHzsx8eHgqiLaGw0tlBQOJgYjCYeNDHiQY9NWwhSqKE1EUJkSQweDYl349GrB6/qzXgy8YpHE0NCDBfA05jZnW23292l3W670v5+ybLvzbzZN2/fvDdv3mMbwJZVyv5JIoYj4lZE7I6IQmOCUvXt/t2rkw/uXp2Mcpqe/ivJDot7WTyX5O8788hIIaLwebK4o87c5SvnJ2Zmpi/l8bH5Cx+PzV2+8tK5CxNnp89OXxw/efL4saMnXhl/efWFapJfVq57Bz6bPbj/rQ9vvjPZX9s+lL/Xl6NbSlFqdioVz3U7sx7bVRdO+tulfG39T4YVy67/rLoGKu1/d/RF28oDNpE0TdPB1rvLaaPry7YAj6wken0GQG/UbvTZ82/t1WwgsG19hh89d+dU9QEoK/f9/BXxdGVjbR5koOH5tptKEfFB+e+vs1es0zwEAEC9H0/VRoIN479ixL66dP/J11CKEfHfiNgTEf+LiL0R8f+opn0sIh5v+Py+iEjb5F9qiC8f/xRur62E7WXjv1fzta3F8V/Ur4IV+/LYrojagHn6SP6djMTA4JlzM9NH2+Tx0xu/fdlqX/34L3tl+dfGgvl53O5vmKCbmpif6LjADe5cjzjQ31j+pD8iWVgJSCJif0QcWMXnFuvC51749uBCZGBpuoeXvyJtuo7WhaWK9JuI56v1X44l9b+YY9J+fXJsKGamj4xlV8GRpnn88uuNd1vl/9Dyf/9H4yFvnvjhdN6y1i6r/x1113/U1m8Xy19MIpKF9dq51edx4/cvWj7TdHr9b0ver4Rrz6WfTszPXzoasS15e/n28cVja/HsPcrV8o8cbt7+9+THZN/EExGRXcRPRsRTUX1CLEV67VBEPBMRh9uU/+fXn/2o8/Kvr6z8U037vyX1v7he3yqQlKupm+zqO3/o1oMWncfK6v94JTSSb2ne/yVLuog2Z7oksNbvDwAAAB4FhYgYrptLGo5CYXS0Oge0N3YUZmbn5l88M/vJxanqbwSKMVCozXRV54MHktr8Z7EuPt4QP5bPG3/Vt70SH52cnZnqacmBnZU2nxRGF/qCavvP/NmdKWbg38xPfmDrelj733dzg04E2HDu/7B11bX/coskZf9TBjanldz/zQXC5tSs/V/r4Bjg0ZJqy7Clrab96ytgc+mP9xbChZ6eCbDR3NNhS1rRj+Q7DqSDzXcNxfLEMdT+A/uis9PY3iSvngSykVVPct/eyVG1v6bQMk0UVveBg9GdOj2z9q/l7L6uX/xpvj7W7Rr8bkPaabNA+35jfHj9+iQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBu+icAAP//KPXcbw==") sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) mount(0x0, &(0x7f0000000040)='./file0/../file0\x00', 0x0, 0x20, &(0x7f0000000140)='usrjquota=') 1.98193849s ago: executing program 2 (id=51): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000000000407d1eb42d000000090001090224000100000000090400000103000000092100000001220b0009058103"], 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r1}, 0x18) syz_usb_control_io(r0, 0x0, 0x0) close(0xffffffffffffffff) syz_usb_control_io$hid(r0, &(0x7f0000000500)={0x24, &(0x7f0000000580)=ANY=[@ANYBLOB="40004f0000004f0ed1abc63f6e866bbc4d"], 0x0, 0x0, 0x0}, 0x0) 1.711879241s ago: executing program 2 (id=52): setrlimit(0x1, &(0x7f0000006300)={0xffffffffffffffff, 0xffffffffffffffff}) r0 = open(&(0x7f0000001040)='./bus\x00', 0x60142, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) pwrite64(r1, &(0x7f0000000280)='+', 0x1, 0x0) r2 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) copy_file_range(r2, 0x0, r0, 0x0, 0x6, 0x0) 1.711769381s ago: executing program 32 (id=52): setrlimit(0x1, &(0x7f0000006300)={0xffffffffffffffff, 0xffffffffffffffff}) r0 = open(&(0x7f0000001040)='./bus\x00', 0x60142, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) pwrite64(r1, &(0x7f0000000280)='+', 0x1, 0x0) r2 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) copy_file_range(r2, 0x0, r0, 0x0, 0x6, 0x0) 1.216185934s ago: executing program 5 (id=53): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="b80000001900674c0000000000000000ff0100000000f100000000000000fc00e000000100000000000000000000000000000000000000000a0000002b0000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="b80000001900674c0000000000000000ff010000000000000000000000000001e000000100000000000000000000000000000000000000000a00000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e2ffffffffffffff000000000000000000000000000000000000000000000300000000000000000040"], 0xb8}}, 0x0) 1.198293934s ago: executing program 5 (id=54): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x15, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000100850000000100000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000010000850000008200000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000a80)={r2, 0x0, 0x0}, 0x10) 1.142850734s ago: executing program 0 (id=55): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file1'}, 0xb) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000004, 0x28011, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r1, 0x29, 0x4b, 0x0, &(0x7f0000000140)) 1.142603124s ago: executing program 5 (id=56): fchdir(0xffffffffffffffff) syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file2\x00', 0x810, &(0x7f00000018c0)=ANY=[], 0xfd, 0x1501, &(0x7f00000002c0)="$eJzs3Am4T1X3OPC19t6H62b4JpnP2uvwTYZNkoSSZEiSJCRzQpIkSZK4ZEpCEjLeJHPInG665nnInHTzSpIkJCTZ/+c2/P16h5/3fX/9/vq/d32e5zz2cs7aZ+27nu89w/Pc79ddh1VvVKNKfWaGf4f+bYC//JMEAAkAMBAAcgBAAABlc5bNmb4/i8akf+sk4n9JgxlXugJxJUn/Mzbpf8Ym/c/YpP8Zm/Q/Y5P+Z2zS/4xN+i9EhjYr39WyZdxN3v//f079T5Ll+p8h4D/aIf3/T6P/paOl/xmb9D9jk/5nbNL/jCy40gWIK0w+/xmb9F+IDO0Pf6e84dyVfqct27+wCSGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQ/w+c85cYAPhtfKXrEkIIIYQQQgghxB/Hv3ulKxBCCCGEEEIIIcT/PgQFGgwEkAkyQwJkgUS4CrJCNsgOOSAGV0NOuAZywbWQG/JAXsgH+aEAFIQQCCwwRFAICkMcroMicD0UhWJQHEqAg5JQCm6A0nAjlIGboCzcDOXgFigPFX4+Z7rboTLcAVXgTqgK1aA61IC7oCbcDbXgHqgN90IduA/qwv1QDx6A+tAAGsKD0AgegsbQBJpCM2gOLaDlZfKTc/y9/OehB7wAPaEXJEFv6AMvQl/oB/1hAAyEl2AQvAyD4RUYAkNhGLwKw+E1GAGvw0gYBaPhDRgDY2EcjIcJMBGS4U2YBG/BZHj7oWwwFabBdJgBM2EWvAOzYQ7MhXdhHsyHBZCcZREshiXwHiyF9yEFPoBl8CGkwnJYASthFayGNbAW1sF62AAbYRNshi2wFbbBR7AddsBO2AW7YQ/shY9hH3wC++FTSMPP/sX8s7/Ph24ICKhQoUGDmTATJmACJmIiZsWsmB2zYwxjmBNzYi7MhbkxN+bFvJiE+bEgFkRCQkbGQlgI4xjHIlgEi2JRLI7F0aHDUlgKS+ONWAbLYFksi+WwHJbHClgBb8VbsRJWwspYGatgFayKVbE6Vse78C68G2thLayNtbEO1sG6WBfrYT2sj/WxITbERtgIG2NjbIpNsTk2x5bYElthK2yNrbEttsV22A7bY3vsgB2wI3bETtgJO2Nn7IJdsCt2xW74HD6Hz+Pz+AK+gL2wquqNfbAP9sW+2B8H4AB8CQfhy/gyvoJDcCgOw1fxVXwNR+AZHImjcDSOxkpqLI7D8chqIiZjMmaGSTgZJ+MUnIpTcTrOwJk4C2fhbJyDc/BdnIfzcT4uxIW4GJfgElyK72MKpuAyPIupuBxX4EpchatxFa7FdbgWN+BG3ICbcTNuxa34EX6EO3AH7sJduAf34Mf4MX6Cn+AQTMM0PIAH8CAexEN4CA/jYTyCR/AoHsVjeAyP43E8gSfxFJ7E03gaz+BZPAcA5/E8XsALeBEvpn/4VTqjjMqkMqkElaASVaLKqrKq7Cq7iqmYyqlyqlwql8qtcqu8Kq/Kr/KrgqqgIkWKVaQKqUIqruKqiCqiiqqiqrgqrpxyqpQqpUqr0qqMKqPKqptVOXWLKq8qqDbuVnWrqqTausrqDlVFVVFVVTVVXdVQNVRNVVPVUrVUbVVb1VF1VF11v6qnemN/bKDSO9NIDcXGahg2Vc1Uc9VCvYYPq1ZqBLZWbVRb9agahSOxvWrlOqgnVEc1Djupp9R4fFp1UROxq3pWdVPPqe7qedVDtXY9VS81BXurPmo69lX9VH81QM3Gaiq9Y9XVK+r5zEPVMPWqWoyvqRHqdTVSjVKj1RtqjBqrxqnxaoKaqJLVm2qSektNVm+rKWqqmqamqxlqppql3lGz1Rw1V72r5qn5aoFaqBapxWqJek8tVe+rFPWBWqY+VKlquVqhVqpVarVao9aqdWq92qA2qk1qs9qitqpt6iO1Xe1QO9UutVvtUXvVx2qf+kTtV5+qNPWZOqD+og6qz9Uh9YU6rL5UR9RX6qj6Wh1T36jj6lt1Qp1Up9R36rT6Xp1RZ9U59YM6r35UF9RP6qLyCjRqpbU2OtCZdGadoLPoRH2Vzqqz6ew6h47pq3VOfY3Opa/VuXUendfk0/l1AV1Qh5q01awjXUgX1nF9nS6ir9dFdTFdXJfQTpfUpfQNurS+UZfRN+my+mZdTt+iy+sKuqIHfZuupG/XlfUduoq+U1fV1XR1XUPfpWvqu3UtfY+ure/VdfR9uq6+X9fTD+j6uoFuqB/UjfRDurFuopvqZrq5bqFb6od1K/2Ibq3b6Lb6Ud1OP6bb68d1B/2E7qif1J30U7qzflp30c/orvpZ3U0/p7vrn/RF7XVP3Usn6d66j35R99X9dH89QA/UL+lB+mU9WL+ih+iheph+VQ/Xr+kR+nU9Uo/So/Ubeoweq8fp8XqCnqiT9Zt6kn5LT9Zv6yl6qp6mp+sZeqbu/+tMc/+J/Lf+Tv7gn8++VW/TH+nteofeqXfp3XqP3qv36n16n96v9+s0naYP6AP6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+iT+gf9nT6tv9dn9Fl9Vv+gz+vz+sKvPwMwaJTRxpjAZDKZTYLJYhLNVSaryWaymxwmZq42Oc01Jpe51uQ2eUxek8/kNwVMQRMaMtawiUwhU9jEzXWmiLneFDXFTHFTwjhT0pQyN/yP8y9XX0vT0rQyrUxr09q0NW1NO9POtDftTQfTwXQ0HU0n08l0Np1NF9PFdDVdTTfTzXQ33U0P08P0ND1NkkkyfcyLpq/pZ/qbAWageckMMoPMYDPYDDFDzDAzzAw3w80IM8KMNCPNaDPajDFjzDgzzkwwE0yyz2EmmUlmsplsppgpZtrAHGaGmWFmmVlmtplt5pq5Zp6ZZxaYBWaRWWSWmCVmqVlqUkyKWWaWmVSz3Cw3K81Ks9qsNmvNWrPerDcbzUaz2Ww2qWab2Wa2m+1mp9lpdpvdZq/Za/aZfWa/2W/STJo5YA6Yg+agOWQOmcPmsDlijpij5qg5Zo6Z4+a4OWFOmFPmlDltTpsz5ow5Z86Z8+a8uWAumIvmYvptX6ACFZjABJmCTEFCkBAkBolB1iBrkD3IHsSCWJAzyBnkCq4Ncgd5grxBviB/UCAoGIQBBTbgIAoKBYWDeHBdUCS4PigaFAuKByUCF5QMSgU3BKWDG4MywU1B2eDmoFxwS1A+qBBUDG4NbgsqBbcHlYM7girBnUHVoFpQPagR3BXUDO4OagX3BLWDe4M6wX1B3eD+oF7wQFA/aBA0DB4MGgUPBY2DJkHToFnQPGgRtPxD5/f+TJ5HXM+wV5gU9g77hC+GfcN+Yf9wQDgwfCkcFL4cDg5fCYeEQ8Nh4avh8PC1cET4ejgyHBWODt8Ix4Rjw3Hh+HBCODFMDt8MJ4VvhZPDt8Mp4dRwWjA9nBHODGeF74Szwznh3PDdcF44P1wQLgwXhYtD/OWWGFLCD8Jl4Ydharg8XBGuDFeFq8M14dpwXbg+3BBuDDeFm8sO+uXQcHu4I9wZ7gp3h3vCveHH4b7wk3B/+GmYFn4WHgj/Eh4MPw8PhV+Eh8MvwyPhV+HR8OvwWPhNeDz8NjwRngxPhd+Fp8PvwzPh2fBc+EN4PvwxvBD+FF4MffrNffrlnQwZykSZKIESKJESKStlpeyUnWIUo5yUk3JRLspNuSkv5aX8lJ8KUkFKx8RUiApRnOJUhIpQUSpKxak4OXJUikpRaSpNZagMlaWyVI7KUXkqTxWpIt1Gt9HtdDvdQXfQnXQnVaNqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB7Vp/rUkBpSI2pEjakxNaWm1JyaU0tqSa2oFbWm1tSW2lI7akftqT11oA7UkTpSJ+pEnakzdaEu1JW6UjfqRt2pO/WgHtSTelISJVEf6kN9qS/1p/40kAbSIBpEg2kwDaEhNIyG0XAaTiNoBI2kUTSa3qAxNJbG0XiaQBMpmZJpEk2iyTSZptAUmkbTaAbNoFk0i2bTbJpLc2kezaMFtIAW0SJaQktoKS2lFEqhZbSMUimVVtAKWkWraA2toXW0jjbQBtpEm2gLbaFttI2203baSTtpN+2mvbSX9tE+2k/7KY3S6AAdoIN0kA7RITpMh+kIHaGjdJSO0TE6TsfpBJ2gU3SKTtNpOkNn6Bydo/P0I12gn+gieUqwWWyivcpmtdlsdpvD/nWc1+az+W0BW9CGNrfN87uYrLVFbTFb3Jawzpa0pewNfxOXtxVsRXurvc1Wsrfbyra8zQL/Na5p77a17D22tr3X1rB3/S6uY++zde1Dtp5tYuvbZrahbWEb2YdsY9vENrXNbHPbwrazj9n29nHbwT5hO9on/yZeat+36+x6u8FutPvsJ/ac/cEetV/b8/ZH29P2sgPtS3aQfdkOtq/YIXbo72MAO9q+YcfYsXacHW8n2Il/E0+z0+0MO9POsu/Y2XbO38RL7Ht2nk2xC+xCu8gu/jlOrynFfmCX2Q9tql1uV9iVdpVdbdfYtf+31pV2s91it9q99mO73e6wO+0uu9vu+TlOX8d++6lNs5/ZI/Yre9B+bg/ZY/aw/fLnOH19x+w39rj91p6wJ+0p+509bb+3Z+zZn9efvvbv7E/2ovUWGFmxZsMBZ+LMnMBZOJGv4qycjbNzDo7x1ZyTr+FcfC3n5jycl/Nxfi7ABTlkYsvMERfiwhzn67gIX89FuRgX5xLsuCSX4hu4NN/IZfgmLss3czm+hctzBa7It/JtXIlv58p8B1fhO7kqV+PqXIPv4pp8N9fie7g238t1+D6uy/dzPX6A63MDbsgPciN+iBtzE27Kzbg5t+CW/DC34ke4Nbfhtvwot+PHuD0/zh34Ce7IT3Infoo789PchZ/hrvwsd+PnuDs/zz34Be7JvTiJe3MffpH7cj/uzwN4IL/Eg/hlHsyv8BAeysP4VR7Or/EIfp1H8igezW/wGB7L43g8T+CJnMxv8iR+iyfz2zyFp/I0ns4zeCbP4nd4Ns/hufwuz+P5vIAX8iJezEv4PV7K73MKf8DL+ENO5eW8glfyKl7Na3gtr+P1vIE38ibezFt4K2/jj3g77+CdvIt38x7eyx/zPv6E9/OnnMaf8QH+Cx/kz/kQf8GH+Us+wl/xUf6aj/E3fJy/5RN8kk/xd3yav+czfJbP8Q98nn/kC/wTX2TPEGGkIh2ZKIgyRZmjhChLlBhdFWWNskXZoxxRLLo6yhldE+WKro1yR3mivFG+KH9UICoYhRFFNuIoigpFhaN4dF1UJLo+KhoVi4pHJSIXlYxKRTdEpaMbozLRTVHZ6OaoXHRLVD6qEFWMbo1uiypFt0eVozuiKtGdUdWoWlQ9qhHdFdWM7o5qRfdEtaN7ozLRfVHd6P6oXvRAVD9qEDWMHowaRQ9FjaMmUdOoWdQ8ahG1jB6OWkWPRK2jNlHb6NGoXfRY1D56POoQPRF1jJ68tL9Y8MvV9K/2J0W9I/3rG7J79KL44viS+HvxpfH34ynxD+LL4h/GU+PL4yviK+Or4qvja+Jr4+vi6+Mb4hvjm+Kb41viW+Pe18gMDtMfhMG4wGVymV2Cy+IS3VUuq8vmsrscLuaudjndNS6Xu9bldnlcXpfP5XcFXEEXOnLWsYtcIVfYxd11roi73hV1xVxxV8I5V9KVci1cS9fStXKPuNaujWvrHnWPusfcY+7xhF8Ld53cU66ze9p1cc+4Z9yzrpt7znV3z7se7gXX0/VySS7J9XF9XF/X1/V3/d1AN9ANcoPcYDfYDXFD3DA3zA13w90IN8KNdCPdaDfajXFj3Dg3zk1wE1yyS3aT3CQ32U12U9wUN81NczPcDDfLzXKz3Ww3181189w8t8AtcIvcIrfELXFL3VKX4lLcMrfMpbpUt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcdvcNrfdbXc73U632+12e91et8/tc/vdfpfm0twBd8AddAfdIfeFO+y+dEfcV+6o+9odc9+44+5bd8KddKec16fd9+6MO+vOuR/cefeju+B+chedd8mxN2OTYm/FJsfejk2JTY1Ni02PzYjNjM2KvRObHZsTmxt7NzYvNj+2ILYwtii2OLYk9l5saez9WErsg9iy2Iex1Njy2IrYytiq2OqY9wW2R76QL+zj/jpfxF/vi/pivrgv4Z0v6Uv5G3xpf6Mv42/yZf3Nvpy/xZf3FXxF38Q39c18c9/Ct/QP+1b+Ed/at/Ft/aO+nX/Mt/eP+w7+Cd/RP+k7+ad8Z/+07+Kf8V39s/N/7bLv4V/wPX0vn+R7+z7+Rd/X9/P9/QA/0L/kB/mX/WD/ih/ih/ph/lU/3L/mR/jX/Ug/yo/2b/gxfqwf58f7CX6iT/Zv+kn+LT/Zv+2n+Kl+mp/uZ/iZfpZ/x8/2c/xc/66f5+f7BX6hX+QX+yX+Pb/Uv+9T/Ad+mf/Qp/rlfoVf6Vf51X6NX+vX+fV+g9/oN/nNfovf6rf5j/x2v8Pv9Lv8br/H7/Uf+33+E7/ff+rT/Gf+gP+LP+g/94f8F/6w/9If8V/5o/5rf8x/44/7b/0Jf9Kf8t/50/57f8af9ef8D/68/9Ff8D/5i/I3a0IIIYQQ/xR9mf29/87/qV+3dH0AINuOfIf/es5NuX8Z91P7OsYA4IleXRv8tjVokJSU9OuxqRqCwgsBIHYp/+fvH/g1Xg5t4THoAG2g9N+tr5+q+PN93383f/xmgESALL/lpD8eJcJfz3/jP5i/yXt8ufkXAhQtfCkn/US/xZfmL/MP5t/T7jLzZ/k8GaD1f8nJCpfiS/OXgkfgSejwuyOFEEIIIYQQQohf9FPnu13u+Tb9+Ty/uZSTGS7Fl3s+v4zKf8QahBBCCCGEEEII8d97+rnujz/coUObzv/Jg8x/jjL+BAMEgD9BGTL48w+u9G8mIYQQQgghxB/t0k3/la5ECCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYTIuP79bwhT//TBV3qNQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghxJX2fwIAAP//5g1V0w==") mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) rename(&(0x7f0000000200)='./file0\x00', &(0x7f0000000f00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') rmdir(&(0x7f0000000040)='./control\x00') socket$inet_udp(0x2, 0x2, 0x0) 1.050018675s ago: executing program 0 (id=57): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x6, 0x4, 0x8, 0xa, 0x0, 0xffffffffffffffff, 0x1000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x9, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0xa0}, {0x4}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x9}, {0x85, 0x0, 0x0, 0x50}}}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 993.766755ms ago: executing program 0 (id=58): r0 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, 0x930, 0x2, 0x4018831, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000000)="1eb3bf65654102f4af4d221c8bd458d1e7cbdaf3657d0f34e790c85bdba7931791f6d15c3e681411f7a496c0dace6a3c242f5b016f64b4ef8a9cedaf6bec340dee49474360b24cb8", 0x0, 0x48) ppoll(&(0x7f0000000080)=[{r1, 0x80}], 0x1, 0x0, 0x0, 0x0) 931.076265ms ago: executing program 5 (id=59): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000d00000000080000000850000006d00000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'dummy0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYBLOB="28000000250039f80300"/20, @ANYRES32=r3], 0x28}}, 0x0) 880.809035ms ago: executing program 5 (id=60): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000006"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x9, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xc, 0x0, 0x7ffc1ffb}]}) ustat(0x2, &(0x7f0000000040)) 843.884396ms ago: executing program 5 (id=61): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x54c, 0x3d5, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x2, 0xc, 0x1400, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x0, '\v\tt1'}]}}, 0x0}, 0x0) 727.220206ms ago: executing program 3 (id=62): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) setsockopt(r0, 0x1, 0x10000000000009, &(0x7f0000000180)="00050002", 0x4) connect$inet6(r0, &(0x7f0000000380)={0xa, 0xfffe, 0x4, @remote, 0x9}, 0x1c) r1 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r1, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) 683.216696ms ago: executing program 3 (id=63): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x759, &(0x7f0000000080)={[], [], 0x2c}, 0x0, 0x4f8, &(0x7f0000000700)="$eJzs3EtvVGUfAPD/mbaUvtC3fXm9cVFG0dhopLRcFy6AaMLGxERjcFnbQpAChtYESCPFGEhcaPgEXnYmfgJXujFqXGjcStwaE2K6AV2YY87MmTrt6fTGtGPp75fM8JzbPM//nPMwz2VOA9iwytlbErE1In6OiJ7q4uwdytV/7k5PDv8xPTmcRJq+8ntS2e/O9ORwbdfacVvyhb5SROm9JHYWs+0cv3zl7NDY2OjFfEX/RClPnRs6PXp69PzgkSMH9ncdPjR4sClxZmW6s+OdC7u2n3j95kvDJ2++8e3nWXnTfHt9HFW9lfdNS86hrbCmHOXZ57LOU0sv+rrQXZdO2rP3UusKw5Jld212uToq9b8n2ipLVT3x4rstLRywqtI0TTsLa2e+y6bSeklSPSBNr6XAfSCJVpcAaI3aF/2d6aynOjlc7Aff324fi0oPKIv7bv6qbmmv9GDLvdW+Uccq5f9ARJyc+vOj7BXzjkMAADTXl8cibhyvtjtqr+qWUjxUt99/87mh3oj4X0Rsi4j/5+2XByMq+z4cEY/UHdO9hFmA8pzlYvvnx648Ud9cbZqs/fd8Prc1u/03U/LetnypuxJ/R3LqzNjovvyc9EVHZ7Y8UPzomWG1r1746cNG+Zfr2n/ZK8u/1hbMy/Fb+5wBupGhiaF7jbvm9rXKib1ajD+J9qSWitgeETtW8PnZOTvzzGe7Gm2fFX8WZyH+Dxp/ePsKCjRH+knE09XrPxVz4o98/i+pzE+ee6t//PKV587Uz08OHD40eLB/c4yN7uuv3RVF3/1w/eU8WehGLHD9a1VjVSfSsuv/n3nv/5mZy94sNTNfO778PK7futGwT7PS+39T8molXZufvTQ0MXFxIGJTMlVcP/jPsZeGumbtn8Xft2f++r8t4q+P8+N2RkR2Ez8aEY9FxO687I9HxBMRsWeB+L85/uSbjbqQi8e/urL4R5Z1/Rsljn4fMf+mtrNff1HI+P1yIf6OaHT9D1RSffmakaGJzYvFtVBJ6xP3fAIBAABgHdgdEVsjKe3NB5q2Rqm0d2/ElpkRlPGJZ09dePv8SPUZgd7oKNVGunrqxkMH8rHhbDk7arBuOdu+vzJunKZp2pUtZ/33se7Whg4b3pYG9T/za/GRFuB+s6x5tEZPtAHr0tz6f2vJRzb/BxnA2mrC72iAdUr9h41ryfV/tZ6CA1pmvvp/NeJuC4oCrLH56v9rhTVH16QswNrS/4eNa+X1348BYL3z/Q8b0pIekl9BYtuJBfZJ2lcn08aJUiz8VwB6I2pram2ahT/wl1JEc0rY1tRIu2Zd09K8+2yOZuQVpUX3aV/GH2JY20Tp31GMaqIzIha5e2dutqu1xJXVLlilEnza2v+dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7t3fAQAA///tUdPr") r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000580), &(0x7f00000005c0)='%pK \x00'}, 0x20) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x2a42028, 0x0) 469.444027ms ago: executing program 3 (id=64): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000340)={[{@nogrpid}, {@resuid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@jqfmt_vfsv0}, {@nombcache}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") unlink(&(0x7f0000000180)='./file1\x00') syz_mount_image$fuse(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./bus\x00', 0x0) setxattr$trusted_overlay_origin(&(0x7f0000000040)='./file0\x00', &(0x7f0000000000), &(0x7f0000000100), 0x2, 0x0) mount$overlay(0x0, &(0x7f0000000180)='./bus\x00', &(0x7f0000000400), 0x204000, &(0x7f0000000300)={[{@workdir={'workdir', 0x3d, './bus'}}, {@index_on}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}]}) 252.268469ms ago: executing program 3 (id=65): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10) syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff"], 0x0) 134.907889ms ago: executing program 4 (id=66): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000008c0)='sys_enter\x00', r1}, 0x10) times(0x0) 108.995849ms ago: executing program 0 (id=67): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x64, 0x0) 56.71281ms ago: executing program 4 (id=68): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) personality(0x400000) unshare(0x20000400) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) 0s ago: executing program 0 (id=69): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={0xffffffffffffffff, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r1 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102}) ioctl$TUNSETTXFILTER(r1, 0x401054d5, &(0x7f0000000380)=ANY=[@ANYBLOB="4504"]) kernel console output (not intermixed with test programs): [ 4.292007][ T30] audit: type=1400 audit(1731704587.706:10): avc: denied { getattr } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 4.483685][ T100] udevd[100]: starting version 3.2.11 [ 4.518162][ T101] udevd[101]: starting eudev-3.2.11 [ 12.786311][ T30] kauditd_printk_skb: 50 callbacks suppressed [ 12.786329][ T30] audit: type=1400 audit(1731704596.236:61): avc: denied { transition } for pid=224 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.796978][ T30] audit: type=1400 audit(1731704596.236:62): avc: denied { noatsecure } for pid=224 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.801139][ T30] audit: type=1400 audit(1731704596.236:63): avc: denied { write } for pid=224 comm="sh" path="pipe:[1469]" dev="pipefs" ino=1469 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 12.808843][ T30] audit: type=1400 audit(1731704596.236:64): avc: denied { rlimitinh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.813318][ T30] audit: type=1400 audit(1731704596.236:65): avc: denied { siginh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 13.657851][ T225] sshd (225) used greatest stack depth: 20480 bytes left Warning: Permanently added '10.128.0.104' (ED25519) to the list of known hosts. [ 20.183588][ T30] audit: type=1400 audit(1731704603.636:66): avc: denied { integrity } for pid=279 comm="syz-executor" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1 [ 20.210864][ T30] audit: type=1400 audit(1731704603.656:67): avc: denied { mounton } for pid=279 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 20.212381][ T279] cgroup: Unknown subsys name 'net' [ 20.234266][ T30] audit: type=1400 audit(1731704603.656:68): avc: denied { mount } for pid=279 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.260656][ T30] audit: type=1400 audit(1731704603.686:69): avc: denied { unmount } for pid=279 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.260850][ T279] cgroup: Unknown subsys name 'devices' [ 20.405176][ T279] cgroup: Unknown subsys name 'hugetlb' [ 20.410598][ T279] cgroup: Unknown subsys name 'rlimit' [ 20.574558][ T30] audit: type=1400 audit(1731704604.026:70): avc: denied { setattr } for pid=279 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.598152][ T30] audit: type=1400 audit(1731704604.026:71): avc: denied { mounton } for pid=279 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 20.622616][ T30] audit: type=1400 audit(1731704604.026:72): avc: denied { mount } for pid=279 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 20.641539][ T282] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 20.654447][ T30] audit: type=1400 audit(1731704604.106:73): avc: denied { relabelto } for pid=282 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.679755][ T30] audit: type=1400 audit(1731704604.106:74): avc: denied { write } for pid=282 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.681121][ T279] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 20.705826][ T30] audit: type=1400 audit(1731704604.126:75): avc: denied { read } for pid=279 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.216677][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.223603][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.230898][ T291] device bridge_slave_0 entered promiscuous mode [ 21.251270][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.258315][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.265945][ T291] device bridge_slave_1 entered promiscuous mode [ 21.285312][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.292273][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.299667][ T290] device bridge_slave_0 entered promiscuous mode [ 21.306470][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.313336][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.320582][ T290] device bridge_slave_1 entered promiscuous mode [ 21.390069][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.396966][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.404428][ T292] device bridge_slave_0 entered promiscuous mode [ 21.424946][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.431795][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.439113][ T292] device bridge_slave_1 entered promiscuous mode [ 21.449010][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.456043][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.463424][ T289] device bridge_slave_0 entered promiscuous mode [ 21.479055][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.486447][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.493743][ T293] device bridge_slave_0 entered promiscuous mode [ 21.503855][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.510705][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.518039][ T289] device bridge_slave_1 entered promiscuous mode [ 21.531865][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.538981][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.546321][ T293] device bridge_slave_1 entered promiscuous mode [ 21.725606][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.732471][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.739653][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.746870][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.758792][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.765755][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.772925][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.779747][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.792097][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.798989][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.806069][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.812838][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.830742][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.837623][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.844995][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.851752][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.860261][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.867131][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.874671][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.881432][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.938659][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.946431][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.953771][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.960910][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.968077][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.975743][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.982793][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.989956][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.997162][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.004732][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.011901][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.037371][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.046102][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.054208][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.061042][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.068410][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.076111][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.083670][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.091811][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.098689][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.106086][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.114103][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.120938][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.128182][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.136178][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.143320][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.150486][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.158965][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.166169][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.173515][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.181569][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.188426][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.219141][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.226771][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.234480][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.241993][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.249757][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 22.258148][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.266288][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.273267][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.280533][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.288769][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.296805][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.303645][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.310867][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 22.319047][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.327522][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.334807][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.342011][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.350119][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.357979][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.365866][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.373684][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.382018][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.390039][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.398033][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.406019][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.414012][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.421775][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.429766][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.438641][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.447236][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.455299][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.462124][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.488805][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.497493][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.505655][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.513633][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.521844][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.539972][ T289] device veth0_vlan entered promiscuous mode [ 22.546388][ T290] device veth0_vlan entered promiscuous mode [ 22.553574][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.561686][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.570341][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.578230][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.586599][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.594670][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.602585][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.610128][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.617538][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.624993][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.634310][ T293] device veth0_vlan entered promiscuous mode [ 22.646844][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.655170][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.663793][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.672606][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.680087][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.695898][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.703868][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.711695][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.719661][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.727774][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.744219][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.752310][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.761585][ T289] device veth1_macvtap entered promiscuous mode [ 22.769534][ T293] device veth1_macvtap entered promiscuous mode [ 22.778639][ T291] device veth0_vlan entered promiscuous mode [ 22.785222][ T290] device veth1_macvtap entered promiscuous mode [ 22.794950][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.802700][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.810916][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.819571][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.843728][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.851822][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.860013][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.868625][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.877029][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.885402][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.894140][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.902176][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.910711][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.919094][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.927481][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.935718][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.944050][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.952104][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.971154][ T291] device veth1_macvtap entered promiscuous mode [ 22.980671][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.988933][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.997277][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.004738][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.014058][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.022446][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.031567][ T292] device veth0_vlan entered promiscuous mode [ 23.054094][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.064491][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.072664][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.081887][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.108866][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.122070][ T292] device veth1_macvtap entered promiscuous mode [ 23.152473][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.163632][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.198639][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.226367][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.236382][ T328] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 23.503284][ T26] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 23.591786][ T355] loop2: detected capacity change from 0 to 256 [ 23.604236][ T357] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 23.645624][ T355] ======================================================= [ 23.645624][ T355] WARNING: The mand mount option has been deprecated and [ 23.645624][ T355] and is ignored by this kernel. Remove the mand [ 23.645624][ T355] option from the mount to silence this warning. [ 23.645624][ T355] ======================================================= [ 23.654765][ T365] loop4: detected capacity change from 0 to 128 [ 23.680586][ T355] exfat: Deprecated parameter 'utf8' [ 23.687276][ T363] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 23.695621][ T355] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x987a2e96, utbl_chksum : 0xe619d30d) [ 23.743136][ T26] usb 1-1: Using ep0 maxpacket: 32 [ 23.771002][ T371] loop3: detected capacity change from 0 to 512 [ 23.838477][ T371] EXT4-fs (loop3): Ignoring removed orlov option [ 23.851519][ T371] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 23.873218][ T26] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 23.881168][ T371] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 23.891754][ T26] usb 1-1: config 0 has no interface number 0 [ 23.911542][ T371] EXT4-fs (loop3): 1 orphan inode deleted [ 23.917740][ T386] loop4: detected capacity change from 0 to 128 [ 23.917740][ T371] EXT4-fs (loop3): 1 truncate cleaned up [ 23.917761][ T371] EXT4-fs (loop3): mounted filesystem without journal. Opts: discard,nombcache,debug_want_extra_isize=0x000000000000002a,stripe=0x0000000000000008,orlov,nodioread_nolock,,errors=continue. Quota mode: none. [ 23.963796][ T371] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 23.979241][ T371] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2815: Unable to expand inode 12. Delete some EAs or run e2fsck. [ 24.002270][ T386] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 24.007906][ T390] netlink: 12 bytes leftover after parsing attributes in process `syz.2.32'. [ 24.012954][ T386] ext4 filesystem being mounted at /6/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 24.021817][ T390] Zero length message leads to an empty skb [ 24.093283][ T26] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 24.118325][ T26] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 24.122646][ T397] loop2: detected capacity change from 0 to 1024 [ 24.132654][ T26] usb 1-1: Product: syz [ 24.137364][ T26] usb 1-1: Manufacturer: syz [ 24.141803][ T26] usb 1-1: SerialNumber: syz [ 24.147646][ T26] usb 1-1: config 0 descriptor?? [ 24.183859][ T26] smsc95xx v2.0.0 [ 24.192902][ T397] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 24.228984][ T311] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 24.252175][ T311] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 24.264740][ T311] EXT4-fs (loop2): This should not happen!! Data will be lost [ 24.264740][ T311] [ 24.274312][ T311] EXT4-fs (loop2): Total free blocks count 0 [ 24.280134][ T311] EXT4-fs (loop2): Free/Dirty block details [ 24.289571][ T311] EXT4-fs (loop2): free_blocks=68451041280 [ 24.301585][ T311] EXT4-fs (loop2): dirty_blocks=16 [ 24.312924][ T311] EXT4-fs (loop2): Block reservation details [ 24.318883][ T311] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 24.372676][ T425] loop2: detected capacity change from 0 to 512 [ 24.455731][ T425] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.46: attempt to clear invalid blocks 2 len 1 [ 24.469216][ T425] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 24.483906][ T20] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 24.487255][ T425] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.46: invalid indirect mapped block 1819239214 (level 0) [ 24.505857][ T425] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.46: invalid indirect mapped block 1819239214 (level 1) [ 24.520065][ T425] EXT4-fs (loop2): 1 truncate cleaned up [ 24.525934][ T425] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 24.541512][ T425] EXT4-fs warning (device loop2): dx_probe:833: inode #2: comm syz.2.46: Unrecognised inode hash code 20 [ 24.552592][ T425] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.46: Corrupt directory, running e2fsck is recommended [ 24.623160][ T26] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 24.633918][ T315] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 24.634219][ T433] loop2: detected capacity change from 0 to 512 [ 24.641284][ T26] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 24.703679][ T433] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 24.723168][ T297] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 24.735223][ T433] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #17: comm syz.2.49: iget: bad i_size value: -6917529027641081756 [ 24.748435][ T433] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.49: couldn't read orphan inode 17 (err -117) [ 24.760387][ T433] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 24.777225][ T433] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.49: bg 0: block 65: padding at end of block bitmap is not set [ 24.791583][ T433] EXT4-fs error (device loop2): ext4_acquire_dquot:6187: comm syz.2.49: Failed to acquire dquot type 0 [ 24.803823][ T433] syz.2.49 (433) used greatest stack depth: 19792 bytes left [ 24.861664][ T438] loop2: detected capacity change from 0 to 512 [ 24.873245][ T315] usb 4-1: Using ep0 maxpacket: 16 [ 24.873260][ T20] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 24.887880][ T20] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 24.953600][ T438] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 24.966662][ T438] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13 [ 24.975456][ T438] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.50: invalid indirect mapped block 2683928664 (level 1) [ 24.989789][ T438] EXT4-fs (loop2): 1 truncate cleaned up [ 24.993368][ T315] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 24.995374][ T438] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,dioread_nolock,noinit_itable,acl,jqfmt=vfsv0,usrjquota=.,,errors=continue. Quota mode: writeback. [ 25.006655][ T315] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 25.036156][ T315] usb 4-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 25.045517][ T315] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 25.049779][ T438] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 25.054337][ T315] usb 4-1: config 0 descriptor?? [ 25.070115][ T438] EXT4-fs (loop2): re-mounted. Opts: usrjquota=. Quota mode: writeback. [ 25.083343][ T297] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.084651][ T292] EXT4-fs error (device loop2): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 25.094322][ T297] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8 [ 25.117491][ T292] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:476: comm syz-executor: Invalid block bitmap block 3 in block_group 0 [ 25.126581][ T297] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 25.138455][ T20] usb 5-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 25.150444][ T292] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6185: Corrupt filesystem [ 25.156543][ T20] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 25.166333][ T292] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2219: inode #15: comm syz-executor: corrupted in-inode xattr [ 25.173048][ T20] usb 5-1: Product: syz [ 25.185482][ T292] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2219: inode #15: comm syz-executor: corrupted in-inode xattr [ 25.188469][ T20] usb 5-1: Manufacturer: syz [ 25.205043][ T20] usb 5-1: SerialNumber: syz [ 25.210281][ T20] usb 5-1: config 0 descriptor?? [ 25.233222][ T406] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 25.240152][ T406] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 25.343312][ T297] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 25.354492][ T297] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 25.365153][ T26] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000020: -71 [ 25.376165][ T297] usb 2-1: Product: syz [ 25.380152][ T297] usb 2-1: Manufacturer: syz [ 25.384951][ T26] smsc95xx: probe of 1-1:0.67 failed with error -71 [ 25.391650][ T297] usb 2-1: SerialNumber: syz [ 25.401399][ T26] usb 1-1: USB disconnect, device number 2 [ 25.414704][ T442] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.421569][ T442] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.428946][ T442] device bridge_slave_0 entered promiscuous mode [ 25.435727][ T442] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.442724][ T442] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.450034][ T442] device bridge_slave_1 entered promiscuous mode [ 25.457706][ T406] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 25.465606][ T406] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 25.518624][ T442] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.525566][ T442] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.532584][ T442] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.539403][ T442] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.562284][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.569957][ T311] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.577573][ T315] hid-multitouch 0003:1FD2:6007.0001: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.3-1/input0 [ 25.578099][ T311] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.602293][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.610481][ T311] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.617422][ T311] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.628585][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.636819][ T311] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.643677][ T311] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.657628][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.666365][ T427] raw-gadget.3 gadget: fail, usb_ep_enable returned -22 [ 25.674154][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.682580][ T427] raw-gadget.3 gadget: fail, usb_ep_enable returned -22 [ 25.697180][ T442] device veth0_vlan entered promiscuous mode [ 25.703878][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.712270][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.720386][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.727838][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.739861][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.751651][ T442] device veth1_macvtap entered promiscuous mode [ 25.761306][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.771469][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.792879][ T30] kauditd_printk_skb: 115 callbacks suppressed [ 25.792894][ T30] audit: type=1400 audit(1731704838.238:189): avc: denied { mount } for pid=442 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 25.821568][ T315] usb 4-1: USB disconnect, device number 2 [ 25.834093][ T324] device bridge_slave_1 left promiscuous mode [ 25.840348][ T324] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.841333][ T30] audit: type=1400 audit(1731704838.278:190): avc: denied { mounton } for pid=442 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=514 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 25.870637][ T30] audit: type=1400 audit(1731704838.308:191): avc: denied { create } for pid=446 comm="syz.5.53" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 25.894095][ T30] audit: type=1400 audit(1731704838.308:192): avc: denied { write } for pid=446 comm="syz.5.53" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 25.916145][ T324] device bridge_slave_0 left promiscuous mode [ 25.923341][ T20] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00 [ 25.932907][ T324] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.942979][ T324] device veth1_macvtap left promiscuous mode [ 25.944106][ T453] loop5: detected capacity change from 0 to 256 [ 25.949086][ T324] device veth0_vlan left promiscuous mode [ 25.961381][ T30] audit: type=1400 audit(1731704838.308:193): avc: denied { nlmsg_write } for pid=446 comm="syz.5.53" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 25.982678][ T30] audit: type=1400 audit(1731704838.388:194): avc: denied { execute } for pid=450 comm="syz.0.55" path="/2/cgroup.controllers" dev="tmpfs" ino=27 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 26.025024][ T30] audit: type=1400 audit(1731704838.388:195): avc: denied { getopt } for pid=450 comm="syz.0.55" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 26.057879][ T453] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 26.080095][ T30] audit: type=1400 audit(1731704838.528:196): avc: denied { create } for pid=456 comm="syz.0.58" dev="anon_inodefs" ino=15938 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 26.102780][ T30] audit: type=1400 audit(1731704838.548:197): avc: denied { ioctl } for pid=456 comm="syz.0.58" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=15938 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 26.172173][ T461] netlink: 4 bytes leftover after parsing attributes in process `syz.5.59'. [ 26.194020][ T30] audit: type=1326 audit(1731704838.648:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=462 comm="syz.5.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f726d341719 code=0x7ffc0000 [ 26.343514][ T427] raw-gadget.3 gadget: fail, usb_ep_enable returned -22 [ 26.351636][ T427] raw-gadget.3 gadget: fail, usb_ep_enable returned -22 [ 26.359199][ T20] dm9601 5-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID [ 26.370643][ T20] usb 5-1: USB disconnect, device number 2 [ 26.390759][ T469] loop3: detected capacity change from 0 to 512 [ 26.450596][ T469] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 26.460638][ T469] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e01c, mo2=0002] [ 26.468537][ T469] System zones: 1-12 [ 26.472554][ T469] EXT4-fs (loop3): orphan cleanup on readonly fs [ 26.479144][ T469] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.63: bg 0: block 361: padding at end of block bitmap is not set [ 26.493313][ T469] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6185: Corrupt filesystem [ 26.502488][ T469] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #11: comm syz.3.63: attempt to clear invalid blocks 33619980 len 1 [ 26.515698][ T428] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 26.516427][ T469] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.63: invalid indirect mapped block 1811939328 (level 0) [ 26.537299][ T469] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.63: invalid indirect mapped block 2 (level 2) [ 26.550600][ T469] EXT4-fs (loop3): 1 truncate cleaned up [ 26.556537][ T469] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,,errors=continue. Quota mode: none. [ 26.575329][ T469] EXT4-fs (loop3): ext4_remount: Checksum for group 0 failed (17031!=33349) [ 26.584228][ T297] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 26.590616][ T297] cdc_ncm 2-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 26.598217][ T297] cdc_ncm 2-1:1.0: setting rx_max = 2048 [ 26.652135][ T472] loop3: detected capacity change from 0 to 512 [ 26.733676][ T472] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 26.744976][ T472] EXT4-fs (loop3): 1 truncate cleaned up [ 26.750562][ T472] EXT4-fs (loop3): mounted filesystem without journal. Opts: nogrpid,resuid=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,jqfmt=vfsv0,nombcache,quota,,errors=continue. Quota mode: writeback. [ 26.779359][ T472] overlayfs: invalid origin (0000) [ 26.792165][ T290] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /17/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 26.814634][ T290] EXT4-fs error (device loop3): ext4_empty_dir:3175: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 26.834671][ T297] cdc_ncm 2-1:1.0: setting tx_max = 32 [ 26.835196][ T290] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /17/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 26.842766][ T297] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM, 42:42:42:42:42:42 [ 26.862935][ T290] EXT4-fs error (device loop3): ext4_empty_dir:3175: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 26.878351][ T297] usb 2-1: USB disconnect, device number 2 [ 26.902749][ T290] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /17/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 26.936577][ T290] EXT4-fs error (device loop3): ext4_empty_dir:3175: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 26.957617][ T290] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /17/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 26.963282][ T428] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.999689][ T297] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM [ 27.018337][ T290] EXT4-fs error (device loop3): ext4_empty_dir:3175: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 27.027691][ T428] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 27.056295][ T428] usb 6-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 27.065596][ T428] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.077005][ T290] EXT4-fs error (device loop3): ext4_readdir:260: inode #11: block 54: comm syz-executor: path /17/file2/lost+found: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 27.085663][ T428] usb 6-1: config 0 descriptor?? [ 27.110954][ T315] ================================================================== [ 27.119042][ T315] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x120 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 27.121229][ T290] EXT4-fs error (device loop3): ext4_empty_dir:3175: inode #11: block 54: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=5120, inode=0, rec_len=0, size=1024 fake=0 [ 27.126655][ T315] Read of size 8 at addr ffff888114564c70 by task kworker/1:3/315 [ 27.126674][ T315] [ 27.126679][ T315] CPU: 1 PID: 315 Comm: kworker/1:3 Not tainted 5.15.167-syzkaller-00002-g3bfe08931bff #0 [ 27.126700][ T315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 27.126713][ T315] Workqueue: wg-crypt-wg2 wg_packet_decrypt_worker [ 27.182192][ T315] Call Trace: [ 27.185411][ T315] [ 27.188317][ T315] dump_stack_lvl+0x151/0x1c0 [ 27.192815][ T315] ? io_uring_drop_tctx_refs+0x190/0x190 [ 27.198379][ T315] ? panic+0x760/0x760 [ 27.202286][ T315] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 27.208186][ T315] print_address_description+0x87/0x3b0 [ 27.213562][ T315] kasan_report+0x179/0x1c0 [ 27.218029][ T315] ? __kasan_check_write+0x14/0x20 [ 27.223042][ T315] ? __list_del_entry_valid+0xa6/0x120 [ 27.228346][ T315] ? __list_del_entry_valid+0xa6/0x120 [ 27.233628][ T315] __asan_report_load8_noabort+0x14/0x20 [ 27.239358][ T315] __list_del_entry_valid+0xa6/0x120 [ 27.244477][ T315] process_one_work+0x458/0xc10 [ 27.249171][ T315] worker_thread+0xad5/0x12a0 [ 27.253678][ T315] ? _raw_spin_lock+0x1b0/0x1b0 [ 27.258370][ T315] kthread+0x421/0x510 [ 27.262269][ T315] ? worker_clr_flags+0x180/0x180 [ 27.267135][ T315] ? kthread_blkcg+0xd0/0xd0 [ 27.271557][ T315] ret_from_fork+0x1f/0x30 [ 27.275928][ T315] [ 27.278807][ T315] [ 27.280958][ T315] Allocated by task 297: [ 27.285036][ T315] ____kasan_kmalloc+0xdb/0x110 [ 27.289723][ T315] __kasan_kmalloc+0x9/0x10 [ 27.294065][ T315] __kmalloc+0x13a/0x270 [ 27.298233][ T315] kvmalloc_node+0x1f0/0x4d0 [ 27.302757][ T315] alloc_netdev_mqs+0x8c/0xc90 [ 27.307342][ T315] alloc_etherdev_mqs+0x33/0x40 [ 27.312203][ T315] usbnet_probe+0x1fc/0x2840 [ 27.316648][ T315] usb_probe_interface+0x5b6/0xa90 [ 27.321588][ T315] really_probe+0x28d/0x970 [ 27.325915][ T315] __driver_probe_device+0x1a0/0x310 [ 27.331035][ T315] driver_probe_device+0x54/0x3d0 [ 27.335895][ T315] __device_attach_driver+0x2c5/0x470 [ 27.341103][ T315] bus_for_each_drv+0x183/0x200 [ 27.345875][ T315] __device_attach+0x312/0x510 [ 27.350475][ T315] device_initial_probe+0x1a/0x20 [ 27.355334][ T315] bus_probe_device+0xbe/0x1e0 [ 27.359937][ T315] device_add+0xb60/0xf10 [ 27.364101][ T315] usb_set_configuration+0x190f/0x1e80 [ 27.369779][ T315] usb_generic_driver_probe+0x8b/0x150 [ 27.375133][ T315] usb_probe_device+0x144/0x260 [ 27.379830][ T315] really_probe+0x28d/0x970 [ 27.384151][ T315] __driver_probe_device+0x1a0/0x310 [ 27.389357][ T315] driver_probe_device+0x54/0x3d0 [ 27.394218][ T315] __device_attach_driver+0x2c5/0x470 [ 27.399426][ T315] bus_for_each_drv+0x183/0x200 [ 27.404112][ T315] __device_attach+0x312/0x510 [ 27.408799][ T315] device_initial_probe+0x1a/0x20 [ 27.413787][ T315] bus_probe_device+0xbe/0x1e0 [ 27.418468][ T315] device_add+0xb60/0xf10 [ 27.422729][ T315] usb_new_device+0x1038/0x1c00 [ 27.427406][ T315] hub_event+0x2def/0x4770 [ 27.431660][ T315] process_one_work+0x6bb/0xc10 [ 27.436437][ T315] worker_thread+0xad5/0x12a0 [ 27.441033][ T315] kthread+0x421/0x510 [ 27.444940][ T315] ret_from_fork+0x1f/0x30 [ 27.449192][ T315] [ 27.451364][ T315] Freed by task 297: [ 27.455181][ T315] kasan_set_track+0x4b/0x70 [ 27.459605][ T315] kasan_set_free_info+0x23/0x40 [ 27.464387][ T315] ____kasan_slab_free+0x126/0x160 [ 27.469424][ T315] __kasan_slab_free+0x11/0x20 [ 27.474015][ T315] slab_free_freelist_hook+0xbd/0x190 [ 27.479226][ T315] kfree+0xc8/0x220 [ 27.482869][ T315] kvfree+0x35/0x40 [ 27.486685][ T315] netdev_freemem+0x3f/0x60 [ 27.491137][ T315] netdev_release+0x7f/0xb0 [ 27.495479][ T315] device_release+0x95/0x1c0 [ 27.499998][ T315] kobject_put+0x178/0x260 [ 27.504242][ T315] put_device+0x1f/0x30 [ 27.508237][ T315] free_netdev+0x34f/0x440 [ 27.512509][ T315] usbnet_disconnect+0x245/0x390 [ 27.517261][ T315] usb_unbind_interface+0x1fa/0x8c0 [ 27.522296][ T315] device_release_driver_internal+0x50b/0x7d0 [ 27.528207][ T315] device_release_driver+0x19/0x20 [ 27.533281][ T315] bus_remove_device+0x2f8/0x360 [ 27.538032][ T315] device_del+0x663/0xe90 [ 27.542177][ T315] usb_disable_device+0x380/0x720 [ 27.547041][ T315] usb_disconnect+0x32a/0x890 [ 27.551542][ T315] hub_event+0x1d42/0x4770 [ 27.555795][ T315] process_one_work+0x6bb/0xc10 [ 27.560484][ T315] worker_thread+0xe02/0x12a0 [ 27.565082][ T315] kthread+0x421/0x510 [ 27.568987][ T315] ret_from_fork+0x1f/0x30 [ 27.573254][ T315] [ 27.575501][ T315] Last potentially related work creation: [ 27.581059][ T315] kasan_save_stack+0x3b/0x60 [ 27.585568][ T315] __kasan_record_aux_stack+0xd3/0xf0 [ 27.590894][ T315] kasan_record_aux_stack_noalloc+0xb/0x10 [ 27.596544][ T315] insert_work+0x56/0x320 [ 27.600782][ T315] __queue_work+0x92a/0xcd0 [ 27.605128][ T315] queue_work_on+0x105/0x170 [ 27.609580][ T315] usbnet_link_change+0xeb/0x100 [ 27.614464][ T315] usbnet_probe+0x1dcb/0x2840 [ 27.619050][ T315] usb_probe_interface+0x5b6/0xa90 [ 27.623920][ T315] really_probe+0x28d/0x970 [ 27.628353][ T315] __driver_probe_device+0x1a0/0x310 [ 27.633467][ T315] driver_probe_device+0x54/0x3d0 [ 27.638498][ T315] __device_attach_driver+0x2c5/0x470 [ 27.643716][ T315] bus_for_each_drv+0x183/0x200 [ 27.648482][ T315] __device_attach+0x312/0x510 [ 27.653080][ T315] device_initial_probe+0x1a/0x20 [ 27.658203][ T315] bus_probe_device+0xbe/0x1e0 [ 27.662808][ T315] device_add+0xb60/0xf10 [ 27.667053][ T315] usb_set_configuration+0x190f/0x1e80 [ 27.672559][ T315] usb_generic_driver_probe+0x8b/0x150 [ 27.677843][ T315] usb_probe_device+0x144/0x260 [ 27.682528][ T315] really_probe+0x28d/0x970 [ 27.686869][ T315] __driver_probe_device+0x1a0/0x310 [ 27.692385][ T315] driver_probe_device+0x54/0x3d0 [ 27.697244][ T315] __device_attach_driver+0x2c5/0x470 [ 27.702449][ T315] bus_for_each_drv+0x183/0x200 [ 27.707132][ T315] __device_attach+0x312/0x510 [ 27.711736][ T315] device_initial_probe+0x1a/0x20 [ 27.716593][ T315] bus_probe_device+0xbe/0x1e0 [ 27.721313][ T315] device_add+0xb60/0xf10 [ 27.725445][ T315] usb_new_device+0x1038/0x1c00 [ 27.730136][ T315] hub_event+0x2def/0x4770 [ 27.734385][ T315] process_one_work+0x6bb/0xc10 [ 27.739072][ T315] worker_thread+0xad5/0x12a0 [ 27.743585][ T315] kthread+0x421/0x510 [ 27.747500][ T315] ret_from_fork+0x1f/0x30 [ 27.751753][ T315] [ 27.754000][ T315] The buggy address belongs to the object at ffff888114564000 [ 27.754000][ T315] which belongs to the cache kmalloc-4k of size 4096 [ 27.767897][ T315] The buggy address is located 3184 bytes inside of [ 27.767897][ T315] 4096-byte region [ffff888114564000, ffff888114565000) [ 27.781306][ T315] The buggy address belongs to the page: [ 27.786777][ T315] page:ffffea0004515800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x114560 [ 27.796831][ T315] head:ffffea0004515800 order:3 compound_mapcount:0 compound_pincount:0 [ 27.805297][ T315] flags: 0x4000000000010200(slab|head|zone=1) [ 27.811200][ T315] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043380 [ 27.819650][ T315] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 27.828029][ T315] page dumped because: kasan: bad access detected [ 27.834301][ T315] page_owner tracks the page as allocated [ 27.840194][ T315] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 297, ts 25465161687, free_ts 25312374417 [ 27.862405][ T315] post_alloc_hook+0x1a3/0x1b0 [ 27.867000][ T315] prep_new_page+0x1b/0x110 [ 27.871337][ T315] get_page_from_freelist+0x3550/0x35d0 [ 27.876722][ T315] __alloc_pages+0x27e/0x8f0 [ 27.881146][ T315] new_slab+0x9a/0x4e0 [ 27.885049][ T315] ___slab_alloc+0x39e/0x830 [ 27.889475][ T315] __slab_alloc+0x4a/0x90 [ 27.893904][ T315] __kmalloc+0x16d/0x270 [ 27.898157][ T315] kvmalloc_node+0x1f0/0x4d0 [ 27.902783][ T315] alloc_netdev_mqs+0x8c/0xc90 [ 27.907379][ T315] alloc_etherdev_mqs+0x33/0x40 [ 27.912068][ T315] usbnet_probe+0x1fc/0x2840 [ 27.916577][ T315] usb_probe_interface+0x5b6/0xa90 [ 27.921527][ T315] really_probe+0x28d/0x970 [ 27.925866][ T315] __driver_probe_device+0x1a0/0x310 [ 27.931099][ T315] driver_probe_device+0x54/0x3d0 [ 27.935960][ T315] page last free stack trace: [ 27.940564][ T315] free_unref_page_prepare+0x7c8/0x7d0 [ 27.945856][ T315] free_unref_page+0xe8/0x750 [ 27.950367][ T315] __free_pages+0x61/0xf0 [ 27.954532][ T315] __free_slab+0xec/0x1d0 [ 27.958730][ T315] discard_slab+0x29/0x40 [ 27.962866][ T315] __slab_free+0x205/0x290 [ 27.967129][ T315] ___cache_free+0x109/0x120 [ 27.971732][ T315] qlink_free+0x4d/0x90 [ 27.975710][ T315] qlist_free_all+0x44/0xb0 [ 27.980050][ T315] kasan_quarantine_reduce+0x15a/0x180 [ 27.985344][ T315] __kasan_slab_alloc+0x2f/0xe0 [ 27.990062][ T315] slab_post_alloc_hook+0x53/0x2c0 [ 27.994986][ T315] kmem_cache_alloc+0xf5/0x200 [ 27.999579][ T315] __alloc_skb+0xbe/0x550 [ 28.003765][ T315] inet_netconf_notify_devconf+0x173/0x220 [ 28.009487][ T315] inetdev_event+0x79d/0x10a0 [ 28.013986][ T315] [ 28.016363][ T315] Memory state around the buggy address: [ 28.021916][ T315] ffff888114564b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.030095][ T315] ffff888114564b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.038053][ T315] >ffff888114564c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.046031][ T315] ^ [ 28.054120][ T315] ffff888114564c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.062230][ T315] ffff888114564d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.070392][ T315] ================================================================== [ 28.078466][ T315] Disabling lock debugging due to kernel taint [ 28.233228][ T428] usb 6-1: can't set config #0, error -71 [ 28.259200][ T428] usb 6-1: USB disconnect, device number 2 [ 29.144508][ T494] device bridge_slave_1 left promiscuous mode [ 29.150607][ T494] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.158008][ T494] device bridge_slave_0 left promiscuous mode [ 29.164087][ T494] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.171874][ T494] device veth1_macvtap left promiscuous mode [ 29.178127][ T494] device veth0_vlan left promiscuous mode [ 30.724100][ T494] device bridge_slave_1 left promiscuous mode [ 30.730143][ T494] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.737502][ T494] device bridge_slave_0 left promiscuous mode [ 30.743727][ T494] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.752246][ T494] device bridge_slave_1 left promiscuous mode [ 30.758281][ T494] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.765949][ T494] device bridge_slave_0 left promiscuous mode [ 30.771873][ T494] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.779709][ T494] device bridge_slave_1 left promiscuous mode [ 30.785854][ T494] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.793175][ T494] device bridge_slave_0 left promiscuous mode [ 30.799121][ T494] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.807659][ T494] device veth1_macvtap left promiscuous mode [ 30.813882][ T494] device veth0_vlan left promiscuous mode [ 30.819700][ T494] device veth1_macvtap left promiscuous mode [ 30.826154][ T494] device veth0_vlan left promiscuous mode [ 30.831955][ T494] device veth1_macvtap left promiscuous mode [ 30.837846][ T494] device veth0_vlan left promiscuous mode