last executing test programs: 2.017619117s ago: executing program 0 (id=346): syz_emit_ethernet(0x90, 0x0, &(0x7f0000000440)={0x0, 0x4, [0x7b5, 0x987, 0xce8, 0xa89]}) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000440)) 1.672086103s ago: executing program 4 (id=353): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000020b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xc5fffffd) 1.646898823s ago: executing program 4 (id=355): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a000000020000000900000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x18) r2 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$selinux_access(r2, &(0x7f0000000280)={'system_u:object_r:sudo_exec_t:s0', 0x20, 'unconfined', 0x20, 0x966f}, 0x41) 1.623924244s ago: executing program 4 (id=356): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x7fdf, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfe}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = dup2(r1, r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) utimensat(0xffffffffffffff9c, &(0x7f0000002240)='.\x00', 0x0, 0x100) 1.589183334s ago: executing program 1 (id=358): r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0xb}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET={0x18, 0x2, 0x0, 0x1, {0x14, 0x1, 0x0, 0x1, [{0x8, 0x14}, {0x8}]}}]}]}, 0x3c}}, 0x0) 1.581473554s ago: executing program 4 (id=359): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@resgid}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x562, &(0x7f0000000440)="$eJzs3d9rW+UbAPDnpO1+f7/rYAwVkcIuHMyla+uPCV7MS9HhQG+8miE9K6PpMpp0rHXgduFuvJEheOFAvNd7L4f/gH/FQIdDRvHGm8hJT7quSdasy9rMfD5w2vfNe5L3PDnnefOenIQEMLQmsj+FiJcj4psk4nBEJHnbaOSNE2vrrT68Xs6WJBqNT/5KsvX2R0S59Vit+x3MKy9FxK9fRZwstPdbW16ZL1Uq6WJe3xsLVyZryyunLi2U5tK59PL0zMyZt2am333n7b7E2fhy7f/Hdz848/Xx1e9+vn/kdhJn41DensXVh25ubKxMxET+nIzF2U0rTvWhs0GS7PYGsC0jeZ6PRTYGHI6RPOuB/77sZbEBDKlE/sOQas0DWuf2fToPfmE8eH/tBKg9/tG190ZiX/Pc6MBq8tiZUXa+O96H/rM+fvnjzu1sif69DwGwpRs3I+L06Gj7+Jfk49/2ne5hnc19GP9g59zN5j9vdJr/FNbnP9Fh/nOwQ+5ux9b5X7jfh266yuZ/73Wc/65ftBofyWv/a875xpKLlyppNrb9PyJOxNjerP6k6zlnVu81urVtnP9lS9Z/ay6Yb8f90b2P32e2VC89S8wbPbgZ8UrH+W+yvv+TDvs/ez7O99jHsfTOa93ato7/+Wr8GPF6x/3/6IpWVpqsd70+Odk8HiZbR0W7v28d+61b/7sdf7b/Dzw5/vFk4/Xa2tP38cO+f9K8uG9z22PxR+/H/57k02Z5T37btVK9vjgVsSf5qP326Uf3bdVb62fxnzj+5PGv0/G/PyI+7zH+W0d/erVb2yDs/9mn2v9PX7j34Rffd+u/t/HvzWbpRH5LL+Nfrxv4LM8dAAAAAAAADJpCRByKpFBcLxcKxeLa5zuOxoFCpVqrn7xYXbo8G83vyo7HWKF1pfvwhs9DTOWfh23VpzfVZyLiSER8O7K/WS+Wq5XZ3Q4eAAAAAAAAAAAAAAAAAAAABsTBLt//z/w+0rb6Z3/u/CYCz5Of/IbhtWX+9+OXnoCB5PUfhpf8h+El/2F4yX8YXvIfhpf8h+El/2F4yX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoq/PnzmVLY/Xh9XJWn726vDRfvXpqNq3NFxeWysVydfFKca5anaukxXJ1YavHq1SrV6amY+naZD2t1SdryysXFqpLl+sXLi2U5tIL6diORAUAAAAAAAAAAAAAAAAAAAAvltryynypUkkXFRS2VRgdjM1Q6HNht0cmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHjk3wAAAP//cHo1gQ==") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x2, 0x0) chdir(&(0x7f0000000000)='./file0\x00') unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) 1.573506225s ago: executing program 1 (id=360): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, 0x0}], 0x1, 0x51, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000005700)={{0x0, 0x0, 0x80, {0x100000, 0xdddd0000, 0x3}}, "cb31455c9e9d288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97af85a08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1fa80dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9ff7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839793647016932c70685752851327f1837d2f1e9d8f93443a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812edbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e77503000cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d03ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e50100cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105acdc978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c4ad8c81d77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa710c3e20fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362eb5bf86fce896dbc2a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca433d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eeae43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc245e748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc1016821c013109f34aece6183994b853d0e9561375c02cdd26b1b5511ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"}) 1.477634736s ago: executing program 4 (id=361): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000010100008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18020000f9ffffff0000000000000000850000004100000095000000000000003d789ade838a5adf0c21f97a9d6f55528c474cb385573d9fd2aff88c497a5d0ab93dbb1df77098cacd277206f0902cf2c1d66e1ef4fe6deeaf8739f048bff4c9d61b5c334ef7384130fd875789e46307b8f29c46149360bea59a42011aabc5001093a06d23b6cf4f033c6000c3ab63ee036fe7023574b86c8964c32f955d410083f7567735a2ca0100000000000000c644e801f17579bac767236f2b3addb04f55cee250cb376879ae14b9e1ab98703bc7db41925c55b0a4141ae3c08d264831d0f6365469c35621850000f6ff86fce6cc0c5880ac0000000000000000000000000000000000317dc59df6de3bfd0d7f785ff1e9606c84574e4b80937ae83516d820278c4c3fda817aeb17be0cca599b7c4bf6350dcb747508404034d9478ff88e1cbfe43f46a1a5d9239e393f2bb309160118a787cb0c64b606ffe744f79c1bba0ca081302b0f04e377f1b6a3646cbe934ef6ad95d4f160a9dcc9550f9777ca5d2daa2b239547f27a221d2eefb2c40ffe95c97ce091b7c2a8c0471b9124af726edb5a3b9aba486b93cb5ea7fff68f53401f8e826d5afbb98ed8b015dc328a507d15260a18a79110e68f1d43dad73121b60ec43e98e3f522b61a4f8fc0ba0257e8fd5ac428b986c49c76395b5a51c2c75d8c1453771915705bd0925cf573b0a9c01d8e552fe288d3c0433cbe801747f335448deb0e7164f6df7d3554bc66ff51352f912d76519aa6291fe7e72402000000e85552c5c049dde27c529ddc77c8a4490492a6deb8108c14ac9a261e2d990f65ea36f217783759c06e37c3a2f3b0b3c3893700152cdca1a4a045b3645b827c989b6a42f3a19d7df9b6c176a209afe66b38ab5a44bffc22ff89f0f03345e2f83f38b01df7ad086b462aad68f9fdf167f53fac61f511bf206de4eaf6d3eabde1bbe1077c3df5ff031bb8e9fc7f562c68e71db1dc7e61eb73a7b068ed9782ab069743d99dfe6209bd936d3e706df924e7043c5a66b730b6c64b6df44ad36788bd93ac57fd67baf927ec64f9ba759e7d4ed9bcf1a33ca39864d3bde66ad03a491ddfd17a3189ad7340ef90306e8dca300131219a55bbbd21289cf14fe40ef8fad89488df3503a766a8edf43bf816f4a5f0d8b1a0c183575a1589994054af2338e49a18186b94de6151107353eccd2817a075f9c4da88c31af5af5c981c6d72edb4df8b352a7d339e903a81b3c4eb51d8a286d0505cf8ee7c0daba3c2beb61865ee571a16cfb00e798972daa234a0f055e33ea334d85a01d6f53da316813ea458430671b5eb59007a3e0a359aeb67a512576c942d187e5e9a905b18a303303e05266ecd0ab77f0ef4ae42d4c8d21c65fcedc6876ff46bde2e2fa8c262b489edf06065535cb58820cfc9d3c1a939770dde5e4fbfd085a7"], &(0x7f0000000240)='syzkaller\x00', 0x4, 0xff0, &(0x7f000062b000)=""/4080, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x3d) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0xa0001f98, 0x0, 0x0, 0x0, 0x0, 0xa70a, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.420826427s ago: executing program 1 (id=362): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) r1 = dup(r0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001240)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000f1ffff000000000000100000850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000000e, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x101}, 0x18) ioctl$PTP_EXTTS_REQUEST2(r1, 0x43403d05, 0x0) 1.408539997s ago: executing program 1 (id=363): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000100)={'syz0\x00', {0x0, 0x0, 0x0, 0xfffd}, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x3], [0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x200, 0x0, 0x0, 0x20000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}, 0x45c) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000580)=""/104, 0x18}], 0x1) write$input_event(r0, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) 1.327341098s ago: executing program 4 (id=364): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x141200) ioctl$HIDIOCSREPORT(r1, 0x400c4808, &(0x7f0000000000)={0x3, 0x1, 0x9}) 1.320504728s ago: executing program 32 (id=364): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x141200) ioctl$HIDIOCSREPORT(r1, 0x400c4808, &(0x7f0000000000)={0x3, 0x1, 0x9}) 1.318309199s ago: executing program 1 (id=366): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=@newlink={0x44, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_SNOOPING={0x5}, @IFLA_BR_AGEING_TIME={0x8, 0x4, 0x81}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x840}, 0x4) 1.300703499s ago: executing program 1 (id=367): bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4f3, 0x755, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000000)={0x2c, &(0x7f0000000040)={0x20, 0x12, 0x7, {0x7, 0x1, "00f4000000"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x4282) 1.172245161s ago: executing program 0 (id=371): r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000380), 0x88b02, 0x0) lseek(r0, 0x2, 0x2) write$evdev(r0, 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), r0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) 1.150433542s ago: executing program 0 (id=372): r0 = io_uring_setup(0x2e31, &(0x7f0000000780)={0x0, 0x579d, 0x1, 0x0, 0x2c}) close_range(r0, 0xffffffffffffffff, 0x0) io_setup(0x7f, &(0x7f0000000300)=0x0) clock_gettime(0x0, &(0x7f0000000000)) io_pgetevents(r1, 0x1, 0x1, &(0x7f0000000580)=[{}], 0x0, 0x0) 517.449012ms ago: executing program 5 (id=376): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file0\x00', 0x810410, &(0x7f0000000000)=ANY=[@ANYRES8=0x0], 0x2, 0x1d6, &(0x7f0000000200)="$eJzsmb/P0kAYx7937Quvb4yJi4OLg68Ro5S2qGEhBhN3E/DXJpFK0AIGagIkDsTFxdHBxNV/wMHBycHNzVUHNTFxkNG55o5re7ZAwKmJz2c4vvfc3XPPHfAloSAI4r/l+7ffX59frbUuADiKQxRV/KeRzOHa/C8vH59/Ub/26s3n1x8Gx55cSedjAMJw+/2PAHjfMBBEnRSH6rUFHusb4Din9C0wnFH6LjhuKu2B4Y7SDzQ9jPbwPeve0O/c7/meLRpHNK5oqvr+JoDFnKEDYF+eLQyZNj6ezh62fd8bpcVeGO2TGdpVbLo/WV+Do676oj7xft1+9nQuKrZU3NbuzwGHo3QVDE2layjCsqzkSrTznzST/MY258+DOF7ORRkk8iVYOiK+0HHkxOLdx+yqH3kp/h+ENC4AmaFPB7vkEQ7wd6SgTGDlqsSfmAmc1fzJhBn7RyXoP6qMp7Nyr9/uel1v4LrVy/ZF277kVqQRLdsN/rcv/elAy7+XtUhJgRUwaQfByJkAwciJ++6y1Ry3+Xb4S67h0v84SqeXOcRHRR67uLqe6LeBSy16JWNt8QRBEARBEARBEARBEARBEDtxCkz+C6oeVIVrcK/L2X8CAAD//+lAY1E=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fadvise64(r0, 0x100000000, 0xff36, 0x3) 461.411193ms ago: executing program 5 (id=377): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) ioctl$MON_IOCX_MFETCH(r1, 0xc0109207, &(0x7f0000000180)={0x0, 0x0, 0xfffffffd}) 254.874137ms ago: executing program 5 (id=383): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r0}, 0x18) r1 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$restrict_keyring(0x1d, r1, 0x0, 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000040)='asymmetric\x00', &(0x7f0000000000)=@chain) 249.450446ms ago: executing program 0 (id=384): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a00000001000000e27f000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffad, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r1}, 0x10) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000740), 0x80000002, r0}, 0x38) 198.654117ms ago: executing program 3 (id=386): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x8, 0x0, &(0x7f0000000200)=[@acquire], 0x0, 0x0, 0x0}) 157.433968ms ago: executing program 3 (id=387): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002d40)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94) r0 = io_uring_setup(0x6ddd, &(0x7f00000002c0)={0x0, 0x200000, 0x0, 0x800000, 0xf3}) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r0, 0xd, &(0x7f0000000140)={0x7, 0x0, 0x0, 0x0}, 0x20) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r0, 0xe, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000040)=[{0x0, 0xffffffff00000005}], &(0x7f0000000180)=[0xffffffff, 0x7fffffff, 0x2, 0x6, 0x101, 0x1], 0x7}, 0x20) 156.626498ms ago: executing program 5 (id=388): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) getgid() 108.509148ms ago: executing program 5 (id=390): r0 = epoll_create1(0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000000)={0x1}) close_range(r0, 0xffffffffffffffff, 0x0) 105.723079ms ago: executing program 3 (id=391): r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) getgroups(0x2, &(0x7f0000001080)=[0xee01, 0xffffffffffffffff]) keyctl$chown(0x4, r0, 0xee01, r1) keyctl$setperm(0x5, r0, 0x3220120) keyctl$KEYCTL_MOVE(0x1e, r0, 0x0, 0x0, 0x1) 98.379139ms ago: executing program 2 (id=392): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x3, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x2b, &(0x7f00000004c0)=0x8, 0x4) sendto$packet(r0, 0x0, 0x0, 0x24002014, &(0x7f0000000540)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 92.538389ms ago: executing program 0 (id=393): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r1}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 77.265939ms ago: executing program 3 (id=394): socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18) syz_emit_ethernet(0xc2, &(0x7f0000000140)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb4, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x24, 0x0, {0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @local, @dev={0xac, 0x14, 0x14, 0x1d}, {[@cipso={0x86, 0x71, 0x0, [{0x0, 0xc, "e256b28c59881681fb52"}, {0x0, 0x9, "020007651442eb"}, {0x5, 0xe, "7434954373561de584b703c8"}, {0x0, 0x9, "e706d30bd224f8"}, {0x0, 0x7, "cfa11cab1a"}, {0x2, 0x10, "8475be675de6a70a05a0dc91e5c6"}, {0x0, 0xa, "6580a5e97612fe86"}, {0x0, 0x12, "73bc2300ad9d19a30000000000000000"}, {0x0, 0xc, "c8f46976e79e56c7a95e"}]}, @cipso={0x86, 0xc, 0x0, [{0x0, 0x6, "7f36c525"}]}]}}, "0ea40000"}}}}}, 0x0) 68.94286ms ago: executing program 2 (id=395): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000006c0)='sys_enter\x00', r1}, 0x18) msync(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x5) 68.413829ms ago: executing program 0 (id=396): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000140)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x9, 0x0, 0x1, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x800}, {0xd, 0x24, 0xf, 0x1, 0x8d2b, 0x886, 0x9, 0x81}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x1, 0x4, 0xf0}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x0, 0x5, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x2, 0x6, 0x9}}}}}}}]}}, 0x0) socket$igmp(0x2, 0x3, 0x2) ioctl$EVIOCRMFF(r0, 0x4004550d, 0x0) 51.51012ms ago: executing program 2 (id=397): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000002c0)='mm_page_alloc\x00', r0}, 0x10) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fsetxattr$system_posix_acl(r1, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000008"], 0xfe44, 0x0) 48.40723ms ago: executing program 3 (id=398): r0 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x2) connect$vsock_stream(r0, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) shutdown(r0, 0x1) poll(&(0x7f0000000180)=[{r0}, {r0, 0x500}], 0x2, 0x2) 22.93601ms ago: executing program 2 (id=399): r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0) fcntl$setlease(r0, 0x400, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fcntl$lock(r1, 0x25, &(0x7f00000002c0)) close(0x3) 19.39482ms ago: executing program 2 (id=400): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002200)=ANY=[], 0x20}}, 0x0) openat$ptp0(0xffffff9c, 0x0, 0x140, 0x0) r0 = creat(&(0x7f0000000140)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10) syz_io_uring_setup(0x2406, &(0x7f0000000040)={0x0, 0x0, 0x32, 0x0, 0xffffffff, 0x0, r0}, &(0x7f00000000c0), &(0x7f0000ffc000)) 13.406321ms ago: executing program 3 (id=401): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) syz_clone(0x24001100, 0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) 3.39109ms ago: executing program 2 (id=402): io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xb, 0x3d3}) r0 = io_uring_setup(0x4dc2, &(0x7f0000000200)={0x0, 0x40, 0x100, 0x0, 0x20}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000180)=[0xffffffffffffffff], 0x1) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x18, &(0x7f0000000000), 0x1) 0s ago: executing program 5 (id=403): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) lchown(0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.67' (ED25519) to the list of known hosts. [ 23.824275][ T28] audit: type=1400 audit(1744879669.401:66): avc: denied { mounton } for pid=283 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 23.825657][ T283] cgroup: Unknown subsys name 'net' [ 23.846773][ T28] audit: type=1400 audit(1744879669.401:67): avc: denied { mount } for pid=283 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.873667][ T28] audit: type=1400 audit(1744879669.431:68): avc: denied { unmount } for pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.873859][ T283] cgroup: Unknown subsys name 'devices' [ 24.014423][ T283] cgroup: Unknown subsys name 'hugetlb' [ 24.019845][ T283] cgroup: Unknown subsys name 'rlimit' [ 24.125847][ T28] audit: type=1400 audit(1744879669.701:69): avc: denied { setattr } for pid=283 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 24.147692][ T286] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 24.148949][ T28] audit: type=1400 audit(1744879669.701:70): avc: denied { mounton } for pid=283 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 24.181795][ T28] audit: type=1400 audit(1744879669.701:71): avc: denied { mount } for pid=283 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 24.204754][ T28] audit: type=1400 audit(1744879669.741:72): avc: denied { relabelto } for pid=286 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.209827][ T283] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 24.230038][ T28] audit: type=1400 audit(1744879669.741:73): avc: denied { write } for pid=286 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.263750][ T28] audit: type=1400 audit(1744879669.781:74): avc: denied { read } for pid=283 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.289046][ T28] audit: type=1400 audit(1744879669.781:75): avc: denied { open } for pid=283 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 25.090629][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.097703][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.105169][ T293] device bridge_slave_0 entered promiscuous mode [ 25.112076][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.119121][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.126489][ T293] device bridge_slave_1 entered promiscuous mode [ 25.182203][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.189128][ T295] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.196582][ T295] device bridge_slave_0 entered promiscuous mode [ 25.214433][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.221282][ T295] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.228603][ T295] device bridge_slave_1 entered promiscuous mode [ 25.247583][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.254478][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.261731][ T294] device bridge_slave_0 entered promiscuous mode [ 25.277746][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.284648][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.291926][ T294] device bridge_slave_1 entered promiscuous mode [ 25.353652][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.360516][ T296] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.367883][ T296] device bridge_slave_0 entered promiscuous mode [ 25.389146][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.396080][ T296] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.403552][ T296] device bridge_slave_1 entered promiscuous mode [ 25.502701][ T297] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.509563][ T297] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.516919][ T297] device bridge_slave_0 entered promiscuous mode [ 25.524931][ T297] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.531777][ T297] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.539125][ T297] device bridge_slave_1 entered promiscuous mode [ 25.631415][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.638371][ T296] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.645480][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.652255][ T296] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.661596][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.668480][ T295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.675690][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.682546][ T295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.694024][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.700886][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.708018][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.714781][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.755222][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.763320][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.770322][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.777570][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.784898][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.792366][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.800816][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 25.808180][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.843095][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.850599][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 25.859262][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.867356][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.874312][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.881939][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.890189][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.897052][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.904282][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 25.912485][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.920416][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.927268][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.935794][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 25.966100][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.973645][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.982167][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.990355][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.997221][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.006241][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.014271][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.021105][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.028603][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.036664][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.043518][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.050809][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.058688][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.066728][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.073582][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.080764][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.088709][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.096611][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.132449][ T293] device veth0_vlan entered promiscuous mode [ 26.139653][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 26.148297][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.156817][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.163693][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.171244][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 26.179613][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.187993][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 26.195861][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.203793][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 26.211621][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.219721][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 26.227794][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.235637][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 26.243595][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.251297][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 26.259459][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.267663][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 26.275120][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 26.287060][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 26.295341][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.311793][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 26.320278][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.330945][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 26.339105][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.353776][ T293] device veth1_macvtap entered promiscuous mode [ 26.365174][ T296] device veth0_vlan entered promiscuous mode [ 26.372962][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 26.380510][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 26.387930][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 26.397634][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 26.405834][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.416680][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.424931][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.439487][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 26.448126][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.456439][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 26.464412][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.473019][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 26.480319][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 26.489278][ T294] device veth0_vlan entered promiscuous mode [ 26.497095][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.505349][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.523493][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 26.531384][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.543323][ T296] device veth1_macvtap entered promiscuous mode [ 26.561195][ T293] request_module fs-gadgetfs succeeded, but still no fs? [ 26.563556][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 26.575761][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 26.583408][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 26.591353][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.599693][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 26.607246][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 26.614596][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.621789][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 26.630436][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.638747][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.645592][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.653027][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.661146][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.669677][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.677998][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.688822][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 26.696972][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 26.705395][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.713673][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.720516][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.729183][ T295] device veth0_vlan entered promiscuous mode [ 26.760945][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 26.769429][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.786033][ T295] device veth1_macvtap entered promiscuous mode [ 26.800229][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 26.800520][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.800772][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.801010][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.801289][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.801556][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.801822][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.808465][ T294] device veth1_macvtap entered promiscuous mode [ 26.815192][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 26.821290][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.821608][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 26.843041][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.918750][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.927607][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.952048][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.961465][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.980572][ T297] device veth0_vlan entered promiscuous mode [ 27.003705][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.038926][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.048505][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.056482][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.066380][ T297] device veth1_macvtap entered promiscuous mode [ 27.078443][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 27.087050][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.062244][ C1] sched: RT throttling activated [ 28.086219][ T343] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 28.119716][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.339863][ T375] syz.3.22 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 28.492333][ T24] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 28.508724][ T389] loop4: detected capacity change from 0 to 2048 [ 28.632284][ T333] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 28.682384][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 28.688451][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 28.698202][ T24] usb 3-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00 [ 28.707162][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.716046][ T24] usb 3-1: config 0 descriptor?? [ 28.722120][ T24] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 28.813433][ T333] usb 4-1: config 0 has an invalid descriptor of length 232, skipping remainder of the config [ 28.823825][ T333] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 28.837000][ T333] usb 4-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00 [ 28.846006][ T333] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.857858][ T333] usb 4-1: config 0 descriptor?? [ 28.936223][ T404] loop4: detected capacity change from 0 to 40427 [ 28.943210][ T28] kauditd_printk_skb: 55 callbacks suppressed [ 28.943225][ T28] audit: type=1400 audit(1744879674.521:131): avc: denied { mounton } for pid=403 comm="syz.4.36" path="/15/file1" dev="tmpfs" ino=95 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 28.948533][ T404] F2FS-fs (loop4): fault_type options not supported [ 28.981694][ T404] F2FS-fs (loop4): invalid crc value [ 28.989186][ T404] F2FS-fs (loop4): Found nat_bits in checkpoint [ 28.997753][ T406] overlayfs: missing 'lowerdir' [ 29.046169][ T404] F2FS-fs (loop4): Start checkpoint disabled! [ 29.053481][ T404] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 29.060935][ T28] audit: type=1400 audit(1744879674.631:132): avc: denied { mount } for pid=403 comm="syz.4.36" name="/" dev="loop4" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 29.114804][ T28] audit: type=1400 audit(1744879674.681:133): avc: denied { create } for pid=376 comm="syz.3.24" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 29.159045][ T28] audit: type=1400 audit(1744879674.681:134): avc: denied { write } for pid=376 comm="syz.3.24" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 29.206877][ T411] loop1: detected capacity change from 0 to 40427 [ 29.217292][ T411] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 29.224971][ T411] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 29.233602][ T333] usb 4-1: string descriptor 0 read error: -71 [ 29.239742][ T411] F2FS-fs (loop1): invalid crc value [ 29.245307][ T333] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 29.253148][ T333] usb 4-1: USB disconnect, device number 2 [ 29.264030][ T28] audit: type=1400 audit(1744879674.681:135): avc: denied { nlmsg_write } for pid=376 comm="syz.3.24" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 29.275040][ T8] kworker/u4:0: attempt to access beyond end of device [ 29.275040][ T8] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 29.289467][ T28] audit: type=1400 audit(1744879674.731:136): avc: denied { write } for pid=403 comm="syz.4.36" name="/" dev="loop4" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 29.323102][ T411] F2FS-fs (loop1): Found nat_bits in checkpoint [ 29.368008][ T28] audit: type=1400 audit(1744879674.731:137): avc: denied { add_name } for pid=403 comm="syz.4.36" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 29.390064][ T28] audit: type=1400 audit(1744879674.731:138): avc: denied { create } for pid=403 comm="syz.4.36" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 29.410254][ T28] audit: type=1400 audit(1744879674.731:139): avc: denied { write open } for pid=403 comm="syz.4.36" path="/15/file1/file0" dev="loop4" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 29.433268][ T28] audit: type=1400 audit(1744879674.731:140): avc: denied { ioctl } for pid=403 comm="syz.4.36" path="/15/file1/file0" dev="loop4" ino=10 ioctlcmd=0xf50d scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 29.457013][ T411] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 29.464001][ T411] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 29.563723][ T420] syz.0.42 (420) used greatest stack depth: 21320 bytes left [ 29.753711][ T467] loop1: detected capacity change from 0 to 256 [ 29.827948][ T467] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 30.018199][ T509] loop0: detected capacity change from 0 to 2048 [ 30.030091][ T509] EXT4-fs: Ignoring removed orlov option [ 30.067279][ T527] netlink: 32 bytes leftover after parsing attributes in process `syz.3.63'. [ 30.092071][ T527] netlink: 32 bytes leftover after parsing attributes in process `syz.3.63'. [ 30.167734][ T509] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 30.196762][ T509] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 30.214778][ T509] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 30.227252][ T509] EXT4-fs (loop0): This should not happen!! Data will be lost [ 30.227252][ T509] [ 30.241439][ T509] EXT4-fs (loop0): Total free blocks count 0 [ 30.247483][ T509] EXT4-fs (loop0): Free/Dirty block details [ 30.255244][ T509] EXT4-fs (loop0): free_blocks=2415919104 [ 30.282146][ T509] EXT4-fs (loop0): dirty_blocks=32 [ 30.290036][ T509] EXT4-fs (loop0): Block reservation details [ 30.297021][ T509] EXT4-fs (loop0): i_reserved_data_blocks=2 [ 30.297669][ T558] netlink: 12 bytes leftover after parsing attributes in process `syz.3.66'. [ 30.374547][ T445] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 65793 with max blocks 1 with error 28 [ 30.558770][ T598] incfs: Options parsing error. -22 [ 30.566966][ T598] incfs: mount failed -22 [ 30.690857][ T614] netlink: 'syz.4.82': attribute type 1 has an invalid length. [ 30.698610][ T614] netlink: 'syz.4.82': attribute type 2 has an invalid length. [ 30.707472][ T614] netlink: 'syz.4.82': attribute type 1 has an invalid length. [ 30.715676][ T614] netlink: 'syz.4.82': attribute type 2 has an invalid length. [ 30.769776][ T620] netlink: 20 bytes leftover after parsing attributes in process `syz.4.86'. [ 30.783828][ T620] netlink: 20 bytes leftover after parsing attributes in process `syz.4.86'. [ 30.805414][ T623] 9p: Unknown access argument ÿ: -22 [ 30.898819][ T636] input: syz1 as /devices/virtual/input/input4 [ 30.931835][ T319] udevd[319]: setting owner of /dev/input/event3 to uid=0, gid=104 failed: No such file or directory [ 31.055167][ T663] Driver unsupported XDP return value 0 on prog (id 45) dev N/A, expect packet loss! [ 31.164520][ T680] device ip6tnl1 entered promiscuous mode [ 31.186588][ T298] usb 3-1: USB disconnect, device number 2 [ 31.262276][ T6] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 31.351754][ T694] loop1: detected capacity change from 0 to 256 [ 31.363646][ T694] ======================================================= [ 31.363646][ T694] WARNING: The mand mount option has been deprecated and [ 31.363646][ T694] and is ignored by this kernel. Remove the mand [ 31.363646][ T694] option from the mount to silence this warning. [ 31.363646][ T694] ======================================================= [ 31.422137][ T672] loop0: detected capacity change from 0 to 40427 [ 31.439322][ T672] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 31.452082][ T672] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 31.453463][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 31.460937][ T672] F2FS-fs (loop0): heap/no_heap options were deprecated [ 31.480493][ T672] F2FS-fs (loop0): invalid crc value [ 31.486063][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 31.495865][ T6] usb 5-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 31.496749][ T672] F2FS-fs (loop0): Found nat_bits in checkpoint [ 31.504920][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 31.522665][ T694] FAT-fs (loop1): Directory bread(block 64) failed [ 31.541622][ T6] usb 5-1: config 0 descriptor?? [ 31.546458][ T694] FAT-fs (loop1): Directory bread(block 65) failed [ 31.552909][ T694] FAT-fs (loop1): Directory bread(block 66) failed [ 31.572383][ T694] FAT-fs (loop1): Directory bread(block 67) failed [ 31.578808][ T694] FAT-fs (loop1): Directory bread(block 68) failed [ 31.599034][ T694] FAT-fs (loop1): Directory bread(block 69) failed [ 31.605473][ T694] FAT-fs (loop1): Directory bread(block 70) failed [ 31.612345][ T694] FAT-fs (loop1): Directory bread(block 71) failed [ 31.619094][ T694] FAT-fs (loop1): Directory bread(block 72) failed [ 31.625907][ T694] FAT-fs (loop1): Directory bread(block 73) failed [ 31.632525][ T672] F2FS-fs (loop0): Start checkpoint disabled! [ 31.647295][ T672] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 31.662281][ T672] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 31.732639][ T672] syz.0.111: attempt to access beyond end of device [ 31.732639][ T672] loop0: rw=2049, sector=77824, nr_sectors = 136 limit=40427 [ 31.780067][ T672] syz.0.111: attempt to access beyond end of device [ 31.780067][ T672] loop0: rw=0, sector=77952, nr_sectors = 8 limit=40427 [ 31.842867][ T593] kworker/u4:101: attempt to access beyond end of device [ 31.842867][ T593] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 32.093547][ T720] loop3: detected capacity change from 0 to 128 [ 32.114211][ T722] incfs: Options parsing error. -22 [ 32.122675][ T322] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 32.124455][ T722] incfs: mount failed -22 [ 32.224655][ T735] bridge0: port 3(vlan2) entered blocking state [ 32.242642][ T735] bridge0: port 3(vlan2) entered disabled state [ 32.249274][ T735] device vlan2 entered promiscuous mode [ 32.256504][ T735] bridge0: mtu less than device minimum [ 32.585773][ T298] usb 5-1: USB disconnect, device number 2 [ 32.704770][ T777] loop3: detected capacity change from 0 to 16 [ 32.728990][ T777] erofs: (device loop3): mounted with root inode @ nid 36. [ 32.782373][ T6] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 32.844143][ T787] bridge_slave_0: default FDB implementation only supports local addresses [ 32.901090][ T793] capability: warning: `syz.2.164' uses 32-bit capabilities (legacy support in use) [ 32.949483][ T760] loop1: detected capacity change from 0 to 40427 [ 32.972687][ T760] F2FS-fs (loop1): invalid crc value [ 32.988700][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 33.001402][ T760] F2FS-fs (loop1): Found nat_bits in checkpoint [ 33.004513][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 33.024532][ T6] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 33.037330][ T6] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 33.046230][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 33.068472][ T6] usb 1-1: config 0 descriptor?? [ 33.085505][ T760] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 33.226655][ T295] syz-executor: attempt to access beyond end of device [ 33.226655][ T295] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 33.272288][ T39] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 33.392690][ T825] tipc: Started in network mode [ 33.397429][ T825] tipc: Node identity ac14140f, cluster identity 4711 [ 33.432601][ T825] tipc: New replicast peer: 255.255.255.255 [ 33.442825][ T825] tipc: Enabled bearer , priority 10 [ 33.462370][ T39] usb 4-1: Using ep0 maxpacket: 16 [ 33.469185][ T39] usb 4-1: config 0 has an invalid interface number: 105 but max is 0 [ 33.477835][ T6] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 33.487230][ T39] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 33.498071][ T6] plantronics 0003:047F:FFFF.0002: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 33.507317][ T39] usb 4-1: config 0 has no interface number 0 [ 33.523885][ T39] usb 4-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 33.550996][ T39] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.569288][ T39] usb 4-1: Product: syz [ 33.573507][ T39] usb 4-1: Manufacturer: syz [ 33.600387][ T39] usb 4-1: SerialNumber: syz [ 33.611032][ T39] usb 4-1: config 0 descriptor?? [ 33.632563][ T39] usb 4-1: Found UVC 0.00 device syz (046d:08d3) [ 33.638765][ T39] usb 4-1: No valid video chain found. [ 33.755792][ T6] usb 1-1: USB disconnect, device number 2 [ 34.271613][ T28] kauditd_printk_skb: 81 callbacks suppressed [ 34.271628][ T28] audit: type=1400 audit(1744879679.841:222): avc: denied { read } for pid=880 comm="syz.4.202" name="usbmon0" dev="devtmpfs" ino=155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 34.308861][ T883] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=883 comm=syz.0.203 [ 34.320793][ T28] audit: type=1400 audit(1744879679.881:223): avc: denied { open } for pid=880 comm="syz.4.202" path="/dev/usbmon0" dev="devtmpfs" ino=155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 34.344887][ T28] audit: type=1400 audit(1744879679.881:224): avc: denied { ioctl } for pid=880 comm="syz.4.202" path="/dev/usbmon0" dev="devtmpfs" ino=155 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 34.387031][ T28] audit: type=1400 audit(1744879679.961:225): avc: denied { validate_trans } for pid=889 comm="syz.0.206" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 34.407874][ T28] audit: type=1400 audit(1744879679.961:226): avc: denied { write } for pid=891 comm="syz.2.207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 34.562262][ T6] tipc: Node number set to 2886997007 [ 34.641203][ T28] audit: type=1400 audit(1744879680.211:227): avc: denied { read write } for pid=925 comm="syz.2.224" name="binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 34.642413][ T927] binder: 925:927 ioctl c0306201 200000000080 returned -14 [ 34.681145][ T28] audit: type=1400 audit(1744879680.211:228): avc: denied { open } for pid=925 comm="syz.2.224" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 34.708725][ T932] syz.2.226 uses obsolete (PF_INET,SOCK_PACKET) [ 34.714262][ T28] audit: type=1400 audit(1744879680.211:229): avc: denied { ioctl } for pid=925 comm="syz.2.224" path="/dev/binderfs/binder0" dev="binder" ino=16 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 34.746327][ T28] audit: type=1400 audit(1744879680.321:230): avc: denied { write } for pid=933 comm="syz.1.227" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 34.766109][ T28] audit: type=1400 audit(1744879680.321:231): avc: denied { read } for pid=933 comm="syz.1.227" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 34.823359][ T941] loop1: detected capacity change from 0 to 128 [ 34.832574][ T941] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 34.841536][ T941] ext4 filesystem being mounted at /42/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 34.884461][ T295] EXT4-fs (loop1): unmounting filesystem. [ 34.935242][ T957] xt_hashlimit: size too large, truncated to 1048576 [ 35.060945][ T965] loop0: detected capacity change from 0 to 512 [ 35.075234][ T965] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 35.103363][ T965] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 35.120271][ T967] netlink: 8 bytes leftover after parsing attributes in process `syz.2.240'. [ 35.132860][ T965] EXT4-fs (loop0): 1 truncate cleaned up [ 35.139472][ T965] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 35.196724][ T293] EXT4-fs (loop0): unmounting filesystem. [ 35.249512][ T981] netem: change failed [ 35.293375][ T987] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=on. [ 35.394469][ T1005] loop1: detected capacity change from 0 to 512 [ 35.432391][ T1005] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #3: comm syz.1.257: corrupted inode contents [ 35.458806][ T1005] EXT4-fs error (device loop1): ext4_dirty_inode:6091: inode #3: comm syz.1.257: mark_inode_dirty error [ 35.488243][ T1005] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #3: comm syz.1.257: corrupted inode contents [ 35.500192][ T1005] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #3: comm syz.1.257: mark_inode_dirty error [ 35.511797][ T1005] EXT4-fs error (device loop1): ext4_acquire_dquot:6782: comm syz.1.257: Failed to acquire dquot type 0 [ 35.523489][ T1005] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #16: comm syz.1.257: corrupted inode contents [ 35.535319][ T1005] EXT4-fs error (device loop1): ext4_dirty_inode:6091: inode #16: comm syz.1.257: mark_inode_dirty error [ 35.542749][ T1018] netlink: 24 bytes leftover after parsing attributes in process `syz.0.262'. [ 35.556049][ T1005] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #16: comm syz.1.257: corrupted inode contents [ 35.585526][ T1022] netlink: 8 bytes leftover after parsing attributes in process `syz.2.264'. [ 35.586746][ T1005] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #16: comm syz.1.257: mark_inode_dirty error [ 35.608260][ T1005] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #16: comm syz.1.257: corrupted inode contents [ 35.624106][ T1005] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 35.632826][ T1005] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #16: comm syz.1.257: corrupted inode contents [ 35.644558][ T1022] netlink: 8 bytes leftover after parsing attributes in process `syz.2.264'. [ 35.653625][ T1005] EXT4-fs error (device loop1): ext4_truncate:4313: inode #16: comm syz.1.257: mark_inode_dirty error [ 35.664722][ T1005] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 35.684216][ T1005] EXT4-fs (loop1): 1 truncate cleaned up [ 35.689715][ T1005] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 35.698709][ T1005] ext4 filesystem being mounted at /48/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 35.752127][ T1005] syz.1.257 (1005) used greatest stack depth: 19752 bytes left [ 35.766835][ T295] EXT4-fs (loop1): unmounting filesystem. [ 35.966148][ T1049] syz.4.277[1049] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 35.966226][ T1049] syz.4.277[1049] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 35.999239][ T19] usb 4-1: USB disconnect, device number 3 [ 36.010414][ T1056] loop1: detected capacity change from 0 to 256 [ 36.133164][ T1072] loop1: detected capacity change from 0 to 256 [ 36.175622][ T1072] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e0d861, utbl_chksum : 0xe619d30d) [ 36.309877][ T1095] device vlan2 entered promiscuous mode [ 36.324106][ T1095] device gretap0 entered promiscuous mode [ 36.337634][ T1085] netlink: 96 bytes leftover after parsing attributes in process `syz.2.294'. [ 36.340138][ T1100] loop1: detected capacity change from 0 to 128 [ 36.364689][ T1100] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 36.482843][ T519] Bluetooth: hci0: Frame reassembly failed (-84) [ 36.506851][ T1125] loop1: detected capacity change from 0 to 4096 [ 36.517433][ T1125] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 36.539554][ T295] EXT4-fs (loop1): unmounting filesystem. [ 36.622259][ T39] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 36.687686][ T1144] loop0: detected capacity change from 0 to 512 [ 36.706274][ T1144] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 36.715425][ T1144] ext4 filesystem being mounted at /60/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 36.748448][ T293] EXT4-fs (loop0): unmounting filesystem. [ 36.848744][ T1152] loop1: detected capacity change from 0 to 40427 [ 36.857215][ T1152] F2FS-fs (loop1): invalid crc value [ 36.882550][ T1152] F2FS-fs (loop1): Found nat_bits in checkpoint [ 36.944747][ T39] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 36.952366][ T1152] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 36.982333][ T39] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 36.995678][ T39] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.004309][ T39] usb 5-1: Product: syz [ 37.008385][ T39] usb 5-1: Manufacturer: syz [ 37.013027][ T39] usb 5-1: SerialNumber: syz [ 37.023866][ T1160] input: syz0 as /devices/virtual/input/input8 [ 37.246606][ T1180] loop1: detected capacity change from 0 to 512 [ 37.255574][ T1180] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.334: casefold flag without casefold feature [ 37.270449][ T1180] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.334: couldn't read orphan inode 15 (err -117) [ 37.282511][ T1180] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 37.320403][ T295] EXT4-fs (loop1): unmounting filesystem. [ 37.358229][ T39] cdc_ncm 5-1:1.0: bind() failure [ 37.368853][ T39] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 37.391794][ T39] cdc_ncm 5-1:1.1: bind() failure [ 37.397775][ T39] usb 5-1: USB disconnect, device number 3 [ 37.825642][ T1226] loop1: detected capacity change from 0 to 1024 [ 37.833397][ T1226] EXT4-fs: Ignoring removed orlov option [ 37.839841][ T1226] EXT4-fs (loop1): Test dummy encryption mode enabled [ 37.848377][ T1226] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 37.865857][ T1226] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 37.876821][ T1231] futex_wake_op: syz.4.353 tries to shift op by -1; fix this program [ 37.890498][ T295] EXT4-fs (loop1): unmounting filesystem. [ 37.929989][ T1237] syz.1.357[1237] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 37.930068][ T1237] syz.1.357[1237] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 37.975393][ T1243] loop4: detected capacity change from 0 to 1024 [ 37.993291][ T1243] EXT4-fs: Ignoring removed nobh option [ 37.998861][ T1243] EXT4-fs: Ignoring removed bh option [ 38.006596][ T1243] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 38.024107][ T1243] EXT4-fs error (device loop4): ext4_orphan_get:1426: comm syz.4.359: bad orphan inode 32767 [ 38.034375][ T1243] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 38.047420][ T1243] incfs: ino conflict with backing FS 2 [ 38.138006][ T1252] input: syz0 as /devices/virtual/input/input9 [ 38.154385][ T294] EXT4-fs (loop4): unmounting filesystem. [ 38.160094][ T519] tipc: Disabling bearer [ 38.165483][ T519] tipc: Left network mode [ 38.270615][ T1261] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 38.284802][ T1261] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 38.366810][ T1264] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.373939][ T1264] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.381330][ T1264] device bridge_slave_0 entered promiscuous mode [ 38.388632][ T1264] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.396439][ T1264] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.404005][ T1264] device bridge_slave_1 entered promiscuous mode [ 38.461178][ T1264] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.468062][ T1264] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.475249][ T1264] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.482016][ T1264] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.502357][ T1122] Bluetooth: hci0: command 0x1003 tx timeout [ 38.506478][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.508220][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 38.515765][ T6] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 38.527445][ T1120] Bluetooth: hci0: Opcode 0x0c20 failed: -22 [ 38.535782][ T593] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.543265][ T593] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.563865][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.573074][ T593] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.579961][ T593] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.589232][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.597597][ T593] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.604473][ T593] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.626073][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.634122][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.648722][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.664502][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.682894][ T1264] device veth0_vlan entered promiscuous mode [ 38.689559][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 38.697310][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 38.703401][ T6] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 38.718874][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 38.722658][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.735808][ T6] usb 2-1: config 0 descriptor?? [ 38.742192][ T1264] device veth1_macvtap entered promiscuous mode [ 38.749805][ T519] device bridge_slave_1 left promiscuous mode [ 38.756768][ T519] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.765922][ T519] device bridge_slave_0 left promiscuous mode [ 38.769087][ T1278] loop3: detected capacity change from 0 to 40427 [ 38.771991][ T519] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.786510][ T519] device veth1_macvtap left promiscuous mode [ 38.790366][ T1278] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 38.792440][ T519] device veth0_vlan left promiscuous mode [ 38.800360][ T1278] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 38.814630][ T1278] F2FS-fs (loop3): invalid crc value [ 38.821575][ T1278] F2FS-fs (loop3): Found nat_bits in checkpoint [ 38.876794][ T1278] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 38.884622][ T1278] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 38.930356][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 38.948282][ T593] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.045717][ T1286] loop3: detected capacity change from 0 to 512 [ 39.046215][ T1288] loop5: detected capacity change from 0 to 16 [ 39.060225][ T1288] erofs: (device loop5): mounted with root inode @ nid 36. [ 39.075884][ T1286] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 39.085093][ T1286] ext4 filesystem being mounted at /60/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.152619][ T1286] EXT4-fs (loop3): re-mounted. Quota mode: writeback. [ 39.166065][ T296] EXT4-fs (loop3): unmounting filesystem. [ 39.181680][ T6] hid-generic 0003:04F3:0755.0003: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0 [ 39.330367][ T1312] usb usb8: usbfs: process 1312 (syz.2.385) did not claim interface 0 before use [ 39.348925][ T28] kauditd_printk_skb: 69 callbacks suppressed [ 39.348942][ T28] audit: type=1400 audit(1744879684.921:299): avc: denied { set_context_mgr } for pid=1313 comm="syz.3.386" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 39.388448][ T6] usb 2-1: USB disconnect, device number 2 [ 39.496609][ T28] audit: type=1400 audit(1744879685.071:300): avc: denied { shutdown } for pid=1339 comm="syz.3.398" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 39.552560][ T39] ================================================================== [ 39.560462][ T39] BUG: KASAN: use-after-free in enqueue_timer+0xa6/0x480 [ 39.567313][ T39] Write of size 8 at addr ffff888138048a00 by task kworker/1:1/39 [ 39.574944][ T39] [ 39.577121][ T39] CPU: 1 PID: 39 Comm: kworker/1:1 Not tainted 6.1.129-syzkaller-00013-g6684cdb34eae #0 [ 39.586661][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 39.596562][ T39] Workqueue: ipv6_addrconf addrconf_dad_work [ 39.602378][ T39] Call Trace: [ 39.605495][ T39] [ 39.608278][ T39] dump_stack_lvl+0x151/0x1b7 [ 39.612788][ T39] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 39.618082][ T39] ? _printk+0xd1/0x111 [ 39.622079][ T39] ? __virt_addr_valid+0x242/0x2f0 [ 39.627023][ T39] print_report+0x158/0x4e0 [ 39.631362][ T39] ? __virt_addr_valid+0x242/0x2f0 [ 39.636312][ T39] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 39.642589][ T39] ? enqueue_timer+0xa6/0x480 [ 39.647449][ T39] kasan_report+0x13c/0x170 [ 39.651877][ T39] ? enqueue_timer+0xa6/0x480 [ 39.656466][ T39] __asan_report_store8_noabort+0x17/0x20 [ 39.662023][ T39] enqueue_timer+0xa6/0x480 [ 39.666381][ T39] __mod_timer+0x8d3/0xcf0 [ 39.670613][ T39] ? ip6_output+0x1f7/0x4c0 [ 39.675212][ T39] ? mod_timer_pending+0x30/0x30 [ 39.679986][ T39] ? __kasan_check_write+0x14/0x20 [ 39.684933][ T39] ? try_to_grab_pending+0x1de/0x5d0 [ 39.690052][ T39] ? ip6_output+0x4c0/0x4c0 [ 39.694394][ T39] add_timer+0x68/0x80 [ 39.698297][ T39] __queue_delayed_work+0x16d/0x1f0 [ 39.703351][ T39] mod_delayed_work_on+0xee/0x190 [ 39.708196][ T39] ? __queue_delayed_work+0x1f0/0x1f0 [ 39.713421][ T39] ? __kasan_check_write+0x14/0x20 [ 39.718346][ T39] ? _raw_spin_lock+0xa4/0x1b0 [ 39.722949][ T39] ? _raw_spin_trylock_bh+0x190/0x190 [ 39.728159][ T39] addrconf_mod_dad_work+0x81/0x120 [ 39.733208][ T39] addrconf_dad_work+0xa0b/0x16b0 [ 39.738050][ T39] ? ipv6_get_saddr_eval+0xf00/0xf00 [ 39.743168][ T39] ? __kasan_check_write+0x14/0x20 [ 39.748116][ T39] ? pwq_activate_inactive_work+0x366/0x4a0 [ 39.753847][ T39] ? __kasan_check_read+0x11/0x20 [ 39.758708][ T39] ? read_word_at_a_time+0x12/0x20 [ 39.763651][ T39] ? strscpy+0x9c/0x260 [ 39.767644][ T39] process_one_work+0x73d/0xcb0 [ 39.772339][ T39] worker_thread+0xa60/0x1260 [ 39.776858][ T39] kthread+0x26d/0x300 [ 39.780841][ T39] ? worker_clr_flags+0x1a0/0x1a0 [ 39.785816][ T39] ? kthread_blkcg+0xd0/0xd0 [ 39.790247][ T39] ret_from_fork+0x1f/0x30 [ 39.794602][ T39] [ 39.797463][ T39] [ 39.799632][ T39] Allocated by task 1120: [ 39.803801][ T39] kasan_set_track+0x4b/0x70 [ 39.808224][ T39] kasan_save_alloc_info+0x1f/0x30 [ 39.813171][ T39] __kasan_kmalloc+0x9c/0xb0 [ 39.817598][ T39] __kmalloc+0xb4/0x1e0 [ 39.821588][ T39] hci_alloc_dev_priv+0x27/0x1c00 [ 39.826535][ T39] hci_uart_tty_ioctl+0x401/0xa70 [ 39.831396][ T39] tty_ioctl+0x903/0xc50 [ 39.835475][ T39] __se_sys_ioctl+0x114/0x190 [ 39.839992][ T39] __x64_sys_ioctl+0x7b/0x90 [ 39.844501][ T39] x64_sys_call+0x98/0x9a0 [ 39.848851][ T39] do_syscall_64+0x3b/0xb0 [ 39.853095][ T39] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 39.858831][ T39] [ 39.860994][ T39] Freed by task 1120: [ 39.864815][ T39] kasan_set_track+0x4b/0x70 [ 39.869242][ T39] kasan_save_free_info+0x2b/0x40 [ 39.874099][ T39] ____kasan_slab_free+0x131/0x180 [ 39.879046][ T39] __kasan_slab_free+0x11/0x20 [ 39.883645][ T39] __kmem_cache_free+0x21d/0x410 [ 39.888419][ T39] kfree+0x7a/0xf0 [ 39.891986][ T39] hci_release_dev+0x14d3/0x1640 [ 39.896751][ T39] bt_host_release+0x83/0xa0 [ 39.901181][ T39] device_release+0x95/0x1c0 [ 39.905615][ T39] kobject_put+0x178/0x260 [ 39.909880][ T39] put_device+0x1f/0x30 [ 39.913953][ T39] hci_dev_cmd+0x2be/0x9b0 [ 39.918190][ T39] hci_sock_ioctl+0x415/0x7f0 [ 39.922701][ T39] sock_do_ioctl+0x152/0x450 [ 39.927129][ T39] sock_ioctl+0x455/0x740 [ 39.931294][ T39] __se_sys_ioctl+0x114/0x190 [ 39.935807][ T39] __x64_sys_ioctl+0x7b/0x90 [ 39.940234][ T39] x64_sys_call+0x98/0x9a0 [ 39.944487][ T39] do_syscall_64+0x3b/0xb0 [ 39.949001][ T39] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 39.954824][ T39] [ 39.956987][ T39] Last potentially related work creation: [ 39.962542][ T39] kasan_save_stack+0x3b/0x60 [ 39.967202][ T39] __kasan_record_aux_stack+0xb4/0xc0 [ 39.972519][ T39] kasan_record_aux_stack_noalloc+0xb/0x10 [ 39.978164][ T39] insert_work+0x56/0x310 [ 39.982338][ T39] __queue_work+0x9b6/0xd70 [ 39.987014][ T39] queue_work_on+0x105/0x170 [ 39.991439][ T39] __hci_cmd_sync_sk+0xc2a/0xf70 [ 39.996210][ T39] hci_cmd_sync_status+0x52/0x130 [ 40.001076][ T39] hci_dev_cmd+0x771/0x9b0 [ 40.005330][ T39] hci_sock_ioctl+0x415/0x7f0 [ 40.009843][ T39] sock_do_ioctl+0x152/0x450 [ 40.014274][ T39] sock_ioctl+0x455/0x740 [ 40.018431][ T39] __se_sys_ioctl+0x114/0x190 [ 40.022945][ T39] __x64_sys_ioctl+0x7b/0x90 [ 40.027382][ T39] x64_sys_call+0x98/0x9a0 [ 40.031710][ T39] do_syscall_64+0x3b/0xb0 [ 40.035960][ T39] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 40.041691][ T39] [ 40.043860][ T39] Second to last potentially related work creation: [ 40.050283][ T39] kasan_save_stack+0x3b/0x60 [ 40.054793][ T39] __kasan_record_aux_stack+0xb4/0xc0 [ 40.060183][ T39] kasan_record_aux_stack_noalloc+0xb/0x10 [ 40.065820][ T39] insert_work+0x56/0x310 [ 40.070255][ T39] __queue_work+0x9b6/0xd70 [ 40.074595][ T39] queue_work_on+0x105/0x170 [ 40.079008][ T39] hci_cmd_timeout+0x199/0x200 [ 40.083744][ T39] process_one_work+0x73d/0xcb0 [ 40.088439][ T39] worker_thread+0xa60/0x1260 [ 40.092940][ T39] kthread+0x26d/0x300 [ 40.096844][ T39] ret_from_fork+0x1f/0x30 [ 40.101106][ T39] [ 40.103266][ T39] The buggy address belongs to the object at ffff888138048000 [ 40.103266][ T39] which belongs to the cache kmalloc-8k of size 8192 [ 40.117152][ T39] The buggy address is located 2560 bytes inside of [ 40.117152][ T39] 8192-byte region [ffff888138048000, ffff88813804a000) [ 40.130431][ T39] [ 40.132600][ T39] The buggy address belongs to the physical page: [ 40.138855][ T39] page:ffffea0004e01200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x138048 [ 40.148918][ T39] head:ffffea0004e01200 order:3 compound_mapcount:0 compound_pincount:0 [ 40.157075][ T39] flags: 0x4000000000010200(slab|head|zone=1) [ 40.162985][ T39] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043500 [ 40.171406][ T39] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 40.179817][ T39] page dumped because: kasan: bad access detected [ 40.186073][ T39] page_owner tracks the page as allocated [ 40.191618][ T39] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 1085, tgid 1084 (syz.2.294), ts 36285194871, free_ts 36243825612 [ 40.213924][ T39] post_alloc_hook+0x213/0x220 [ 40.218526][ T39] prep_new_page+0x1b/0x110 [ 40.222865][ T39] get_page_from_freelist+0x3a98/0x3b10 [ 40.228244][ T39] __alloc_pages+0x234/0x610 [ 40.232670][ T39] alloc_slab_page+0x6c/0xf0 [ 40.237099][ T39] new_slab+0x90/0x3e0 [ 40.241004][ T39] ___slab_alloc+0x6f9/0xb80 [ 40.245432][ T39] __slab_alloc+0x5d/0xa0 [ 40.249609][ T39] __kmem_cache_alloc_node+0x207/0x2a0 [ 40.254890][ T39] __kmalloc+0xa3/0x1e0 [ 40.258881][ T39] ops_init+0x8e/0x480 [ 40.262787][ T39] setup_net+0x4ca/0xd60 [ 40.266867][ T39] copy_net_ns+0x35f/0x5b0 [ 40.271120][ T39] create_new_namespaces+0x416/0x670 [ 40.276240][ T39] unshare_nsproxy_namespaces+0x126/0x180 [ 40.281796][ T39] ksys_unshare+0x545/0x980 [ 40.286137][ T39] page last free stack trace: [ 40.290648][ T39] free_unref_page_prepare+0x9f1/0xa00 [ 40.295943][ T39] free_unref_page+0xb2/0x5c0 [ 40.300454][ T39] __free_pages+0x61/0xf0 [ 40.304621][ T39] __free_slab+0xce/0x1a0 [ 40.308786][ T39] __unfreeze_partials+0x165/0x1a0 [ 40.313735][ T39] put_cpu_partial+0xa9/0x100 [ 40.318250][ T39] __slab_free+0x1c8/0x280 [ 40.322503][ T39] ___cache_free+0xc6/0xd0 [ 40.326754][ T39] qlist_free_all+0xc5/0x140 [ 40.331181][ T39] kasan_quarantine_reduce+0x15a/0x180 [ 40.336474][ T39] __kasan_slab_alloc+0x24/0x80 [ 40.341161][ T39] slab_post_alloc_hook+0x53/0x2c0 [ 40.346107][ T39] kmem_cache_alloc+0x175/0x320 [ 40.350796][ T39] __proc_create+0x419/0xa30 [ 40.355223][ T39] proc_create_reg+0x9b/0x120 [ 40.359737][ T39] proc_create_net_data+0xc3/0x1e0 [ 40.364682][ T39] [ 40.366856][ T39] Memory state around the buggy address: [ 40.372331][ T39] ffff888138048900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.380230][ T39] ffff888138048980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.388129][ T39] >ffff888138048a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.396015][ T39] ^ SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 40.399923][ T39] ffff888138048a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.407824][ T39] ffff888138048b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.415717][ T39] ================================================================== [ 40.423619][ T39] Disabling lock debugging due to kernel taint [ 40.441360][ T28] audit: type=1400 audit(1744879686.011:301): avc: denied { remove_name } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 40.494346][ T28] audit: type=1400 audit(1744879686.041:302): avc: denied { rename } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 40.527603][ T28] audit: type=1400 audit(1744879686.041:303): avc: denied { create } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 40.592306][ C1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 40.603947][ C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 40.612196][ C1] CPU: 1 PID: 1351 Comm: syz.0.396 Tainted: G B 6.1.129-syzkaller-00013-g6684cdb34eae #0 [ 40.623213][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 40.633110][ C1] RIP: 0010:__queue_work+0x4f1/0xd70 [ 40.638223][ C1] Code: 39 03 0f 84 40 01 00 00 e8 4c 6e 2a 00 4c 89 e7 e8 e4 df d7 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 c0 1d 72 00 49 8b 3e e8 98 d8 d7 [ 40.657779][ C1] RSP: 0018:ffffc900001b0c78 EFLAGS: 00010046 [ 40.663674][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff88811476a880 [ 40.671486][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 40.679291][ C1] RBP: ffffc900001b0d00 R08: ffffffff814b279b R09: 0000000000000007 [ 40.687109][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881380489c8 [ 40.694915][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881380489e0 [ 40.702727][ C1] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 40.711938][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.718351][ C1] CR2: 000055558d8357d0 CR3: 00000001101fc000 CR4: 00000000003506a0 [ 40.726166][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.733983][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.741914][ C1] Call Trace: [ 40.745046][ C1] [ 40.747725][ C1] ? __die_body+0x62/0xb0 [ 40.751886][ C1] ? die_addr+0x9f/0xd0 [ 40.755883][ C1] ? exc_general_protection+0x317/0x4c0 [ 40.761273][ C1] ? cpu_curr_snapshot+0x200/0x200 [ 40.766305][ C1] ? asm_exc_general_protection+0x27/0x30 [ 40.771849][ C1] ? __queue_work+0x28b/0xd70 [ 40.776364][ C1] ? __queue_work+0x4f1/0xd70 [ 40.780878][ C1] ? __queue_work+0x29c/0xd70 [ 40.785391][ C1] delayed_work_timer_fn+0x61/0x80 [ 40.790336][ C1] ? queue_work_node+0x1d0/0x1d0 [ 40.795113][ C1] call_timer_fn+0x3b/0x2d0 [ 40.799456][ C1] ? queue_work_node+0x1d0/0x1d0 [ 40.804223][ C1] __run_timers+0x756/0xa10 [ 40.808566][ C1] ? calc_index+0x270/0x270 [ 40.812902][ C1] ? sched_clock+0x9/0x10 [ 40.817065][ C1] ? sched_clock_cpu+0x71/0x2b0 [ 40.821770][ C1] run_timer_softirq+0x69/0xf0 [ 40.826354][ C1] handle_softirqs+0x1db/0x650 [ 40.830958][ C1] __irq_exit_rcu+0x52/0xf0 [ 40.835293][ C1] irq_exit_rcu+0x9/0x10 [ 40.839374][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 40.844843][ C1] [ 40.847625][ C1] [ 40.850399][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 40.856213][ C1] RIP: 0010:free_unref_page_prepare+0x89e/0xa00 [ 40.862288][ C1] Code: 89 df e8 b5 5e 05 00 48 8b 03 4c 89 f3 48 c1 eb 08 49 c1 ee 0b 41 83 e6 08 4e 8d 74 30 08 4c 89 f0 48 c1 e8 03 42 80 3c 28 00 <74> 08 4c 89 f7 e8 88 5e 05 00 4d 8b 36 80 e3 3c 89 d9 49 d3 ee 41 [ 40.881727][ C1] RSP: 0018:ffffc9000f887508 EFLAGS: 00000246 [ 40.887627][ C1] RAX: 1ffff11000ffff98 RBX: 0000000000001286 RCX: 0000000000000000 [ 40.895531][ C1] RDX: 0000000000000200 RSI: 00000000000000ff RDI: ffffed10250d7000 [ 40.903339][ C1] RBP: ffffc9000f887590 R08: dffffc0000000000 R09: ffffed10250d6e00 [ 40.911151][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 40.918959][ C1] R13: dffffc0000000000 R14: ffff888007fffcc0 R15: ffffea0004a1adc0 [ 40.926778][ C1] ? free_unref_page_prepare+0x1b3/0xa00 [ 40.932240][ C1] ? __kasan_check_read+0x11/0x20 [ 40.937103][ C1] ? free_unref_page_commit+0x1f6/0x570 [ 40.942484][ C1] free_unref_page+0xb2/0x5c0 [ 40.946994][ C1] ? mark_free_pages+0x3b0/0x3b0 [ 40.951770][ C1] __free_pages+0x61/0xf0 [ 40.956023][ C1] __vunmap+0x9c6/0xb80 [ 40.960019][ C1] ? _raw_spin_lock+0x1b0/0x1b0 [ 40.964699][ C1] ? vunmap+0x60/0x60 [ 40.968520][ C1] ? rcu_force_quiescent_state+0x170/0x170 [ 40.974162][ C1] ? kcov_open+0x60/0x60 [ 40.978238][ C1] vfree+0x5c/0x80 [ 40.981810][ C1] kcov_close+0x2b/0x50 [ 40.985794][ C1] __fput+0x1e5/0x870 [ 40.989631][ C1] ____fput+0x15/0x20 [ 40.993435][ C1] task_work_run+0x24d/0x2e0 [ 40.997856][ C1] ? kmem_cache_free+0x291/0x560 [ 41.002633][ C1] ? task_work_cancel+0x2e0/0x2e0 [ 41.007926][ C1] ? free_nsproxy+0x20d/0x260 [ 41.012442][ C1] ? exit_task_namespaces+0xb4/0xd0 [ 41.017470][ C1] do_exit+0xbd0/0x2b80 [ 41.021474][ C1] ? __kasan_check_write+0x14/0x20 [ 41.026499][ C1] ? put_task_struct+0x80/0x80 [ 41.031095][ C1] ? __down_common+0x344/0x690 [ 41.035697][ C1] ? __kasan_check_write+0x14/0x20 [ 41.040642][ C1] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 41.045596][ C1] do_group_exit+0x21a/0x2d0 [ 41.050020][ C1] ? __kasan_check_write+0x14/0x20 [ 41.055470][ C1] get_signal+0x169d/0x1820 [ 41.059738][ C1] ? down_interruptible+0x59/0xc0 [ 41.064602][ C1] ? raw_ioctl+0x2342/0x3620 [ 41.069029][ C1] ? ptrace_notify+0x350/0x350 [ 41.073626][ C1] ? audio_source_pcm_show+0xd0/0xd0 [ 41.078746][ C1] arch_do_signal_or_restart+0xb0/0x16f0 [ 41.084216][ C1] ? selinux_file_ioctl+0x3cc/0x540 [ 41.089248][ C1] ? selinux_file_alloc_security+0x120/0x120 [ 41.095065][ C1] ? get_sigframe_size+0x10/0x10 [ 41.099929][ C1] ? __kasan_check_write+0x14/0x20 [ 41.104870][ C1] ? fput+0x15b/0x1b0 [ 41.108691][ C1] exit_to_user_mode_loop+0x74/0xa0 [ 41.113725][ C1] exit_to_user_mode_prepare+0x5a/0xa0 [ 41.119027][ C1] syscall_exit_to_user_mode+0x26/0x130 [ 41.124833][ C1] do_syscall_64+0x47/0xb0 [ 41.129088][ C1] ? clear_bhb_loop+0x55/0xb0 [ 41.133684][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 41.139424][ C1] RIP: 0033:0x7fe04eb8dd6b [ 41.143664][ C1] Code: Unable to access opcode bytes at 0x7fe04eb8dd41. [ 41.150523][ C1] RSP: 002b:00007fe04f984f10 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 41.158770][ C1] RAX: fffffffffffffffc RBX: 0000000000000003 RCX: 00007fe04eb8dd6b [ 41.166581][ C1] RDX: 00007fe04f985fe0 RSI: 0000000080085502 RDI: 0000000000000003 [ 41.174389][ C1] RBP: 00007fe04f985fe0 R08: 0000000000000000 R09: 00302e6364755f79 [ 41.182200][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000080085502 [ 41.190013][ C1] R13: 0000000800000000 R14: 0000200000000140 R15: 00007fe04ec1b9de [ 41.197833][ C1] [ 41.200689][ C1] Modules linked in: [ 41.204423][ C1] ---[ end trace 0000000000000000 ]--- [ 41.209712][ C1] RIP: 0010:__queue_work+0x4f1/0xd70 [ 41.214833][ C1] Code: 39 03 0f 84 40 01 00 00 e8 4c 6e 2a 00 4c 89 e7 e8 e4 df d7 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 c0 1d 72 00 49 8b 3e e8 98 d8 d7 [ 41.234278][ C1] RSP: 0018:ffffc900001b0c78 EFLAGS: 00010046 [ 41.240177][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff88811476a880 [ 41.247988][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 41.255809][ C1] RBP: ffffc900001b0d00 R08: ffffffff814b279b R09: 0000000000000007 [ 41.263610][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881380489c8 [ 41.271421][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881380489e0 [ 41.279237][ C1] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 41.288002][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.294424][ C1] CR2: 000055558d8357d0 CR3: 00000001101fc000 CR4: 00000000003506a0 [ 41.302241][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.310047][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.317860][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 41.325511][ C1] Kernel Offset: disabled [ 41.329636][ C1] Rebooting in 86400 seconds..