last executing test programs: 27m10.156327444s ago: executing program 0 (id=387): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000880)=ANY=[@ANYBLOB="5c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e00010069703665727370616e0000002000028006000200300000001400060000000000000000000000ffff7f00000108000a00", @ANYRES64], 0x5c}, 0x1, 0x0, 0x0, 0x48810}, 0x0) 27m10.049528226s ago: executing program 0 (id=391): openat2$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', &(0x7f00000001c0)={0x20040, 0xe, 0x2}, 0x18) syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d370f0100000000000000000006241a0000000c241b4800f3ff000500800509058103000200000009"], 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000004000000000000000000008500000050000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='ext4_ext_remove_space_done\x00', r0}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) close(r1) 27m7.80024291s ago: executing program 0 (id=399): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000880)=ANY=[@ANYBLOB="5c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e00010069703665727370616e0000002000028006000200300000001400060000000000000000000000ffff7f00000108000a00", @ANYRES64], 0x5c}, 0x1, 0x0, 0x0, 0x48810}, 0x0) 27m7.725105501s ago: executing program 0 (id=400): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21045e, &(0x7f0000001400), 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x275a, 0x0) r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) write$UHID_INPUT(r0, &(0x7f0000000280)={0x8, {"68828c0b9bc23b6a89f8110d35c59d082b92f476102ce32229638a495dcd21c89d83a602a5e31db5ec28b818a3d699abbfafad0370d610ac8a0c4726147706600ff53312a5a0fcf02dd3c0c051bce7e14058a91070617264a63a446e3bcbc60a8204e1cde7294551e2b14ca95768db0f1d7e91a01558164eb611a545bfff41ad4788237a35d9bb2087b6245d27b7fdf4d12d0b19d8cb93ab5ae5850dc1c521058256c8ffa7742038290bb874b0e4199e945f3ab5c74e1b3840f18b0c27377c18beea9f6f909f141e96c7ef2d65f293a13fbbca16644d71cf8cc7652391c5eacaa8a1e247815d7c91adab2cfe77c71882246812312aa01c99b9402a62d82ce80d08636aa5a87b550becadfe4b5ae98085a6b0d9fd3407461eecd242e243140cbe1027d68516e3c379a0921455ca4b36fb9d4b9f9324590fc77730385dee376d147a74bb08ce8fec7ed205311dc42f4cd009f57c85abced5844867f81ddf09cb67bb623ed41304c2d08373972f30418780c6bed885604b2fc6ea1cd1dfe48c5fae5f5925c9c657bb39d8b30db6eb1cab5031ae94d45aa4764d45397793250c758537e24bab0ab75d8066903f808d1bf68d189c1a1f5c6ad28dbeae6ab64c771346a9e7720b92ad4008db9c94d6b876753d57bb21f7c645d6833e680f52c3ecaf20b05869feb4ee670d4f18e233df78ccda64a8cbc6d28e392fad9cc7dc8baed666cf0e96111aac3376d3e66b50f83bbc51b180de2a320ee8c5fe17bea897acea40274c3962f009ede428a99e0fe869a9f711b626e68a5e257e32cd6a000f4c9c509b1116f2502f199823f29d7410e37f4d57755b85e3b0f555422f8631047187b55295001847e7395e7d59752ee37d12f7f9b0d94f00f626eb330ebcf5fd520925036cc07e687e001befa33475b67d381f5d0d5c969fd603464520d9212df27dbb4665c139755795a42005fac94f0ceeb6dee1f3bb0c7c1b03bbaafe7a4b53257892fa6a0148a1bbb43f0b57c21e278730c53a888864a8fbf71a81e154d5f923bdc67a3557d081655d3a63c63609c0e1804dbb7242ca489ac2f2d425a4f8007d4f312ca7723bf3c6633b651177c0a54d6ac50ac45e5f36e474685ef3938775537a3c50f06eca472d7f8cee44239b2a4d29fbf2629eaf62d879ab8dcd2fd5d2345298f3fea84307f0d22a5ecbe2c728cec1b9ad4240926dc9d3d94d5476a0f9f088b0c21b040139bbe103417ae11a85f72d652c93351f8e062530c03cb842ef3b231ecf36ef32c470c67d48648740334ea670a200e4d87745784c270023ac2391b39319162a268c55d64c763d9e5079c286b0c2eb6c084adbdd0b1823d9d31a73aa181cb507bfce4d9f7752da2fbbd3d3eb366b7fcb4c7868a5d010ea3b4e7dd6e68aeb044edf20e2d4aa2837cd70814a556b5a4f90fc47ceab97b2f6ec437f46196398667cf927c900523154b3bfee8e96eb4b4c03dc0d818511a51b5defd3ebf6523816560ba03fc010fd34ab09fdb3aa355e48b6b3a0cb6ce89b4008104a4afe8265f1178d177027918ec1aca8a2ad98fa63bad1367d379e6ff13a57909d8f9ecf50bf5dedc6e49cb9459e4db15c4aa2098fec4e13eafebaf8c1ea118d05c51e799f8e843e0c722ececfcf2422ece64dd945b6c14e5843a393e84873d3dd84eab786955014f210686aea9b11062c70e829ef9ff9da1be19705d2a74110d82e141cb1da325441a8593780470656e6116d5bf16bb6fee6b980ae3448d782c5f8d658f6e9e8494d9357490485a1b9879d34f4e681a425e36627f4844a64bfee3c90bb2c93c4e791ecefb0917b45f9323524fa575472f9152b84ab51aca006e5672091554d95a598c2c09068673a857704b131dac07bff07985941f2510aa52dbb79246bb5193819fe06cfafd24ac8f2cb98b9f4a7bb5f27d962fcb733b9ac25f1dec5a1d6f6c4fde072048169fbfdde0854a993ae1f93d13b4cfbacd926c204d687f2f9feb696406a8aa83de5853cdb2fc110db3e3ee717851ebc9bfea5f7563e7f41d8edfac83f2b6d015fca0f9ca29e3d97f9c727bdddc5eab6bf603c0af7b421aa44f3a03296fde5d980b3c2c707059440b0e6fac05a66d919733989f69209303d91e09e7b6fac37c812bb880bd06b687958dac2608ec6e07f492732c44b3a304d0a11a7307abab29e31239bde8274ec53a6999c0ec36ef708d46b4e606ddd4e41b05e144147b5a3d786806873dad19d8b11209a0d0d3e93d17ba4b6b75b5e8e9c36289f9be1db428278c0c18bef8327d374fcb16007c595b8c59b15c90f0b2e302071a1e328282b94516af2a83bbcdd2912a5b2044582f21820df59cee9d45a8dc0e9babfd2914c492f58e32475af0ce53bb0b25661ac5226e946f6cf87dab12601f2cb55573f17ac7d48a647a4ef38e3fca92377ffdd9b5f3bb75bad2b406d8d5656b4eea17a7e2f540c12985599bdb09793068b3151f5a7c39241c88c267f34cf342506338835a8e9975b76dde0e275f3522ff6be12402011868e658fba23ef0ea8eeb470f631ca1b5a2e5e35336320ed03ecc31212bf84467333730d96919e2ed9edddb71da5784fdbc23472da3840ac665cfafbc863d71f5e032d6cb1299375f96ae7a1658798561c5d3e549052751eda4d830109d0c7ccdd80afc7803e546738e3424cf77627330b9447ff34068585936bb60eadd47d40f171d80f5b4d3276a74a4ac606135b805a64d0d39a06344d3be8c1572cd33f9a3afd10dfefd4789a54e9cb55677b02f9330ee99a1f93a6cebd52f22eb93bcedf37f4cc3982b4dabaf26e215872e11cc836b439b580ea013c76ea8629ed752b087bcf176fdc8cb6ae4e2947f5bcf9338d48ce1cf74e365b720d1b3d8c5145d1a78e8eb1b45d21bb62ed1b6e212c13a0ea21223103cd521cb73666cc7a5bacf02b5764251257dea8138e3683c0f7ec4037093a3b78a2d74185289a4844903619b1d9d1553ea217ca214be2cba732907692a769d398d52b816e3859f8ae81e5d0c089e1a87885dd5c86c50ac83db3a802ea67bc0224b4d4e5ed0347a7b144004a93826b01244e75b6e499d4b26bb1845afea8654ba9ade75f5310b458885ad78eff3712c02e62363c5dedd6c99d9aae4cff5cc5ed9406c248744cb4f091eb1f419d0efd1ef5c850b4176fa07a1a5a4e8d39d2e0308916abc77f6cf6b4a44a8a01fc21059d0e100daaeaf636bd177637a583eb9f45c67bc2c76760a58bf448e2e379831755f7a974384d3d62727ca3fec2194dd633a0ed411d6586651b4bbd8b4f5746ce4e72715ba9736c240747f98a01fd3df0b9bed007763c1a1968d4b69eafd279d1c761f8d6a675ab2fced1793920b10c50af3520170b1d5041a0dde753a2fc210cf98ebcc5392a5deccaefdf4b002aeee716dcdca6cb6073881ddbfd37ee751edaca99b65202bfdbe1fec457bd502555b7dedc5d8e221d4093cf7acf89a3b801d6d2fdd3415d58bef856be0ff22eab5d75675081d85416ab70d7d36d617a2a7f0c8d6ed35a2a81588f01e80712534c3256fc52fb4ed5478325ae28efd78e7eaaabf08bd749226ecab7bdbab7a60b5b60f2d93714455ae6d3b88de9ebb5d2df81fc7e349af45d1b502cfaf36f4adc16886db2758b4f43f5a030912cb772def90d1a0fb555c8fb10d3a7bd8e2dd954860b8084ce5c72971f5df24ef5bc24937ccd545f964a86b6c466610e24cee92bf7a196c915975349b491e8bb1f164ae0af3fbe050d57dc7af839be63cdf1883ec31f5310c6e0d87c70902a66259bcf76588f14f96ebb85b95997f64814c73d6ff8b059536c70f7d72b5924258ffb706e2af7aaf580f327af6dff0c3b020b451c4b22d46fa72854af95b2b6a6d7a3e0b2b78c06eeec2edd5f1a2174ae8b7b6f4ce2e781314142b8482dc8ff4046e851a5d6b8347b4ac8b2326e1c359160ac49d637e4f5549d73369d3323223f179146a5426e21213c6e51a348bc9d55289837b42fa56f9084f6e268a9d041bde513b1e8ea13a7637bc53f67b2951b4bec7a44acb0d93ea325611c486806884b08192ed5768ca88e95db075d8d551b09c42d62a87e1b121adb5812ee1769f1555707b163af0ff78d728ad0a1871704645f1ed8632e85735ff24e7541005d5409205940df84926ec581218a4ce89498715fb09dcdb44849d3ca7631c1d472ffcafeb37610e8ca77ba4b43176d825a27f59ec81b217b7aa6e01698fe45ffafa0ea2356ad423e581b632b6c627e0d827da58523a40aa19ea3e2ca93f93ed2a33e4fabc36ae56abcb11ae7944577230ec6c498033976fb8d9610d9d9eacf7302ecb060ea5002d70eb6f327ded18f5b2c79e04f09bff203b7d572a214c3684eb89470c28a1361333b32dd63df2163c039d129c5f766fe1a4110f95fc99b87ead844433ac309c3565bc9ca7a6f838a121fc44303ae248a366865e0a3da36ed3046e304f579ff422a7b9946b5cfb52d3e4463e4c5a1e3c7ec1dc16c18c1cdc641b8a8301cd2fcd271489528b4bb4a8515a71be236faadc7ea05173c21f4b8a9aadae38d2e8443199a08a8df1d502df62736812398e8df6eb17f938d529e8dccfe6a15470be9a8cb613a7fb337f213f77ebd136ddbab9471629169e24304e8d20f37e9a341559afc9ab598119e504c53d5c8ec5316e8336295c4101d8bdf6c71d1483355c00972636ea6831704008858cf803defbba5069c24ac7d5e1b7c8e664212d350832fbc767e09a6c2a08073dd8ac2661fec32d6f548b56d74201c274e2cc07a1712169d3db64ebd5bc111fc0aa41f69a5ef849a41a84cb0673db00cb6ae345fdbd44a5467f8588aa24ef57d7ea9ce9b0b9d2c2e2ee7990c1e3d97375ffd800248f87789cedb94803c315728805b5c0394ab617eadacafebba89d103b28c9df323fc65d023539393ac18285246ffc5e4a7ba902dc234ac2383382f3f445f198cd82a494c8f7ea80c0517223f14e303cf7565e44cd650d4997202ac331355d2c734c61c8a1903d056eb03ce50d167a7a94854de234e45e3886287d01221c6d493ea078df81c2c0d7e5b61a34ceecbf83dd21edb2aeddd14869aaf034588076f6a604569e745f4400fa8ca7dfb9be8bfb85874283a5d1522ec70559abe4681c91112e3561841b2fad0540865944b5df385121b4c8d99cb4d5f9634ace1700c90cfc98f4086714f5f3fd8450f4067e32715aee5943c571fcdca2cb6115dcc373e3f5e96b08e626a1a776ffd5efbf898cfaac7405f75a40feb8ddf06cddf1258a09f3e58b424d409767966290c5c15d150e0f7d120f0078cb97337874f16838ce3cad921bad2573ecef3d853ee5d7e89c3fe517a0d1139ad3f1424c6e5e880cc8b33eb4762b7bd1fe5fd4e2d4c3249bb70b5fe2e74e3751e1b0d78dfbc78fbab4a35d7cd97f8be57eec3a6b3b5c63a5747f82bd3e7fba99bbf9ad1faee6f4b59e14049bbc7a78c285cc8be8cc3fac3451add460bdada49d65d2253adb3500ad3d163f9ae0e24d413ad348bc1a2ed940e6d1c28fa16b9ad05c2175b3374d765939148451b8daffb3f4e646397bc04b0f04a808b6f96dcab1dccbd5b55d4758279b67899dea10bbb61c58f6aad2aefe78f9e5d2b916ca6d717d78e978c25ad27b912e7bddede9c2bf3cd464ff102d78332c1468fc2f2f5cd20baddb71736c30a4a302bb5412587e95f165bc12c05cebf5128ef67064fe9b9f14aed30708a4e5afe8b0cf6c904dbedcd2d7c467cef6544ddd020de4cc50f646d0ba0862030febee6af93b263ff983708b1c725a13103", 0x1000}}, 0x1006) fallocate(r1, 0x0, 0x800, 0x2000402) mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000340)=ANY=[@ANYRESHEX=0x0, @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000016c0)=ANY=[@ANYRES8=0x0], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000012c0)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2, @ANYRESOCT=r2, @ANYRESDEC=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x34, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001000010800"/20, @ANYBLOB="000000001004000014001a80100002800c000180080016000600000008001b"], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r4}, 0x10) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="7472616e733d197390e5fb0917d07bbf999c82ffbe030cea02dcf2777613d24a2302bf8f70e08b95be6c5714384f3587afe64c3eefc9b212e926f3d4b10204da68f71fbe0a3f2feb97960ca3397b574448b1e14d96dee1393b5b0e82a0491e60c6551f8dcc059aab0016e81194f404264d41ed7ed6483224689342da609ff3c5b3a34cfc75c56348af7a37fb73921e9fd65ad566d893e0b55bca03db610c0e51627fcf72b0694a90ce8ad86c5e05d2558274adc0ac625fadd98c5ff29697d76118cd348a0219609f3f046f666b53c5055a83911b3983dfbc39ec8b3e2a10e9abd02332370702", @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r7, @ANYBLOB=',\x00']) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mkdir(&(0x7f0000000200)='./bus\x00', 0x10) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x400, &(0x7f00000001c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r8, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000000)='./bus\x00') bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r9 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r9, 0xaf01, 0x0) r10 = eventfd(0xfffffff9) ioctl$VHOST_SET_LOG_FD(r9, 0x4004af07, &(0x7f0000000240)=r10) ioctl$VHOST_SET_VRING_KICK(r9, 0x4008af20, &(0x7f0000000040)={0x1, r10}) 27m7.408099026s ago: executing program 0 (id=403): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) fsopen(0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x401}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_emit_ethernet(0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x4c, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x80, r7, 0x1, 0x80000, 0x1, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x1ff}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e23}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @b}]}, 0x80}}, 0x0) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000200), 0x1, 0x570, &(0x7f0000000680)="$eJzs3V1rHFUYAOB3Nkm/tSmUoiIS6IWV2k2T+FFBsF6KFgt6X5dkGmo23ZLdlCYW2l7YG2+kCCIWxB/gvZfFP+CvKGihSAl64U1kNrPtNtnN52q2zvPAtOfMzObM2TPv2Xd2dtkACmsk+6cU8WLcjK+TiMNt2wYj3ziyst/So+uT2ZLE8vInfySR5Ota+yf5/wfzygsR8cuXESdLa9utLyzOVKrVdC6vjzZmr4zWFxZPXZqtTKfT6eXxiYkzb06Mv/P2Wz3r62vn//ru43sfnPnq+NK3Pz04cieJs3Eo39bejx242V4ZiZH8ORmKs6t2HOtBY/0k2e0DYFsG8jgfimwOOBwDedQD/383ImIZKKhE/ENBtfKA1rV9j66DnxkP31+5AFrb/8GV90ZiX/Pa6MBS8tSVUXa9O9yD9rM2fv797p1siQ3eh7jRg/YAWm7eiojTg4Nr578kn/+273TzzeP1rW6jaK8/sJvuZfnP653yn9Lj/Cc65D8HO8Tudmwc/6UHPWimqyz/e7dj/vt46hoeyGvPNXO+oeTipWp6OiKej4gTMbQ3q693P+fM0v3lbtva879sydpv5YL5cTwY3Pv0Y6YqjcpO+tzu4a2Il57kv0msmf/3NXPd1eOfPR/nN9nGsfTuK922bdz/dr3PgJd/jHi14/g/uaOVrH9/crR5Poy2zoq1/rx97Ndu7W+t/72Xjf+B9fs/nLTfr61vvY0f9v2ddtu23fN/T/Jps7wnX3et0mjMjUXsST5au378yWNb9db+Wf9PHF9//ut0/u+PiM822f/bR2933bUfxn9qS+O/9cL9D7/4vlv7mxv/N5qlE/mazcx/mz3AnTx3AAAAAAAA0G9KEXEoklL5cblUKpdXPt9xNA6UqrV64+TF2vzlqWh+V3Y4hkqtO92H2z4PMZZ/HrZVH19Vn4iIIxHxzcD+Zr08WatO7XbnAQAAAAAAAAAAAAAAAAAAoE8c7PL9/8xvA7t9dMC/zk9+Q3FtGP+9+KUnoC95/Yfi6hL/pgUoAIEOxSX+objEPxSX+IfiEv9QXOIfAAAAAAAAAAAAAAAAAAAAAAAAAAAAeur8uXPZsrz06PpkVp+6ujA/U7t6aiqtz5Rn5yfLk7W5K+XpWm26mpYna7Mb/b1qrXZlbDzmr4020npjtL6weGG2Nn+5ceHSbGU6vZAO/Se9AgAAAAAAAAAAAAAAAAAAgGdLfWFxplKtpnMKXQvvxW4fxucv7+ThSedRTto6uGJbTQz2yzAp9LSwyxMTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALT5JwAA//821zOC") mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x18) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)={0x1b, 0x0, 0x0, 0x10000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 27m7.094219611s ago: executing program 0 (id=405): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000180)={0x80000009}) ppoll(&(0x7f00000000c0)=[{r2, 0xa1}], 0x1, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) listen(0xffffffffffffffff, 0x3) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xb, &(0x7f0000000100)=0x400, 0x4) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x90, &(0x7f00000001c0)={[{@uuid_null, 0x3a}], [], 0x2f}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r5, &(0x7f0000001fc0)=""/184, 0x20002078) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) 27m7.013837002s ago: executing program 32 (id=405): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000180)={0x80000009}) ppoll(&(0x7f00000000c0)=[{r2, 0xa1}], 0x1, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) listen(0xffffffffffffffff, 0x3) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xb, &(0x7f0000000100)=0x400, 0x4) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x90, &(0x7f00000001c0)={[{@uuid_null, 0x3a}], [], 0x2f}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r5, &(0x7f0000001fc0)=""/184, 0x20002078) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) 11.06507707s ago: executing program 1 (id=5425): syz_emit_ethernet(0x3e, &(0x7f00000000c0)=ANY=[@ANYBLOB="ffffffffff"], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) r0 = syz_usb_connect$hid(0x2, 0x49, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000000008ac05640200000000000109022400010000300f0904000004030000000921faff080122070009058103ff03c900000e36d74c8e187e5e03fe61603b1cb7fed4144970d698d33f61cd772335f16f0be08adf6d88f7e14eaa0604a09da7a864f55dd6"], 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000680)={[{@subsystem='cpuset'}, {@subsystem='memory'}, {@subsystem='net_prio'}]}) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x208981) unshare(0x22020600) syz_emit_ethernet(0x2a, &(0x7f0000000a00)=ANY=[@ANYBLOB="ffffffffffff00000000000008060001080006040001aaaaaaaaaa00ac1414bbaaaaaaaaaaaa0000090028dc517798a118b09c1dc44431b379f7a0bb22f798b16474ebfc9e825ac9bcdc5509a1088dcfa4c56bfaf7427da58e02c8b1cfc56c35db405d22b3249b837104a19074356da4957ab5f10488a69eec87a5926f590d4ebed8954027817bd1c3cab0066737a1aabc9432f55ba05563d0638a50019210ff6307a397879ead132ce869"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00220a000000ab3feb39de35"], 0x0}, 0x0) r6 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) 7.428298673s ago: executing program 5 (id=5443): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000002080)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r3}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = accept$nfc_llcp(r1, &(0x7f0000000280), &(0x7f00000001c0)=0x60) splice(r4, &(0x7f0000000080)=0x80000001, r6, &(0x7f0000000340)=0x8, 0xfff, 0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r5}, 0x10) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r7, &(0x7f0000000180), 0x40010) r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x121802, 0x2) pwrite64(r8, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r8, 0x6628) ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, &(0x7f0000000300)={0x17c04, 0xffffffffffffffff, 0x4ea, 0x10001, 0x0, 0x8}) 6.674719586s ago: executing program 5 (id=5445): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="05000000040000285f000600000007000000000000ecbc22bba97247983e915600d91e8d2a612bd7b3340707c568a212555f9cf8e8f87a9efbfa39ff72afad0431f70d41fc00b1f0ce055c4fae9d0395299d4a7c6415cf60cb4bfc719b0b98833e680caa9570c37a03523b4944d6eddd0450bbf1bf50ab04eb305a953024a48af7df8d61a4d6499e554ca58158bf8947e971643da806f4479bde501f", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000945947c4000000000000000000000000004000"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) rt_sigaction(0x3, &(0x7f0000000800)={&(0x7f0000000780)="c4a27d58f147c0f7d3672666400fc45f00026666430fdd3ccb66430f71f600c402592e6f07c4e2b5a6f7f2470f38f05987c44170167600f30faec4", 0x3, &(0x7f00000007c0)="c46251373166420f382b7feac481797587ee73000045d8615a2e2e04320ff7f6c4617b2c34350600000044d9fe66400fb53ec4c273f63b", {[0x6]}}, &(0x7f0000000900)={&(0x7f0000000840)="66440f6379c72e42f658f7c90f3765f345a7420f57bea9340000c421adfed026f26ec4c18de5fef342dd23", 0x0, &(0x7f0000000880)="397106c4a33d6cb52d000000b2d1bcd600000081c4e239ae43096436aa6766420f6db900000080c4a2194541008f29b001bac77f98e08fc9f09be9410f56b5e6000000"}, 0x8, &(0x7f0000000940)) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002004007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) ppoll(&(0x7f0000000140)=[{r3}], 0x1, &(0x7f0000000180), 0x0, 0x0) setsockopt$MRT_FLUSH(r3, 0x0, 0xd4, &(0x7f0000000640)=0xe, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x3, 0x300) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000006c0015000000d9fece23b82000000000", @ANYRES32=r4, @ANYBLOB="000080000000000018003480050035"], 0x38}, 0x1, 0x300}, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000280), 0x7, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r5}, 0x10) copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7, 0x0) 6.673979766s ago: executing program 5 (id=5447): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfeffffff, @void, @value}, 0x94) r2 = epoll_create1(0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000100)) shutdown(r4, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000000240)={'wg2\x00', 0x0}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000002c0)=0x14) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000003c0)={'syztnl2\x00', &(0x7f0000000300)={'gretap0\x00', 0x0, 0x10, 0x80, 0x1, 0xbc, {{0x28, 0x4, 0x3, 0x3d, 0xa0, 0x68, 0x0, 0x0, 0x2b, 0x0, @local, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@noop, @cipso={0x86, 0x64, 0x2, [{0x1, 0x7, "8b48f07008"}, {0x7, 0xb, "b5ad6bbb4a1a8f01fe"}, {0x0, 0x6, "a321ee90"}, {0x0, 0x2}, {0x1, 0x10, "e3e8f198fcd501b5d777111a6715"}, {0x6, 0xa, "1f7a10c998f63fee"}, {0x5, 0x9, "4c305d2d4656eb"}, {0x6, 0xd, "e513a10ab870512a631872"}, {0x1, 0x11, "a130dd9f95d05767a71ae39dc6d9bd"}, {0x2, 0x3, "1a"}]}, @timestamp={0x44, 0x24, 0xed, 0x0, 0x3, [0xb5bb, 0xa, 0x5, 0xdfd, 0x80000000, 0x0, 0x7, 0x400]}]}}}}}) sendmsg$ETHTOOL_MSG_RINGS_GET(r5, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x240004}, 0xc, &(0x7f0000000400)={&(0x7f0000000b00)=ANY=[@ANYBLOB="b4010000", @ANYRES16=r6, @ANYBLOB="20002cbd7000fbdbdf250f0000005800018014000200766972745f77696669300000000000000800030006000000080003000200000014000200697036746e6c30000000000000000000080003000100000014000200697036677265300000000000000000002c0001801400020076657468315f746f5f626174616476001400020064756d6d7930000000000000000000000c00018008000100", @ANYRES32=r8, @ANYBLOB="040001806c0001800800030000000000140002006970766c616e3100000000000000000008000300030000001400020074756e6c30000000000000000000000014000200766574683100000000000000000000000800030000000000140002000000000000000000000000000000000028000180080003000300000008000300020000001400020076657468315f746f5f626174616476003000018008000300020000001400020076657468315f6d61637674617000000008000100", @ANYRES32=r7, @ANYBLOB="08000100", @ANYRES32=r8, @ANYBLOB="48000180f5440800", @ANYRES32=r8, @ANYBLOB="08000100", @ANYRES32=r9, @ANYBLOB="080003000100000008000100", @ANYRES32=r9, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYRES32=r9, @ANYBLOB], 0x1b4}, 0x1, 0x0, 0x0, 0x8004040}, 0x800c044) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="00000000000000000000c7d95647b1fb23cd4658e78c8dcef39d3fcd835b2049db8b6137b737a0722fb97d491779379ce22c84890e7c175adc67d21983ec51a97cf7e7f77ba38a8299", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) gettid() r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000500)=ANY=[@ANYRESOCT=r1, @ANYRES32=r11, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000009704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r9, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) accept(0xffffffffffffffff, 0x0, 0x0) 6.616893717s ago: executing program 5 (id=5448): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xc) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x408, 0x0, 0x2b8, 0xb0000010, 0x0, 0x5c8f0200, 0x338, 0x3a8, 0x3a8, 0x338, 0x3a8, 0x3, 0x0, {[{{@ipv6={@private1, @local, [0xffffff00], [0xffffff00, 0xffffff00, 0xff000000], 'vlan1\x00', 'veth0_to_team\x00', {}, {}, 0x0, 0xfd, 0x0, 0x19}, 0x0, 0x228, 0x248, 0x700, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve1\x00', {0x8, 0x103, 0x33, 0x871004, 0xfcc, 0x80001, 0x7fffffff, 0x0, 0x0, 0xe0}}}, @inet=@rpfilter={{0x28}, {0x2}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@private1, @mcast2, [0x0, 0xffff00, 0x0, 0xffffff00], [0x0, 0xffffffff, 0x0, 0xff], 'dvmrp0\x00', 'sit0\x00', {}, {0xff}, 0x67, 0xb7, 0x1}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'rose0\x00', {0xb}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x468) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000002c0)=""/100, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000e40)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000feffffff7b8af8ff00000000bfa20000000000ce1dfa33550007020000f8ffffffb703000008000000b7040000000000008500000003000000950000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94) 6.609135477s ago: executing program 5 (id=5449): syz_genetlink_get_family_id$tipc(&(0x7f0000000140), 0xffffffffffffffff) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3800480, &(0x7f0000000280), 0x45, 0x786, &(0x7f00000007c0)="$eJzs3d9rW2UfAPDvSX93e9/2hRd0XhUELYyldtZNwYuJFyI4GOi1W0mzMps2o0nHWgpuiOCNoOKFoDe79se889Yft/pfeCEbU7vhxAupnDRZszXpkq1J5vb5wGme5zwnfZ5vnnOe8yTnkATwyJpI/2QiDkTEB0nEWHV9EhEDlVR/xLGt7W5urOfSJYnNzdd/Syrb3NhYz0Xdc1L7qpnHI+L7dyMOZnbWW1pdW5gtFPLL1fxUefHsVGl17dCZxdn5/Hx+6cj0zMzho88dPbJ3sf7x09r+qx++8vRXx/5657HL7/+QxLHYXy2rj2OvTMRE9TUZSF/C27y815X1WLJ7cYM9gAdB2jF9W0d5HIix6KukmhjpZssAgE55OyI2m+lrWgIA/Kslzc//AMBDqfY5wI2N9Vxt6e0nEt117aWIGN6Kv3Z9c6ukv3rNbrhyHXT0RnLblZEkIsb3oP6JiPjsmze/SJfo0HVIgEYuXIyIU+MTO8f/ZMc9C+16poVtJu7IG/+ge75N5z/PN5r/ZW7Nf6LB/GeowbF7L+5+/Geu7EE1TaXzvxfr7m27WRd/1XhfNfefypxvIDl9ppBPx7b/RsRkDAyl+eld6pi8/vf1ZmX187/fP3rr87T+9HF7i8yV/qHbnzM3W569n5jrXbsY8UR/o/iTW/2fNJn/nmixjldfeO/TZmVp/Gm8tWVn/J21eSniqYb9v31HW7Lr/YlTld1hqrZTNPD1z5+MNqu/vv/TJa2/9l6gG9L+H909/vGk/n7NUvt1/Hhp7LtmZXePv/H+P5i8UUkPVtedny2Xl6cjBpPXdq4/vP3cWr62fRr/5JONj//d9v/0PeGpFuPvv/rrl/cef2el8c+11f/tJy7fXOhrVn9r/T9TSU1W17Qy/rXawPt57QAAAAAAAAAAAAAAAAAAAAAAAACgVZmI2B9JJnsrnclks1u/4f3/GM0UiqXywdPFlaW5qPxW9ngMZGpfdTlW932o09Xvw6/lD9+RfzYi/hcRHw+NVPLZXLEw1+vgAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBqX5Pf/0/9MtTr1gEAHTPc1+sWAADdNtzf6xYAAN023NbWIx1rBwDQPe2d/wGAh4HzPwA8epz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6LATx4+ny+afG+u5ND93bnVloXju0Fy+tJBdXMllc8Xls9n5YnG+kM/miotN/9GFrYdCsXh2JpZWzk+V86XyVGl17eRicWWpfPLM4ux8/mR+oGuRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDrSqtrC7OFQn5ZQkKi7URc2DqOHpT27F0iBrdHiZGejU8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD7p/AgAA//+mAybn") r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="020000000400000008000000010000008000"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000c80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) close(r2) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000740000000700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000001c0)='ext4_ext_remove_space\x00', r3}, 0x10) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$uinput_user_dev(r4, &(0x7f00000005c0)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x47b07c7d, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x80000001, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x5e6, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xe04, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x758, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x7, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x400000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_DEV_CREATE(r4, 0x5501) 4.764294639s ago: executing program 1 (id=5451): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) (async, rerun: 32) mount$tmpfs(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='size=P']) (async, rerun: 32) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x1, 0x0) (async, rerun: 32) chdir(&(0x7f0000000240)='./file0\x00') (rerun: 32) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000d40)=""/4082, 0xfffffffffffffffe) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0500000004000000080000000500000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000d6c6000000000000000100000000007f093000400000000000000000"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r2, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000180)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3, &(0x7f0000000280)=[0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0], 0x0, 0xf1, &(0x7f0000000340)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000380), &(0x7f00000003c0), 0x8, 0xa9, 0x8, 0x8, &(0x7f0000000400)}}, 0x10) (async) setreuid(0xffffffffffffffff, 0xee00) (async, rerun: 32) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async, rerun: 32) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x1b, 0x0, 0x0) (async) gettid() (async) write$P9_RXATTRWALK(0xffffffffffffffff, &(0x7f00000004c0)={0xf, 0x1f, 0x2, 0x8}, 0xf) (async, rerun: 64) bpf$MAP_CREATE(0x0, 0x0, 0x50) (async, rerun: 64) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) (async, rerun: 64) r4 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) (rerun: 64) r5 = bpf$MAP_CREATE(0x0, 0x0, 0x50) (async) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000d00)=ANY=[@ANYBLOB="18020000000000000000000000008000850000006100000085000000d000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r6, 0x0, 0x28, 0x0, &(0x7f0000000240)="243c42e8680d85ffff03762f86dd", 0x0, 0x2200, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002ac0)=ANY=[@ANYBLOB="b702000026f90000bfa300000000000007030000007effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000002b000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc525d78c07f17e4d5b3185b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb622003b534dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b6fbce3f897226c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a0806000000020000000000000048f941b13d924bcf334d83239dd27080e71113610e10d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3964663e88535c063f7130856f756436303767d2e24f29e5dad9796edb697a6ea1182babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570d338f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a411f450f173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacee403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75ee905000000d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007981699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e6712824a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f5124948f8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef660200a99b5c0c20b378065fac4ef9ac2d00000060e5d3f1749feaecf69ba83a71ca26f54b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd94d2da66059de81abfa15eeeb88b6ae5882ad341032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b47dcb52b0be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd2231bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac47946d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f553573c48104d2ad0e10d3663488e664401453f22f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f3274497c6882a72475e4280a4d9a47c003c6ed3071330c58145be498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cd2c60538a505ad4a0510eebb023e4954c9eb6cd70627f5c03d867dbf3ad5d1f1dc852064dd0efafc3df20ed65af3d194db76127f88f284fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8ba37818e40c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1db99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c02b53d44bd84bf6770157e96bbb96b5e1f165c87e7ad68a3600b3d357fa9a7d53c281d88ebb175a4dbb82130e6870982947913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980edfa1116a3d04d58872a07d6a7e12db673acd2f7b8988d833e71943fe2c1c65a3cf36b955c56b55bfd3ecf0af694c71a03f2996c15b1ba971de1cb9c7e6a0000000000000014783ef54c51199317413f98dca8ff3d0bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b4625fea426ff9293a28a544a6a9e2a79b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718f3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e68884d7245bc5d61dc5a114d10ffb22e76678bbfc1e3865d17d128306d1b81884a934cb00000000000000000098a4526e6468987dbc63bff7590eb388afaba43d811996333eef7e9f472bee293f0c40d434b8be07cbd52325296e22802493edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbcca8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a6c238e545b28211a92000000001501aed8d72af0fcd540a9d4e293690c5e697b3a1480e46df5371bca1cfb28a57c1b3c956ec81397e81fbf870a67385fea04220423f52ad8178b9fd04bdc7e5fee4bd52db996e633792118efdb6b88023e80da74fdf723c7f0b2e9f3bb90613508c00a292a0c5b87a4f8ff35eba73ce9ebf77d0c842063a7b42c757d828678d38e6a868eaead4f19cdeb7cfc100ceabb4a3999cce5d36ecfe80def20f70500000000000000d9b30e0567612210d492468781999ce795522b726bdf37b15e9afde32a7052cc909efe6ae7804e5044f9f7ae2d8cb08cca312c557bff04cf1fbb0dcfe8ac00"/2832, @ANYRES32=r4], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r8 = syz_io_uring_complete(0x0) setsockopt$packet_fanout(r8, 0x107, 0x12, &(0x7f0000000080), 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r7, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="76389e147583ddd0569ba56a5cfd", 0x0, 0x14000, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) (async, rerun: 32) r9 = dup(r3) (rerun: 32) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYRES16=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ebb, @void, @value}, 0x94) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) bpf$MAP_CREATE(0x0, 0x0, 0x0) 4.757760269s ago: executing program 2 (id=5453): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x0, 0x0, &(0x7f00000000c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$key(0xf, 0x3, 0x2) ioctl$KDSKBSENT(0xffffffffffffffff, 0x4b49, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_emit_ethernet(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount$cgroup(0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='gid_map\x00') read$msr(r4, &(0x7f0000000180)=""/16, 0x10) pread64(r4, &(0x7f0000002240)=""/190, 0xbe, 0x300) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000006800090300000000000000000a00000000000000040004000800010001000000dfb3dd8e78db8fbe13a8a2d22f5d470718772a6ef7285ca3870108a5abfc9810309bec6d4a920ccaac65e71812d6c1742b5321054a4a486c9544cc4f866ef4713b86972c004fe51e63f0457413bab52197d93fb3a6e7fb197b92450c0ba071ed5aac1f0483df129c3301890c03a2383e3cc64bf843cec115f8056cfbe6091475015a166d637c78a9aede940ce41311fbdf"], 0x24}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000040)={@random="6bc158e575f2", @link_local, @val={@val={0x88a8, 0x6, 0x0, 0x4}, {0x8100, 0x3, 0x1, 0x3}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) syz_mount_image$msdos(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x1000400, &(0x7f00000005c0)=ANY=[@ANYBLOB='codepage=874,nodots,dots,tz=UTC,dots,nodots,codepage=862,dots,dots,check=strict,allow_utime=000000000000000000001,sys_immutable,nodots,nfs,quiet,dots,nodots,nodots,debug,usefree,tz=UTC,flush,nodots,\x00'], 0xfd, 0x1bf, &(0x7f0000000940)="$eJzs3TGL02AYB/Cn9bzmnG4TRCHg4nSon+BEThADgtJBJ4XT5SqCt0SX9mP4Af0A0qmLRGrSxkaHWmxS6++39En/edvnHZp26ZNXN99dnL+/fPvl+udIkl70T+M0Zr04jn4sTAIA2CezooivRanrXgCAdqzx/f+t5ZYAgC17/uLlkwdZdvYsTZOI6SQf5sPyscwfPc7O7qY/HNerpnk+vLLM76XN3w7z/Gpcq/L75fp0NT+MO7fLfJ49fJo18kGcb3frAAAAAAAAAAAAAAAAAAAAAADQmVuRLvx2vs/JSTM/qvLy6Kf5QI35PQdx46A6rMcDFeM2NgUAAAAAAAAAAAAAAAAAAAD/mMuPny5ej0ZvPtTFICJWn/mTole98IbL2y76sRNtKP5qke5GG6MNPwWHEbGtxmZFUax1cn2NGHR1cQIAAAAAAAAAAAAAAAAAgP9M/affX7Oki4YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAP1/f83KMYRscbJyzc76nSrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7LHvAQAA///DgjXa") 4.650105501s ago: executing program 1 (id=5454): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000740)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c10, &(0x7f0000000400)={[{@sysvgroups}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000}}]}, 0xff, 0x23f, &(0x7f0000000540)="$eJzs3T1oLFUYBuB3Zne95t5FrtoI4g+IiAbCtRNsYqMQkBBEBBUiIjZKIsQEu8TKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstFiZnURisuLPxh1xngdmZ2b3nPnOMPOe3WbYAK11Nclskk6S6SS9JMXpBnfWy9Xj3c2p3cVkMHjsh2LYrt6vnfS7kmQjyQNJdsoiL3STte2nDn7ae+Se11d7d7+7/eTURE/y2OHB/qNH78y/9sHc/WufffHdfJHZ9H93XhevGPFet0hu+jeK/UcU3aZHwF+x8Mr7X1a5vznJXcP891KmvnhvrFy308t9b/9R3ze///zWSY4VuHiDQa/6DtwYAK1TJumnKGeS1NtlOTNT/4b/qnO5fHF55eXp55dXl55reqYCLko/2X/4o0sfXjmT/287df6B/68q/48vbH1dbR91mh4NMBG31asq/9PPrN8b+YfWkX9oL/mH9pJ/aC/5h/aSf2gv+Yf2kn9oL/mH9pJ/aK/T+QcA2mVwqeknkIGmND3/AAAAAAAAAAAAAAAAAAAA521O7S6eLJOq+clbyeFDSbqj6neG/0ecXD98vfxjUTX7TVF3G8vTd4x5gDG91/DT1zd802z9T29vtv76UrLxapJr3e75+684vv/+uRv/5PPes2MW+JuKM/sPPjHZ+mf9stVs/bm95ONq/rk2av4pc8twPXr+6VfXb8z6L/085gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmF8DAAD//xFQbUc=") mknod$loop(0x0, 0x100000000000600d, 0x1) r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff) fadvise64(r5, 0x8, 0xb098, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa300000000000007030000f1feffff720af0fff8ffffff71a4f0ff0000000071103b00000000001d400500000000004704000001ed00000f030000000000006f44000000000000730a00fe000000007203000000000006b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f18564a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccc99069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad24b89b6a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c87852730a3bd7ac923fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca4856ff03b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec860cde7c79f7b4d4e24c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b450100000001000000393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00400000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd599c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb80610eb37bd2d40ebdfed687f0b093e68f10b72146a0b749ee2105e2da94a288146abbbaf7c0b24fe0000000000000000f1a4f4de6a8d12dc9e71a20cbd412898586843b534d36e21379a8a06133c1babde9e5bd5b6afc5f684aada43ee560e800f58cb33b8483f6518abde7c86bd5d389c1b3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bind$inet(r0, 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='rdma.current\x00', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f0000000040), 0x208e24b) 2.792196522s ago: executing program 5 (id=5457): socket$inet6(0xa, 0x3, 0x8000000003c) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2200, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020100008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r3}, 0x10) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffe2, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = gettid() r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) read$rfkill(r6, 0x0, 0x0) timer_create(0x0, &(0x7f00000003c0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000000380)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000980)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10) sync() socket$netlink(0x10, 0x3, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, 0x0, 0x8043) r8 = syz_open_dev$evdev(&(0x7f0000000180), 0x1, 0xa0502) syz_usb_disconnect(r8) syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201100100000040ffffffff4000010203010902"], 0x0) ioctl$EVIOCRMFF(r8, 0x4004550e, 0x0) 2.790906262s ago: executing program 2 (id=5458): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfeffffff, @void, @value}, 0x94) r2 = epoll_create1(0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000100)) shutdown(r4, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000000240)={'wg2\x00', 0x0}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000002c0)=0x14) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000003c0)={'syztnl2\x00', &(0x7f0000000300)={'gretap0\x00', 0x0, 0x10, 0x80, 0x1, 0xbc, {{0x28, 0x4, 0x3, 0x3d, 0xa0, 0x68, 0x0, 0x0, 0x2b, 0x0, @local, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@noop, @cipso={0x86, 0x64, 0x2, [{0x1, 0x7, "8b48f07008"}, {0x7, 0xb, "b5ad6bbb4a1a8f01fe"}, {0x0, 0x6, "a321ee90"}, {0x0, 0x2}, {0x1, 0x10, "e3e8f198fcd501b5d777111a6715"}, {0x6, 0xa, "1f7a10c998f63fee"}, {0x5, 0x9, "4c305d2d4656eb"}, {0x6, 0xd, "e513a10ab870512a631872"}, {0x1, 0x11, "a130dd9f95d05767a71ae39dc6d9bd"}, {0x2, 0x3, "1a"}]}, @timestamp={0x44, 0x24, 0xed, 0x0, 0x3, [0xb5bb, 0xa, 0x5, 0xdfd, 0x80000000, 0x0, 0x7, 0x400]}]}}}}}) sendmsg$ETHTOOL_MSG_RINGS_GET(r5, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x240004}, 0xc, &(0x7f0000000400)={&(0x7f0000000b00)=ANY=[@ANYBLOB="b4010000", @ANYRES16=r6, @ANYBLOB="20002cbd7000fbdbdf250f0000005800018014000200766972745f77696669300000000000000800030006000000080003000200000014000200697036746e6c30000000000000000000080003000100000014000200697036677265300000000000000000002c0001801400020076657468315f746f5f626174616476001400020064756d6d7930000000000000000000000c00018008000100", @ANYRES32=r8, @ANYBLOB="040001806c0001800800030000000000140002006970766c616e3100000000000000000008000300030000001400020074756e6c30000000000000000000000014000200766574683100000000000000000000000800030000000000140002000000000000000000000000000000000028000180080003000300000008000300020000001400020076657468315f746f5f626174616476003000018008000300020000001400020076657468315f6d61637674617000000008000100", @ANYRES32=r7, @ANYBLOB="08000100", @ANYRES32=r8, @ANYBLOB="48000180f5440800", @ANYRES32=r8, @ANYBLOB="08000100", @ANYRES32=r9, @ANYBLOB="080003000100000008000100", @ANYRES32=r9, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYRES32=r9, @ANYBLOB], 0x1b4}, 0x1, 0x0, 0x0, 0x8004040}, 0x800c044) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="00000000000000000000c7d95647b1fb23cd4658e78c8dcef39d3fcd835b2049db8b6137b737a0722fb97d491779379ce22c84890e7c175adc67d21983ec51a97cf7e7f77ba38a8299", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) gettid() r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000500)=ANY=[@ANYRESOCT=r1, @ANYRES32=r11, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000009704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r9, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) accept(0xffffffffffffffff, 0x0, 0x0) 2.741163533s ago: executing program 2 (id=5459): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xc) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x408, 0x0, 0x2b8, 0xb0000010, 0x0, 0x5c8f0200, 0x338, 0x3a8, 0x3a8, 0x338, 0x3a8, 0x3, 0x0, {[{{@ipv6={@private1, @local, [0xffffff00], [0xffffff00, 0xffffff00, 0xff000000], 'vlan1\x00', 'veth0_to_team\x00', {}, {}, 0x0, 0xfd, 0x0, 0x19}, 0x0, 0x228, 0x248, 0x700, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve1\x00', {0x8, 0x103, 0x33, 0x871004, 0xfcc, 0x80001, 0x7fffffff, 0x0, 0x0, 0xe0}}}, @inet=@rpfilter={{0x28}, {0x2}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@private1, @mcast2, [0x0, 0xffff00, 0x0, 0xffffff00], [0x0, 0xffffffff, 0x0, 0xff], 'dvmrp0\x00', 'sit0\x00', {}, {0xff}, 0x67, 0xb7, 0x1}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'rose0\x00', {0xb}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x468) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000002c0)=""/100, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000e40)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000feffffff7b8af8ff00000000bfa20000000000ce1dfa33550007020000f8ffffffb703000008000000b7040000000000008500000003000000950000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94) 2.740551713s ago: executing program 2 (id=5460): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x56a, 0x331, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x4}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_connect$uac1(0x6, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x3c, &(0x7f00000001c0)={0x5, 0xf, 0x3c, 0x1, [@generic={0x37, 0x10, 0x0, "a1ff603f3f0c8eb670b592ca5d3f26a7764227fe9b371e065b11fd8cb1a3e76611b5d5c5f998865c0508d95d7d4d1bf0f93282b3"}]}}) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0xffffffffffffff89, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYRESOCT=r0], 0x0}, 0x0) 2.443570698s ago: executing program 1 (id=5461): r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000001040), 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r1, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18) syz_emit_ethernet(0x2a, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaa0dffffffffffff080600010800060414bb000000000000ffffffff00"/42], 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4) ioctl$SIOCGETLINKNAME(0xffffffffffffffff, 0x89e0, 0x0) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4002, 0x1, 0x11, r0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r7}, 0x18) add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) 2.280855481s ago: executing program 3 (id=5468): syz_genetlink_get_family_id$tipc(&(0x7f0000000140), 0xffffffffffffffff) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3800480, &(0x7f0000000280), 0x45, 0x786, &(0x7f00000007c0)="$eJzs3d9rW2UfAPDvSX93e9/2hRd0XhUELYyldtZNwYuJFyI4GOi1W0mzMps2o0nHWgpuiOCNoOKFoDe79se889Yft/pfeCEbU7vhxAupnDRZszXpkq1J5vb5wGme5zwnfZ5vnnOe8yTnkATwyJpI/2QiDkTEB0nEWHV9EhEDlVR/xLGt7W5urOfSJYnNzdd/Syrb3NhYz0Xdc1L7qpnHI+L7dyMOZnbWW1pdW5gtFPLL1fxUefHsVGl17dCZxdn5/Hx+6cj0zMzho88dPbJ3sf7x09r+qx++8vRXx/5657HL7/+QxLHYXy2rj2OvTMRE9TUZSF/C27y815X1WLJ7cYM9gAdB2jF9W0d5HIix6KukmhjpZssAgE55OyI2m+lrWgIA/Kslzc//AMBDqfY5wI2N9Vxt6e0nEt117aWIGN6Kv3Z9c6ukv3rNbrhyHXT0RnLblZEkIsb3oP6JiPjsmze/SJfo0HVIgEYuXIyIU+MTO8f/ZMc9C+16poVtJu7IG/+ge75N5z/PN5r/ZW7Nf6LB/GeowbF7L+5+/Geu7EE1TaXzvxfr7m27WRd/1XhfNfefypxvIDl9ppBPx7b/RsRkDAyl+eld6pi8/vf1ZmX187/fP3rr87T+9HF7i8yV/qHbnzM3W569n5jrXbsY8UR/o/iTW/2fNJn/nmixjldfeO/TZmVp/Gm8tWVn/J21eSniqYb9v31HW7Lr/YlTld1hqrZTNPD1z5+MNqu/vv/TJa2/9l6gG9L+H909/vGk/n7NUvt1/Hhp7LtmZXePv/H+P5i8UUkPVtedny2Xl6cjBpPXdq4/vP3cWr62fRr/5JONj//d9v/0PeGpFuPvv/rrl/cef2el8c+11f/tJy7fXOhrVn9r/T9TSU1W17Qy/rXawPt57QAAAAAAAAAAAAAAAAAAAAAAAACgVZmI2B9JJnsrnclks1u/4f3/GM0UiqXywdPFlaW5qPxW9ngMZGpfdTlW932o09Xvw6/lD9+RfzYi/hcRHw+NVPLZXLEw1+vgAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBqX5Pf/0/9MtTr1gEAHTPc1+sWAADdNtzf6xYAAN023NbWIx1rBwDQPe2d/wGAh4HzPwA8epz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6LATx4+ny+afG+u5ND93bnVloXju0Fy+tJBdXMllc8Xls9n5YnG+kM/miotN/9GFrYdCsXh2JpZWzk+V86XyVGl17eRicWWpfPLM4ux8/mR+oGuRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDrSqtrC7OFQn5ZQkKi7URc2DqOHpT27F0iBrdHiZGejU8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD7p/AgAA//+mAybn") r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="020000000400000008000000010000008000"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000c80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) close(r2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000740000000700000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$uinput_user_dev(r3, &(0x7f00000005c0)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x47b07c7d, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x80000001, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x5e6, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xe04, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x758, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x7, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x400000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) 1.989127236s ago: executing program 3 (id=5469): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfeffffff, @void, @value}, 0x94) r2 = epoll_create1(0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000100)) shutdown(r4, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000000240)={'wg2\x00', 0x0}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000002c0)=0x14) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000003c0)={'syztnl2\x00', &(0x7f0000000300)={'gretap0\x00', 0x0, 0x10, 0x80, 0x1, 0xbc, {{0x28, 0x4, 0x3, 0x3d, 0xa0, 0x68, 0x0, 0x0, 0x2b, 0x0, @local, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@noop, @cipso={0x86, 0x64, 0x2, [{0x1, 0x7, "8b48f07008"}, {0x7, 0xb, "b5ad6bbb4a1a8f01fe"}, {0x0, 0x6, "a321ee90"}, {0x0, 0x2}, {0x1, 0x10, "e3e8f198fcd501b5d777111a6715"}, {0x6, 0xa, "1f7a10c998f63fee"}, {0x5, 0x9, "4c305d2d4656eb"}, {0x6, 0xd, "e513a10ab870512a631872"}, {0x1, 0x11, "a130dd9f95d05767a71ae39dc6d9bd"}, {0x2, 0x3, "1a"}]}, @timestamp={0x44, 0x24, 0xed, 0x0, 0x3, [0xb5bb, 0xa, 0x5, 0xdfd, 0x80000000, 0x0, 0x7, 0x400]}]}}}}}) sendmsg$ETHTOOL_MSG_RINGS_GET(r5, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x240004}, 0xc, &(0x7f0000000400)={&(0x7f0000000b00)=ANY=[@ANYBLOB="b4010000", @ANYRES16=r6, @ANYBLOB="20002cbd7000fbdbdf250f0000005800018014000200766972745f77696669300000000000000800030006000000080003000200000014000200697036746e6c30000000000000000000080003000100000014000200697036677265300000000000000000002c0001801400020076657468315f746f5f626174616476001400020064756d6d7930000000000000000000000c00018008000100", @ANYRES32=r8, @ANYBLOB="040001806c0001800800030000000000140002006970766c616e3100000000000000000008000300030000001400020074756e6c30000000000000000000000014000200766574683100000000000000000000000800030000000000140002000000000000000000000000000000000028000180080003000300000008000300020000001400020076657468315f746f5f626174616476003000018008000300020000001400020076657468315f6d61637674617000000008000100", @ANYRES32=r7, @ANYBLOB="08000100", @ANYRES32=r8, @ANYBLOB="48000180f5440800", @ANYRES32=r8, @ANYBLOB="08000100", @ANYRES32=r9, @ANYBLOB="080003000100000008000100", @ANYRES32=r9, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYRES32=r9, @ANYBLOB], 0x1b4}, 0x1, 0x0, 0x0, 0x8004040}, 0x800c044) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="00000000000000000000c7d95647b1fb23cd4658e78c8dcef39d3fcd835b2049db8b6137b737a0722fb97d491779379ce22c84890e7c175adc67d21983ec51a97cf7e7f77ba38a8299", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) gettid() r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000500)=ANY=[@ANYRESOCT=r1, @ANYRES32=r11, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000009704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r9, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) accept(0xffffffffffffffff, 0x0, 0x0) 1.693623161s ago: executing program 3 (id=5470): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c000000ffff000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000810018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df12c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) (fail_nth: 2) 1.666580202s ago: executing program 3 (id=5471): syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10) timer_create(0x3, 0x0, &(0x7f0000044000)) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffd, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="ac0000000001010400000000000000000a0000003c0001802c000180140003000000000000000000000000000000000014000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000020000000000000000000000aa14000400fe8000000000000000000000000000aa0c00028005000100000000000800074000000000180006"], 0xac}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file0\x00', 0x1000801, &(0x7f0000000080)=ANY=[@ANYRES16=0x0], 0x0, 0x1ca, &(0x7f00000008c0)="$eJzsmb+uEkEUxr+Z3QvcG2NiY2GjiTfxmlyW3UUNjQU+gQn4r5PIStAFDGwBJBbExsbH8BUsqCzs7Gy1UBMTCymt18xw2B35J8QQSTy/hNlvZs7MnDnAVwAYhvlv+frl5+dXt0rVUwBncIwsjX+30hhpxH/Kkfj4+l377PPx/H4CQBxvfr4N4G3ZQkT9OP599TE9q5CJvgOJq6TvQcAh/RASd0kHEHhA+omhO4ckwsB51Anrj5th4KrGU42vmuJ8fpORQB1AjvITxnxvMHxaC8OgOy8O4tk5C1Pbij/Uz56UJW4a9VPv1/2XL0aqP6uNa9TPg4RHugiBCukSsnAcJy2Jcf8Ldrq/tcn990Gcy6+LOd2DDFn8AyGMkUMl1Bc6GTk/Gb9fXPVtl4ld2u2VQZ69MPXh6O92zpAJLI1J/VNZ7hXDn2zYiX8UotazQm8wzDdbtUbQCNq+X7zhXnPd635BG9G0XeN/Oe1PR8b+BytiMyKDfi2Kul4fiLpe0venreG4lTedH3qN1P4ncXJ5uof6qOhrZ5efIegl9VOpE2tl8gzDMAzDMAzDMAzDMAzDMFtxEUL/Ckp/VMUr8G/r6F8BAAD///ckZMc=") socketpair$unix(0x1, 0x2, 0x0, 0x0) 1.503806245s ago: executing program 1 (id=5472): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xc) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x408, 0x0, 0x2b8, 0xb0000010, 0x0, 0x5c8f0200, 0x338, 0x3a8, 0x3a8, 0x338, 0x3a8, 0x3, 0x0, {[{{@ipv6={@private1, @local, [0xffffff00], [0xffffff00, 0xffffff00, 0xff000000], 'vlan1\x00', 'veth0_to_team\x00', {}, {}, 0x0, 0xfd, 0x0, 0x19}, 0x0, 0x228, 0x248, 0x700, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve1\x00', {0x8, 0x103, 0x33, 0x871004, 0xfcc, 0x80001, 0x7fffffff, 0x0, 0x0, 0xe0}}}, @inet=@rpfilter={{0x28}, {0x2}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@private1, @mcast2, [0x0, 0xffff00, 0x0, 0xffffff00], [0x0, 0xffffffff, 0x0, 0xff], 'dvmrp0\x00', 'sit0\x00', {}, {0xff}, 0x67, 0xb7, 0x1}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'rose0\x00', {0xb}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x468) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000002c0)=""/100, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000e40)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000feffffff7b8af8ff00000000bfa20000000000ce1dfa33550007020000f8ffffffb703000008000000b7040000000000008500000003000000950000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94) 991.955063ms ago: executing program 1 (id=5474): syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000319021508fd070100e56a010203010902240001080a4006090401"], &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0}) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x20, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000, @void, @value}, 0x94) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001800)={&(0x7f0000000580)='kfree\x00', r2}, 0x9) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0500000003f01f00040000007f00000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000001ea1d09600"/32], 0x50) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000280)={r3, r4}, 0xc) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_opts(r5, 0x0, 0x4, 0x0, 0x0) setsockopt$SO_BINDTODEVICE_wg(r5, 0x1, 0x19, &(0x7f00000003c0)='wg1\x00', 0x4) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e23, @rand_addr=0x64010103}, 0x10) sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r7 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMP(r7, 0x1, 0x1d, &(0x7f0000000000)=0x1, 0x4) getsockopt$SO_TIMESTAMP(r7, 0x1, 0x1d, 0x0, &(0x7f0000000140)) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x69c80b63ab6d3d27}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)={0x20, r6, 0x4, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x5, 0x12}}}}, ["", "", "", "", "", "", ""]}, 0x20}}, 0x40) 594.44843ms ago: executing program 4 (id=5475): capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)) r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) write$binfmt_aout(r0, &(0x7f0000000d00)=ANY=[], 0x320) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f00000002c0)='mm_page_alloc\x00', r3}, 0x10) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000040000000000000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000040)='sys_enter\x00', r4}, 0x18) poll(&(0x7f0000000000)=[{r4, 0x1000}, {r1}, {r3, 0x1001}, {r3, 0x8218}, {r1}, {r2, 0x1100}, {r2, 0x100}, {r1, 0x8000}], 0x8, 0x9) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) 593.92804ms ago: executing program 4 (id=5476): bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xb, 0x4f, 0x200cc, 0x6, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f00000001c0)={0x0, 0x800e, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="a1ab0000000000000e003200000008001701"], 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000006d00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='fib6_table_lookup\x00', r5}, 0x18) socket$nl_route(0x10, 0x3, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f00000013c0)=0x80000000001, 0x4) write$binfmt_aout(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xff2e) r7 = userfaultfd(0x801) ioctl$UFFDIO_API(r7, 0xc018aa3f, 0x0) r8 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000000)={0xa0000001}) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x44) socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000d00000000080000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000400)={0x38, r9, 0x205, 0x0, 0x25dfdbfc, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0xc, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x8, 0x3, 0x0, 0x1, [{0x4}]}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x850}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00'}, 0x10) 562.340151ms ago: executing program 3 (id=5477): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x200800, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, 0x0, 0x0}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) read$eventfd(0xffffffffffffffff, &(0x7f0000000040), 0x8) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f00000003c0)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000f10d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r3, 0x2000012, 0x100e, 0x2, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000000c0)={0x41, 0x3, 0x1}, 0x10) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) 553.506861ms ago: executing program 4 (id=5478): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00') preadv(r3, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0) (fail_nth: 2) 506.423062ms ago: executing program 3 (id=5479): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x3a) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYBLOB="3bb3bba9ef57387309bd9cb26cc8c4f51b1c9194a214cea6e8d32b825a071d4495c43ef57ad78902c13f0172b417845aeecaa4f18199fc996617e770383d2a3429fcfcfaede64c702d9f5400656247af306fdd2043510e1e6e807102e28dbbb9fb37a53fd06d8d09be7737e2bfdfd9d1a57179e02ef5a5a1d69ca4375d8630437ddbde9e6d9fe8406e4ccd1c89921b51a1543e805e4514ecc529"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x200800, 0x0) unshare(0x4c010000) pwritev(r3, 0x0, 0x0, 0xfffffffd, 0x0) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r5 = eventfd2(0x0, 0x0) read$eventfd(r5, &(0x7f0000000040), 0x8) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095", @ANYRES32=r6, @ANYRESHEX=r4, @ANYRES8=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000f10d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x29) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r7, 0x2000012, 0x100e, 0x2, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x18) r8 = socket$inet_udp(0x2, 0x2, 0x0) r9 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r9, 0x0, 0x0) connect$inet(r8, &(0x7f0000000400)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r8, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {0x1}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@private=0xa010100, 0x2000, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8) 245.105907ms ago: executing program 4 (id=5480): syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x10000, 0xffffffffffffffff, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000040)='devtmpfs\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x2a00a9, &(0x7f00000000c0)={[{@nr_blocks}, {@nr_inodes={'nr_inodes', 0x3d, [0x67]}}]}) 224.546767ms ago: executing program 4 (id=5481): syz_genetlink_get_family_id$tipc(&(0x7f0000000140), 0xffffffffffffffff) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x3800480, &(0x7f0000000280), 0x45, 0x786, &(0x7f00000007c0)="$eJzs3d9rW2UfAPDvSX93e9/2hRd0XhUELYyldtZNwYuJFyI4GOi1W0mzMps2o0nHWgpuiOCNoOKFoDe79se889Yft/pfeCEbU7vhxAupnDRZszXpkq1J5vb5wGme5zwnfZ5vnnOe8yTnkATwyJpI/2QiDkTEB0nEWHV9EhEDlVR/xLGt7W5urOfSJYnNzdd/Syrb3NhYz0Xdc1L7qpnHI+L7dyMOZnbWW1pdW5gtFPLL1fxUefHsVGl17dCZxdn5/Hx+6cj0zMzho88dPbJ3sf7x09r+qx++8vRXx/5657HL7/+QxLHYXy2rj2OvTMRE9TUZSF/C27y815X1WLJ7cYM9gAdB2jF9W0d5HIix6KukmhjpZssAgE55OyI2m+lrWgIA/Kslzc//AMBDqfY5wI2N9Vxt6e0nEt117aWIGN6Kv3Z9c6ukv3rNbrhyHXT0RnLblZEkIsb3oP6JiPjsmze/SJfo0HVIgEYuXIyIU+MTO8f/ZMc9C+16poVtJu7IG/+ge75N5z/PN5r/ZW7Nf6LB/GeowbF7L+5+/Geu7EE1TaXzvxfr7m27WRd/1XhfNfefypxvIDl9ppBPx7b/RsRkDAyl+eld6pi8/vf1ZmX187/fP3rr87T+9HF7i8yV/qHbnzM3W569n5jrXbsY8UR/o/iTW/2fNJn/nmixjldfeO/TZmVp/Gm8tWVn/J21eSniqYb9v31HW7Lr/YlTld1hqrZTNPD1z5+MNqu/vv/TJa2/9l6gG9L+H909/vGk/n7NUvt1/Hhp7LtmZXePv/H+P5i8UUkPVtedny2Xl6cjBpPXdq4/vP3cWr62fRr/5JONj//d9v/0PeGpFuPvv/rrl/cef2el8c+11f/tJy7fXOhrVn9r/T9TSU1W17Qy/rXawPt57QAAAAAAAAAAAAAAAAAAAAAAAACgVZmI2B9JJnsrnclks1u/4f3/GM0UiqXywdPFlaW5qPxW9ngMZGpfdTlW932o09Xvw6/lD9+RfzYi/hcRHw+NVPLZXLEw1+vgAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBqX5Pf/0/9MtTr1gEAHTPc1+sWAADdNtzf6xYAAN023NbWIx1rBwDQPe2d/wGAh4HzPwA8epz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6LATx4+ny+afG+u5ND93bnVloXju0Fy+tJBdXMllc8Xls9n5YnG+kM/miotN/9GFrYdCsXh2JpZWzk+V86XyVGl17eRicWWpfPLM4ux8/mR+oGuRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDrSqtrC7OFQn5ZQkKi7URc2DqOHpT27F0iBrdHiZGejU8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD7p/AgAA//+mAybn") r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="020000000400000008000000010000008000"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000c80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) close(r2) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$uinput_user_dev(r3, &(0x7f00000005c0)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x47b07c7d, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x80000001, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x5e6, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xe04, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x758, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x7, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x400000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) 132.518608ms ago: executing program 4 (id=5482): r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000001040), 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r1, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18) syz_emit_ethernet(0x2a, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaa0dffffffffffff080600010800060414bb000000000000ffffffff00"/42], 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4) ioctl$SIOCGETLINKNAME(0xffffffffffffffff, 0x89e0, 0x0) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4002, 0x1, 0x11, r0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r7}, 0x18) add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) 510.68µs ago: executing program 2 (id=5483): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x1, 0x0) mount$incfs(&(0x7f0000000140)='.\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) r0 = signalfd4(0xffffffffffffffff, &(0x7f00000004c0)={[0x4]}, 0x8, 0x80800) ppoll(&(0x7f0000000500)=[{r0, 0x1020}], 0x1, &(0x7f0000000540)={0x0, 0x989680}, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0xb, &(0x7f0000000100)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1}, [@printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5550}, {0x85, 0x0, 0x0, 0x19}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) 0s ago: executing program 2 (id=5484): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xc) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x408, 0x0, 0x2b8, 0xb0000010, 0x0, 0x5c8f0200, 0x338, 0x3a8, 0x3a8, 0x338, 0x3a8, 0x3, 0x0, {[{{@ipv6={@private1, @local, [0xffffff00], [0xffffff00, 0xffffff00, 0xff000000], 'vlan1\x00', 'veth0_to_team\x00', {}, {}, 0x0, 0xfd, 0x0, 0x19}, 0x0, 0x228, 0x248, 0x700, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve1\x00', {0x8, 0x103, 0x33, 0x871004, 0xfcc, 0x80001, 0x7fffffff, 0x0, 0x0, 0xe0}}}, @inet=@rpfilter={{0x28}, {0x2}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@private1, @mcast2, [0x0, 0xffff00, 0x0, 0xffffff00], [0x0, 0xffffffff, 0x0, 0xff], 'dvmrp0\x00', 'sit0\x00', {}, {0xff}, 0x67, 0xb7, 0x1}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'rose0\x00', {0xb}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x468) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000002c0)=""/100, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x100000}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000feffffff7b8af8ff00000000bfa20000000000ce1dfa33550007020000f8ffffffb703000008000000b7040000000000008500000003000000950000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94) kernel console output (not intermixed with test programs): dn't find an available UDC or it's busy [ 1811.164814][T20037] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1811.197208][ T4185] hub 6-1:4.0: hub_hub_status failed (err = -32) [ 1811.203623][ T4185] hub 6-1:4.0: config failed, can't get hub status (err -32) [ 1811.304575][ T28] audit: type=1400 audit(1749324905.481:106177): avc: denied { getattr } for pid=20056 comm="syz.4.5048" name="KEY" dev="sockfs" ino=85037 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 1811.386652][ T4185] usb 4-1: USB disconnect, device number 59 [ 1811.401275][T20059] xt_hashlimit: size too large, truncated to 1048576 [ 1811.494405][T20062] loop5: detected capacity change from 0 to 2048 [ 1811.516709][T20062] EXT4-fs: Ignoring removed mblk_io_submit option [ 1811.532518][T20062] EXT4-fs: dax option not supported [ 1811.549525][T20064] xt_CT: No such helper "snmp_trap" [ 1811.566407][T14048] usb 6-1: USB disconnect, device number 44 [ 1811.585781][T19824] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1812.028130][T20072] FAULT_INJECTION: forcing a failure. [ 1812.028130][T20072] name failslab, interval 1, probability 0, space 0, times 0 [ 1812.051450][T20072] CPU: 0 PID: 20072 Comm: syz.1.5051 Not tainted 6.1.138-syzkaller-00056-g7af56ffc913d #0 [ 1812.061397][T20072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1812.071475][T20072] Call Trace: [ 1812.074774][T20072] [ 1812.077719][T20072] __dump_stack+0x21/0x24 [ 1812.082080][T20072] dump_stack_lvl+0xee/0x150 [ 1812.086699][T20072] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1812.091746][T20072] dump_stack+0x15/0x24 [ 1812.095928][T20072] should_fail_ex+0x3d4/0x520 [ 1812.100637][T20072] ? fuse_get_req+0x3d6/0xa80 [ 1812.105353][T20072] __should_failslab+0xac/0xf0 [ 1812.110140][T20072] should_failslab+0x9/0x20 [ 1812.114756][T20072] kmem_cache_alloc+0x3b/0x330 [ 1812.119545][T20072] fuse_get_req+0x3d6/0xa80 [ 1812.124083][T20072] ? fuse_simple_request+0x1820/0x1820 [ 1812.129566][T20072] ? kvm_sched_clock_read+0x18/0x40 [ 1812.134813][T20072] ? __this_cpu_preempt_check+0x13/0x20 [ 1812.140561][T20072] ? xfd_validate_state+0x70/0x150 [ 1812.145718][T20072] fuse_simple_request+0x25f/0x1820 [ 1812.151047][T20072] ? __kasan_check_write+0x14/0x20 [ 1812.156195][T20072] ? __switch_to+0x51f/0xe30 [ 1812.160813][T20072] ? psi_group_change+0xb73/0x12b0 [ 1812.165948][T20072] ? __cfi_fuse_simple_request+0x10/0x10 [ 1812.171617][T20072] ? __cfi___switch_to+0x10/0x10 [ 1812.176585][T20072] ? _raw_spin_unlock+0x4c/0x70 [ 1812.181468][T20072] ? finish_task_switch+0x16b/0x7b0 [ 1812.186688][T20072] ? __switch_to_asm+0x3a/0x60 [ 1812.191492][T20072] fuse_getxattr+0x2bd/0x450 [ 1812.196118][T20072] ? __cfi_fuse_getxattr+0x10/0x10 [ 1812.201278][T20072] ? make_kgid+0x1aa/0x640 [ 1812.205723][T20072] ? __kasan_check_write+0x14/0x20 [ 1812.210868][T20072] ? set_nlink+0xcb/0x190 [ 1812.215254][T20072] fuse_xattr_get+0x1fb/0x1370 [ 1812.220056][T20072] ? _raw_spin_unlock+0x4c/0x70 [ 1812.224941][T20072] ? fuse_change_attributes+0x584/0x800 [ 1812.230528][T20072] ? __cfi_fuse_xattr_get+0x10/0x10 [ 1812.235771][T20072] ? __cfi_fuse_xattr_get+0x10/0x10 [ 1812.240997][T20072] __vfs_getxattr+0x3b1/0x3e0 [ 1812.245703][T20072] cap_inode_need_killpriv+0x45/0x60 [ 1812.251027][T20072] security_inode_need_killpriv+0x73/0xa0 [ 1812.256774][T20072] __file_remove_privs+0x225/0x5c0 [ 1812.261916][T20072] ? file_remove_privs+0x20/0x20 [ 1812.266969][T20072] file_remove_privs+0x17/0x20 [ 1812.271753][T20072] __generic_file_write_iter+0x120/0x580 [ 1812.277413][T20072] ? __cfi___generic_file_write_iter+0x10/0x10 [ 1812.283606][T20072] ? rwsem_write_trylock+0x130/0x300 [ 1812.288929][T20072] ? generic_write_checks_count+0x3c6/0x4a0 [ 1812.294855][T20072] ? generic_write_checks+0xa8/0x100 [ 1812.300170][T20072] generic_file_write_iter+0xae/0x310 [ 1812.305588][T20072] ? fuse_file_write_iter+0x1148/0x2360 [ 1812.311167][T20072] fuse_file_write_iter+0x1481/0x2360 [ 1812.316564][T20072] ? __kernel_text_address+0xd/0x30 [ 1812.321799][T20072] ? unwind_get_return_address+0x4d/0x90 [ 1812.327452][T20072] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 1812.333640][T20072] ? arch_stack_walk+0xfc/0x150 [ 1812.338531][T20072] ? __cfi_fuse_file_write_iter+0x10/0x10 [ 1812.344277][T20072] ? stack_trace_save+0x98/0xe0 [ 1812.349150][T20072] ? _parse_integer_limit+0x18a/0x1d0 [ 1812.354554][T20072] ? kstrtouint_from_user+0xf7/0x150 [ 1812.359859][T20072] ? __cfi_kstrtouint_from_user+0x10/0x10 [ 1812.365603][T20072] ? avc_policy_seqno+0x1b/0x70 [ 1812.370562][T20072] ? selinux_file_permission+0x2a5/0x510 [ 1812.376193][T20072] ? fsnotify_perm+0x67/0x5b0 [ 1812.381216][T20072] ? security_file_permission+0x8a/0xb0 [ 1812.386767][T20072] vfs_write+0x5db/0xca0 [ 1812.391022][T20072] ? slab_free_freelist_hook+0xc2/0x190 [ 1812.396571][T20072] ? __cfi_vfs_write+0x10/0x10 [ 1812.401344][T20072] ? __cfi_mutex_lock+0x10/0x10 [ 1812.406199][T20072] ? __fdget_pos+0x2cd/0x380 [ 1812.410792][T20072] ? ksys_write+0x71/0x240 [ 1812.415207][T20072] ksys_write+0x140/0x240 [ 1812.419544][T20072] ? __cfi_ksys_write+0x10/0x10 [ 1812.424395][T20072] ? debug_smp_processor_id+0x17/0x20 [ 1812.429766][T20072] __x64_sys_write+0x7b/0x90 [ 1812.434355][T20072] x64_sys_call+0x27b/0x9a0 [ 1812.438853][T20072] do_syscall_64+0x4c/0xa0 [ 1812.443271][T20072] ? clear_bhb_loop+0x15/0x70 [ 1812.447942][T20072] ? clear_bhb_loop+0x15/0x70 [ 1812.452615][T20072] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1812.458548][T20072] RIP: 0033:0x7f3a0db8e929 [ 1812.462970][T20072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1812.482568][T20072] RSP: 002b:00007f3a0ea34038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1812.490977][T20072] RAX: ffffffffffffffda RBX: 00007f3a0ddb5fa0 RCX: 00007f3a0db8e929 [ 1812.498943][T20072] RDX: 00000000fffffdef RSI: 00002000000000c0 RDI: 0000000000000007 [ 1812.506909][T20072] RBP: 00007f3a0ea34090 R08: 0000000000000000 R09: 0000000000000000 [ 1812.514873][T20072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1812.522834][T20072] R13: 0000000000000000 R14: 00007f3a0ddb5fa0 R15: 00007ffcac53e158 [ 1812.530801][T20072] [ 1812.658556][ T28] audit: type=1400 audit(1749324906.841:106178): avc: denied { mount } for pid=20079 comm="syz.4.5054" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 1812.690093][ T28] audit: type=1400 audit(1749324906.841:106179): avc: denied { remount } for pid=20079 comm="syz.4.5054" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 1813.501956][T20099] loop4: detected capacity change from 0 to 256 [ 1813.536988][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1427.tmp-b7:4' failed: Read-only file system [ 1813.565444][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1427.tmp-b7:4' failed: Read-only file system [ 1813.589337][T20099] loop4: detected capacity change from 0 to 128 [ 1813.611435][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1427.tmp-b7:4' failed: Read-only file system [ 1813.623147][T20099] FAT-fs (loop4): Unrecognized mount option "sys_enter" or missing value [ 1813.667667][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1427.tmp-b7:4' failed: Read-only file system [ 1813.720950][T20106] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5059'. [ 1813.745520][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1429.tmp-b7:4' failed: Read-only file system [ 1813.822253][T20107] overlayfs: unrecognized mount option "uuid=null:/" or missing value [ 1813.842660][T20107] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 1814.117865][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1429.tmp-b7:4' failed: Read-only file system [ 1814.174636][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1429.tmp-b7:4' failed: Read-only file system [ 1814.260407][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1430.tmp-b7:4' failed: Read-only file system [ 1814.298411][T20110] loop4: detected capacity change from 0 to 2048 [ 1814.319596][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1431.tmp-b7:4' failed: Read-only file system [ 1814.331428][T20110] EXT4-fs: Ignoring removed mblk_io_submit option [ 1814.355479][T20110] EXT4-fs: dax option not supported [ 1814.363373][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 1814.894292][T20119] loop5: detected capacity change from 0 to 128 [ 1815.021690][T20119] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 1815.151068][T20123] overlayfs: unrecognized mount option "uuid=null:/" or missing value [ 1815.180817][T20123] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 1815.317509][T20119] ext4 filesystem being mounted at /275/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 1815.682507][T20128] device pim6reg1 entered promiscuous mode [ 1815.748537][T20129] xt_CT: No such helper "snmp_trap" [ 1815.978414][T14166] EXT4-fs (loop5): unmounting filesystem. [ 1816.003177][ T28] audit: type=1400 audit(1749324910.181:106180): avc: denied { ioctl } for pid=20132 comm="syz.3.5068" path="net:[4026531840]" dev="nsfs" ino=4026531840 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 1816.029561][ T28] audit: type=1400 audit(1749324910.221:106181): avc: denied { ioctl } for pid=20132 comm="syz.3.5068" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=85244 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1816.058003][T20136] FAULT_INJECTION: forcing a failure. [ 1816.058003][T20136] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1816.071432][T20136] CPU: 0 PID: 20136 Comm: syz.5.5067 Not tainted 6.1.138-syzkaller-00056-g7af56ffc913d #0 [ 1816.081346][T20136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1816.091414][T20136] Call Trace: [ 1816.094705][T20136] [ 1816.097649][T20136] __dump_stack+0x21/0x24 [ 1816.102011][T20136] dump_stack_lvl+0xee/0x150 [ 1816.106626][T20136] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1816.111673][T20136] ? memcpy+0x56/0x70 [ 1816.115782][T20136] dump_stack+0x15/0x24 [ 1816.119961][T20136] should_fail_ex+0x3d4/0x520 [ 1816.124667][T20136] should_fail+0xb/0x10 [ 1816.128856][T20136] should_fail_usercopy+0x1a/0x20 [ 1816.133911][T20136] strncpy_from_user+0x24/0x2d0 [ 1816.138797][T20136] bpf_prog_load+0x1bb/0x15a0 [ 1816.143503][T20136] ? map_freeze+0x390/0x390 [ 1816.148042][T20136] ? selinux_bpf+0xc7/0xf0 [ 1816.152524][T20136] ? security_bpf+0x93/0xb0 [ 1816.157057][T20136] __sys_bpf+0x504/0x780 [ 1816.161338][T20136] ? bpf_link_show_fdinfo+0x320/0x320 [ 1816.166750][T20136] ? __cfi_ksys_write+0x10/0x10 [ 1816.171636][T20136] ? debug_smp_processor_id+0x17/0x20 [ 1816.177141][T20136] __x64_sys_bpf+0x7c/0x90 [ 1816.181595][T20136] x64_sys_call+0x488/0x9a0 [ 1816.186132][T20136] do_syscall_64+0x4c/0xa0 [ 1816.190587][T20136] ? clear_bhb_loop+0x15/0x70 [ 1816.195378][T20136] ? clear_bhb_loop+0x15/0x70 [ 1816.200081][T20136] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1816.206021][T20136] RIP: 0033:0x7fdf2c58e929 [ 1816.210469][T20136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1816.230140][T20136] RSP: 002b:00007fdf2d401038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1816.238583][T20136] RAX: ffffffffffffffda RBX: 00007fdf2c7b5fa0 RCX: 00007fdf2c58e929 [ 1816.246572][T20136] RDX: 0000000000000020 RSI: 00002000000000c0 RDI: 0000000000000005 [ 1816.254562][T20136] RBP: 00007fdf2d401090 R08: 0000000000000000 R09: 0000000000000000 [ 1816.262567][T20136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1816.270556][T20136] R13: 0000000000000000 R14: 00007fdf2c7b5fa0 R15: 00007fff0f65a2b8 [ 1816.278555][T20136] [ 1816.926654][ T28] audit: type=1400 audit(1749324910.741:106182): avc: denied { bind } for pid=20140 comm="syz.3.5070" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 1817.435165][T20156] bridge0: port 3(macsec1) entered blocking state [ 1817.441698][T20156] bridge0: port 3(macsec1) entered disabled state [ 1817.715706][T12520] block device autoloading is deprecated and will be removed. [ 1817.938691][T20171] overlayfs: unrecognized mount option "uuid=null:/" or missing value [ 1817.954887][T20171] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 1820.203141][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1434.tmp-b7:5' failed: Read-only file system [ 1820.230307][ T4185] usb 5-1: new full-speed USB device number 71 using dummy_hcd [ 1820.265336][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1434.tmp-b7:5' failed: Read-only file system [ 1820.361737][T20185] FAULT_INJECTION: forcing a failure. [ 1820.361737][T20185] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1820.376376][T20185] CPU: 0 PID: 20185 Comm: syz.5.5081 Not tainted 6.1.138-syzkaller-00056-g7af56ffc913d #0 [ 1820.386326][T20185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1820.396410][T20185] Call Trace: [ 1820.399711][T20185] [ 1820.402668][T20185] __dump_stack+0x21/0x24 [ 1820.407035][T20185] dump_stack_lvl+0xee/0x150 [ 1820.411659][T20185] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1820.416715][T20185] ? __cfi_copy_fpstate_to_sigframe+0x10/0x10 [ 1820.422815][T20185] dump_stack+0x15/0x24 [ 1820.427000][T20185] should_fail_ex+0x3d4/0x520 [ 1820.431710][T20185] should_fail+0xb/0x10 [ 1820.435899][T20185] should_fail_usercopy+0x1a/0x20 [ 1820.440959][T20185] _copy_to_user+0x1e/0x90 [ 1820.445414][T20185] copy_siginfo_to_user+0x28/0xa0 [ 1820.450481][T20185] arch_do_signal_or_restart+0xb1b/0x1030 [ 1820.456242][T20185] ? __cfi_rfkill_fop_read+0x10/0x10 [ 1820.461571][T20185] ? __cfi_arch_do_signal_or_restart+0x10/0x10 [ 1820.467764][T20185] ? __kasan_check_write+0x14/0x20 [ 1820.472925][T20185] ? __cfi_ksys_read+0x10/0x10 [ 1820.477723][T20185] exit_to_user_mode_loop+0x7a/0xb0 [ 1820.482953][T20185] exit_to_user_mode_prepare+0x5a/0xa0 [ 1820.488440][T20185] syscall_exit_to_user_mode+0x1a/0x30 [ 1820.493935][T20185] do_syscall_64+0x58/0xa0 [ 1820.498385][T20185] ? clear_bhb_loop+0x15/0x70 [ 1820.503086][T20185] ? clear_bhb_loop+0x15/0x70 [ 1820.507887][T20185] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1820.513826][T20185] RIP: 0033:0x7fdf2c58e927 [ 1820.518266][T20185] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 1820.537893][T20185] RSP: 002b:00007fdf2d401038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1820.546355][T20185] RAX: 0000000000000000 RBX: 00007fdf2c7b5fa0 RCX: 00007fdf2c58e929 [ 1820.554352][T20185] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 1820.562350][T20185] RBP: 00007fdf2d401090 R08: 0000000000000000 R09: 0000000000000000 [ 1820.570347][T20185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1820.578343][T20185] R13: 0000000000000000 R14: 00007fdf2c7b5fa0 R15: 00007fff0f65a2b8 [ 1820.586356][T20185] [ 1820.590782][ T4185] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1820.591960][T20191] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5079'. [ 1820.607965][ T4185] usb 5-1: New USB device found, idVendor=056a, idProduct=032b, bcdDevice= 0.00 [ 1820.638471][ T4185] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1820.661585][ T4185] usb 5-1: config 0 descriptor?? [ 1820.766203][T19869] udevd[19869]: symlink '../../loop5' '/dev/disk/by-diskseq/1434.tmp-b7:5' failed: Read-only file system [ 1820.858289][ T4185] usbhid 5-1:0.0: can't add hid device: -71 [ 1820.864500][ T4185] usbhid: probe of 5-1:0.0 failed with error -71 [ 1820.865900][T19869] udevd[19869]: symlink '../../loop4' '/dev/disk/by-diskseq/1435.tmp-b7:4' failed: Read-only file system [ 1820.893968][ T4185] usb 5-1: USB disconnect, device number 71 [ 1820.939489][T19869] udevd[19869]: symlink '../../loop4' '/dev/disk/by-diskseq/1435.tmp-b7:4' failed: Read-only file system [ 1820.981517][T20198] loop4: detected capacity change from 0 to 2048 [ 1821.002830][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1436.tmp-b7:4' failed: Read-only file system [ 1821.031898][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 1821.104164][T20198] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1821.135835][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1436.tmp-b7:4' failed: Read-only file system [ 1821.508027][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 1821.551698][T20198] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.5084: bg 0: block 234: padding at end of block bitmap is not set [ 1821.577809][T20198] input: syz1 as /devices/virtual/input/input86 [ 1821.637476][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1434.tmp-b7:5' failed: Read-only file system [ 1821.664619][T20207] loop5: detected capacity change from 0 to 512 [ 1821.672595][T12520] EXT4-fs (loop4): unmounting filesystem. [ 1821.779439][T20207] EXT4-fs: Ignoring removed mblk_io_submit option [ 1821.787788][T20207] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1821.809630][T20207] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 1821.826396][ T28] audit: type=1400 audit(1749324916.011:106183): avc: denied { map } for pid=20211 comm="syz.2.5088" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=179 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 1822.386447][T20210] FAULT_INJECTION: forcing a failure. [ 1822.386447][T20210] name failslab, interval 1, probability 0, space 0, times 0 [ 1822.399119][T20210] CPU: 0 PID: 20210 Comm: syz.4.5087 Not tainted 6.1.138-syzkaller-00056-g7af56ffc913d #0 [ 1822.409036][T20210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1822.419103][T20210] Call Trace: [ 1822.422382][T20210] [ 1822.425314][T20210] __dump_stack+0x21/0x24 [ 1822.429660][T20210] dump_stack_lvl+0xee/0x150 [ 1822.434260][T20210] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1822.439291][T20210] dump_stack+0x15/0x24 [ 1822.443554][T20210] should_fail_ex+0x3d4/0x520 [ 1822.448242][T20210] ? create_new_namespaces+0x34/0x660 [ 1822.453624][T20210] __should_failslab+0xac/0xf0 [ 1822.458477][T20210] should_failslab+0x9/0x20 [ 1822.462988][T20210] kmem_cache_alloc+0x3b/0x330 [ 1822.467753][T20210] create_new_namespaces+0x34/0x660 [ 1822.472972][T20210] ? security_capable+0x99/0xc0 [ 1822.477840][T20210] ? ns_capable+0x8c/0xf0 [ 1822.482182][T20210] unshare_nsproxy_namespaces+0x120/0x170 [ 1822.487919][T20210] ksys_unshare+0x4ac/0x7b0 [ 1822.492442][T20210] ? __cfi_ksys_unshare+0x10/0x10 [ 1822.497501][T20210] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 1822.503684][T20210] __x64_sys_unshare+0x38/0x40 [ 1822.508461][T20210] x64_sys_call+0x767/0x9a0 [ 1822.512970][T20210] do_syscall_64+0x4c/0xa0 [ 1822.517399][T20210] ? clear_bhb_loop+0x15/0x70 [ 1822.522080][T20210] ? clear_bhb_loop+0x15/0x70 [ 1822.526839][T20210] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1822.532740][T20210] RIP: 0033:0x7f686ab8e929 [ 1822.537165][T20210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1822.556780][T20210] RSP: 002b:00007f686ba23038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1822.565211][T20210] RAX: ffffffffffffffda RBX: 00007f686adb6080 RCX: 00007f686ab8e929 [ 1822.573184][T20210] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000064000600 [ 1822.581153][T20210] RBP: 00007f686ba23090 R08: 0000000000000000 R09: 0000000000000000 [ 1822.589216][T20210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1822.597272][T20210] R13: 0000000000000000 R14: 00007f686adb6080 R15: 00007ffdfeb82d38 [ 1822.605252][T20210] [ 1822.623358][T20207] Quota error (device loop5): v2_read_file_info: Free block number 1 out of range (1, 6). [ 1822.646423][T20207] EXT4-fs warning (device loop5): ext4_enable_quotas:7041: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 1822.680659][T20207] EXT4-fs (loop5): mount failed [ 1822.786590][T20223] FAULT_INJECTION: forcing a failure. [ 1822.786590][T20223] name failslab, interval 1, probability 0, space 0, times 0 [ 1822.814612][T20226] FAULT_INJECTION: forcing a failure. [ 1822.814612][T20226] name failslab, interval 1, probability 0, space 0, times 0 [ 1822.825704][T20223] CPU: 0 PID: 20223 Comm: syz.4.5090 Not tainted 6.1.138-syzkaller-00056-g7af56ffc913d #0 [ 1822.837112][T20223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1822.847180][T20223] Call Trace: [ 1822.850462][T20223] [ 1822.853401][T20223] __dump_stack+0x21/0x24 [ 1822.857772][T20223] dump_stack_lvl+0xee/0x150 [ 1822.862380][T20223] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1822.867422][T20223] ? pfifo_fast_reset+0xe1f/0xef0 [ 1822.872563][T20223] dump_stack+0x15/0x24 [ 1822.876748][T20223] should_fail_ex+0x3d4/0x520 [ 1822.881446][T20223] __should_failslab+0xac/0xf0 [ 1822.886218][T20223] should_failslab+0x9/0x20 [ 1822.890747][T20223] kmem_cache_alloc_node+0x42/0x340 [ 1822.895952][T20223] ? __alloc_skb+0xdf/0x7e0 [ 1822.900468][T20223] __alloc_skb+0xdf/0x7e0 [ 1822.904817][T20223] rtmsg_ifinfo_build_skb+0x7c/0x190 [ 1822.910116][T20223] rtmsg_ifinfo+0x7a/0x130 [ 1822.914542][T20223] dev_close_many+0x279/0x4d0 [ 1822.919329][T20223] ? try_to_wake_up+0x613/0x1220 [ 1822.924274][T20223] ? __cfi_dev_close_many+0x10/0x10 [ 1822.929484][T20223] ? wake_up_process+0x10/0x20 [ 1822.934339][T20223] ? __kasan_check_read+0x11/0x20 [ 1822.939372][T20223] unregister_netdevice_many+0x439/0x1820 [ 1822.945099][T20223] ? __cfi_unregister_netdevice_many+0x10/0x10 [ 1822.951255][T20223] ? __queue_delayed_work+0x188/0x200 [ 1822.956640][T20223] ? queue_delayed_work_on+0x101/0x150 [ 1822.962103][T20223] ? linkwatch_fire_event+0x1d2/0x240 [ 1822.967478][T20223] ? __cfi_queue_delayed_work_on+0x10/0x10 [ 1822.973288][T20223] ? exit_to_user_mode_loop+0x9b/0xb0 [ 1822.978660][T20223] ? __kasan_check_read+0x11/0x20 [ 1822.983697][T20223] unregister_netdevice_queue+0x31c/0x360 [ 1822.989437][T20223] ? linkwatch_schedule_work+0x161/0x190 [ 1822.995072][T20223] ? __cfi_unregister_netdevice_queue+0x10/0x10 [ 1823.001315][T20223] ? linkwatch_fire_event+0x1ed/0x240 [ 1823.006703][T20223] __tun_detach+0xca6/0x1460 [ 1823.011310][T20223] tun_chr_close+0x92/0x140 [ 1823.015876][T20223] ? __cfi_tun_chr_close+0x10/0x10 [ 1823.021003][T20223] __fput+0x1fc/0x8f0 [ 1823.024989][T20223] ____fput+0x15/0x20 [ 1823.028976][T20223] task_work_run+0x1db/0x240 [ 1823.033574][T20223] ? __cfi_task_work_run+0x10/0x10 [ 1823.038688][T20223] ? filp_close+0x111/0x160 [ 1823.043200][T20223] exit_to_user_mode_loop+0x9b/0xb0 [ 1823.048406][T20223] exit_to_user_mode_prepare+0x5a/0xa0 [ 1823.053874][T20223] syscall_exit_to_user_mode+0x1a/0x30 [ 1823.059341][T20223] do_syscall_64+0x58/0xa0 [ 1823.063770][T20223] ? clear_bhb_loop+0x15/0x70 [ 1823.068451][T20223] ? clear_bhb_loop+0x15/0x70 [ 1823.073128][T20223] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1823.079031][T20223] RIP: 0033:0x7f686ab8e929 [ 1823.083459][T20223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1823.103085][T20223] RSP: 002b:00007f686ba44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 1823.111515][T20223] RAX: 0000000000000000 RBX: 00007f686adb5fa0 RCX: 00007f686ab8e929 [ 1823.119507][T20223] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1823.127480][T20223] RBP: 00007f686ba44090 R08: 0000000000000000 R09: 0000000000000000 [ 1823.135459][T20223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1823.143435][T20223] R13: 0000000000000000 R14: 00007f686adb5fa0 R15: 00007ffdfeb82d38 [ 1823.151416][T20223] [ 1823.154442][T20226] CPU: 1 PID: 20226 Comm: syz.5.5086 Not tainted 6.1.138-syzkaller-00056-g7af56ffc913d #0 [ 1823.164353][T20226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1823.174420][T20226] Call Trace: [ 1823.177700][T20226] [ 1823.180630][T20226] __dump_stack+0x21/0x24 [ 1823.184969][T20226] dump_stack_lvl+0xee/0x150 [ 1823.189565][T20226] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1823.194597][T20226] dump_stack+0x15/0x24 [ 1823.198755][T20226] should_fail_ex+0x3d4/0x520 [ 1823.203435][T20226] __should_failslab+0xac/0xf0 [ 1823.208203][T20226] ? alloc_pipe_info+0x1fc/0x4b0 [ 1823.213147][T20226] should_failslab+0x9/0x20 [ 1823.217655][T20226] __kmem_cache_alloc_node+0x3d/0x2c0 [ 1823.223030][T20226] ? alloc_pipe_info+0x1fc/0x4b0 [ 1823.227976][T20226] __kmalloc+0xa1/0x1e0 [ 1823.232145][T20226] alloc_pipe_info+0x1fc/0x4b0 [ 1823.236916][T20226] splice_direct_to_actor+0x956/0xb10 [ 1823.242290][T20226] ? kstrtouint+0x74/0xe0 [ 1823.246628][T20226] ? selinux_file_permission+0x2a5/0x510 [ 1823.252261][T20226] ? fsnotify_perm+0x67/0x5b0 [ 1823.256935][T20226] ? security_file_permission+0x8a/0xb0 [ 1823.262477][T20226] ? __cfi_direct_splice_actor+0x10/0x10 [ 1823.268110][T20226] ? __cfi_splice_direct_to_actor+0x10/0x10 [ 1823.274006][T20226] ? security_file_permission+0x94/0xb0 [ 1823.279556][T20226] ? rw_verify_area+0xa7/0x1c0 [ 1823.284325][T20226] do_splice_direct+0x1b3/0x2c0 [ 1823.289176][T20226] ? avc_policy_seqno+0x1b/0x70 [ 1823.294049][T20226] ? __cfi_do_splice_direct+0x10/0x10 [ 1823.299437][T20226] ? security_file_permission+0x94/0xb0 [ 1823.304994][T20226] do_sendfile+0x5c6/0xeb0 [ 1823.309416][T20226] ? __cfi_vfs_write+0x10/0x10 [ 1823.314190][T20226] ? do_preadv+0x330/0x330 [ 1823.318613][T20226] ? __kasan_check_write+0x14/0x20 [ 1823.323733][T20226] ? fput+0x154/0x1a0 [ 1823.327720][T20226] __x64_sys_sendfile64+0x18f/0x1f0 [ 1823.332923][T20226] ? __cfi_ksys_write+0x10/0x10 [ 1823.337789][T20226] ? __cfi___x64_sys_sendfile64+0x10/0x10 [ 1823.343508][T20226] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 1823.349600][T20226] x64_sys_call+0x62c/0x9a0 [ 1823.354107][T20226] do_syscall_64+0x4c/0xa0 [ 1823.358532][T20226] ? clear_bhb_loop+0x15/0x70 [ 1823.363209][T20226] ? clear_bhb_loop+0x15/0x70 [ 1823.367884][T20226] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1823.373785][T20226] RIP: 0033:0x7fdf2c58e929 [ 1823.378196][T20226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1823.397892][T20226] RSP: 002b:00007fdf2d3e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1823.406307][T20226] RAX: ffffffffffffffda RBX: 00007fdf2c7b6080 RCX: 00007fdf2c58e929 [ 1823.414277][T20226] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000009 [ 1823.422355][T20226] RBP: 00007fdf2d3e0090 R08: 0000000000000000 R09: 0000000000000000 [ 1823.430332][T20226] R10: 0000020000023896 R11: 0000000000000246 R12: 0000000000000001 [ 1823.438321][T20226] R13: 0000000000000000 R14: 00007fdf2c7b6080 R15: 00007fff0f65a2b8 [ 1823.446303][T20226] [ 1823.554753][ T4185] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 1824.026968][ T4185] usb 3-1: Using ep0 maxpacket: 32 [ 1824.057062][ T4185] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 1824.149235][ T4185] usb 3-1: config 0 has no interface number 0 [ 1824.221760][ T4185] usb 3-1: config 0 interface 184 has no altsetting 0 [ 1824.305295][ T4185] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1824.370226][ T4185] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1824.378450][ T4185] usb 3-1: Product: syz [ 1824.382735][ T4185] usb 3-1: Manufacturer: syz [ 1824.387877][ T4185] usb 3-1: SerialNumber: syz [ 1824.396626][ T4185] usb 3-1: config 0 descriptor?? [ 1824.416565][ T4185] smsc75xx v1.0.0 [ 1824.464511][T20235] loop5: detected capacity change from 0 to 8192 [ 1825.699464][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1440.tmp-b7:5' failed: Read-only file system [ 1825.711466][ T4185] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 1825.736341][ T4185] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 1825.753740][T20249] xt_hashlimit: size too large, truncated to 1048576 [ 1825.764559][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1440.tmp-b7:5' failed: Read-only file system [ 1825.775867][ T4185] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 1825.787389][ T4185] smsc75xx: probe of 3-1:0.184 failed with error -71 [ 1825.803782][ T4185] usb 3-1: USB disconnect, device number 62 [ 1826.210044][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1438.tmp-b7:4' failed: Read-only file system [ 1826.225163][T20255] loop4: detected capacity change from 0 to 128 [ 1826.254029][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1442.tmp-b7:4' failed: Read-only file system [ 1826.276194][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-uuid/76b65be2-f6da-4727-8c75-0525a5b65a09.tmp-b7:4' failed: Read-only file system [ 1826.295892][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1442.tmp-b7:4' failed: Read-only file system [ 1826.311975][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1442.tmp-b7:4' failed: Read-only file system [ 1826.327963][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1442.tmp-b7:4' failed: Read-only file system [ 1826.355888][T20256] input: syz1 as /devices/virtual/input/input87 [ 1826.625254][T20262] FAULT_INJECTION: forcing a failure. [ 1826.625254][T20262] name failslab, interval 1, probability 0, space 0, times 0 [ 1826.638053][T20262] CPU: 0 PID: 20262 Comm: syz.2.5100 Not tainted 6.1.138-syzkaller-00056-g7af56ffc913d #0 [ 1826.647974][T20262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1826.658046][T20262] Call Trace: [ 1826.661334][T20262] [ 1826.664277][T20262] __dump_stack+0x21/0x24 [ 1826.668634][T20262] dump_stack_lvl+0xee/0x150 [ 1826.673244][T20262] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1826.678294][T20262] dump_stack+0x15/0x24 [ 1826.682491][T20262] should_fail_ex+0x3d4/0x520 [ 1826.687201][T20262] ? dup_fd+0x56/0x8f0 [ 1826.691300][T20262] __should_failslab+0xac/0xf0 [ 1826.696086][T20262] should_failslab+0x9/0x20 [ 1826.700618][T20262] kmem_cache_alloc+0x3b/0x330 [ 1826.705406][T20262] ? __cfi_lockref_get+0x10/0x10 [ 1826.710360][T20262] dup_fd+0x56/0x8f0 [ 1826.714281][T20262] ? _raw_spin_unlock+0x4c/0x70 [ 1826.719162][T20262] ksys_unshare+0x436/0x7b0 [ 1826.723692][T20262] ? __cfi_ksys_unshare+0x10/0x10 [ 1826.728742][T20262] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 1826.734829][T20262] __x64_sys_unshare+0x38/0x40 [ 1826.739622][T20262] x64_sys_call+0x767/0x9a0 [ 1826.744147][T20262] do_syscall_64+0x4c/0xa0 [ 1826.748589][T20262] ? clear_bhb_loop+0x15/0x70 [ 1826.753283][T20262] ? clear_bhb_loop+0x15/0x70 [ 1826.757977][T20262] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1826.763893][T20262] RIP: 0033:0x7f614558e929 [ 1826.768323][T20262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1826.787943][T20262] RSP: 002b:00007f614642f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1826.796373][T20262] RAX: ffffffffffffffda RBX: 00007f61457b6160 RCX: 00007f614558e929 [ 1826.804364][T20262] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000022020600 [ 1826.812355][T20262] RBP: 00007f614642f090 R08: 0000000000000000 R09: 0000000000000000 [ 1826.820430][T20262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1826.828427][T20262] R13: 0000000000000000 R14: 00007f61457b6160 R15: 00007ffde65b3d08 [ 1826.836419][T20262] [ 1827.121640][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1441.tmp-b7:5' failed: Read-only file system [ 1827.135770][T19869] udevd[19869]: symlink '../../loop4' '/dev/disk/by-diskseq/1443.tmp-b7:4' failed: Read-only file system [ 1827.156644][T20270] xt_hashlimit: size too large, truncated to 1048576 [ 1827.227784][T20274] 9pnet_fd: Insufficient options for proto=fd [ 1827.771223][ T28] audit: type=1400 audit(1749324921.941:106184): avc: denied { relabelfrom } for pid=20265 comm="syz.3.5101" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 1827.823033][ T28] audit: type=1400 audit(1749324921.941:106185): avc: denied { relabelto } for pid=20265 comm="syz.3.5101" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 1828.151634][T20294] netlink: 96 bytes leftover after parsing attributes in process `syz.5.5108'. [ 1828.276504][ T4185] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 1828.496404][ T4185] usb 2-1: Using ep0 maxpacket: 16 [ 1828.503189][ T4185] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1828.530996][ T4185] usb 2-1: config 0 has no interfaces? [ 1828.548063][ T4185] usb 2-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 1828.572808][ T4185] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1828.598910][ T4185] usb 2-1: config 0 descriptor?? [ 1828.876358][T14048] usb 6-1: new full-speed USB device number 45 using dummy_hcd [ 1828.925287][T20307] input: syz1 as /devices/virtual/input/input88 [ 1828.983619][T20309] loop4: detected capacity change from 0 to 128 [ 1829.079007][T20289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1829.089950][T20289] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1829.098720][T20289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1829.108488][T20289] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1829.117383][T14048] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1829.126796][T20289] fuse: Bad value for 'fd' [ 1829.128503][T14048] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1829.135107][T20289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1829.143593][T14048] usb 6-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 1829.159110][T20289] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1829.160951][T14048] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1829.186189][T14048] usb 6-1: config 0 descriptor?? [ 1829.526329][ T4185] usb 2-1: USB disconnect, device number 69 [ 1829.598548][T14048] isku 0003:1E7D:319C.000C: unknown main item tag 0x0 [ 1829.610918][T14048] isku 0003:1E7D:319C.000C: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.5-1/input0 [ 1829.784707][T20321] xt_hashlimit: size too large, truncated to 1048576 [ 1829.797323][T20323] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5115'. [ 1829.812589][ T28] audit: type=1400 audit(1749324923.991:106186): avc: denied { append } for pid=20296 comm="syz.5.5109" name="snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 1829.845474][T20298] random: crng reseeded on system resumption [ 1829.905623][ T28] audit: type=1400 audit(1749324924.021:106187): avc: denied { open } for pid=20296 comm="syz.5.5109" path="/dev/snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 1829.941918][T20298] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1829.951550][T20327] xt_hashlimit: size too large, truncated to 1048576 [ 1829.972123][ T28] audit: type=1400 audit(1749324924.121:106188): avc: denied { ioctl } for pid=20296 comm="syz.5.5109" path="/dev/snapshot" dev="devtmpfs" ino=91 ioctlcmd=0x3314 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 1829.998118][T20298] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1830.017559][T14048] usb 6-1: USB disconnect, device number 45 [ 1830.447020][T20333] netlink: 96 bytes leftover after parsing attributes in process `syz.1.5119'. [ 1831.017550][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1445.tmp-b7:4' failed: Read-only file system [ 1831.041399][T20352] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5124'. [ 1831.139106][T20354] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3 [ 1831.336314][T14048] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 1831.437331][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1441.tmp-b7:5' failed: Read-only file system [ 1831.526304][T14048] usb 5-1: Using ep0 maxpacket: 32 [ 1831.535968][T14048] usb 5-1: config 1 has an invalid interface number: 6 but max is 2 [ 1831.554873][T14048] usb 5-1: config 1 has 4 interfaces, different from the descriptor's value: 3 [ 1831.569586][T14048] usb 5-1: config 1 has no interface number 3 [ 1831.580359][T14048] usb 5-1: too many endpoints for config 1 interface 6 altsetting 8: 233, using maximum allowed: 30 [ 1831.597285][T14048] usb 5-1: config 1 interface 6 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 233 [ 1831.621054][T14048] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1831.639765][T14048] usb 5-1: config 1 interface 6 has no altsetting 0 [ 1831.652315][T14048] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1831.661649][T14048] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1831.669830][T14048] usb 5-1: Product: syz [ 1831.679556][T14048] usb 5-1: Manufacturer: syz [ 1831.686401][T14048] usb 5-1: SerialNumber: syz [ 1832.030002][ T28] audit: type=1400 audit(1749324926.211:106189): avc: denied { getopt } for pid=20350 comm="syz.4.5124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 1832.037072][T17990] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 1832.130568][T14048] usb 5-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 1833.228014][T14048] usb 5-1: USB disconnect, device number 72 [ 1833.247385][T19869] udevd[19869]: symlink '../../loop5' '/dev/disk/by-diskseq/1441.tmp-b7:5' failed: Read-only file system [ 1833.313673][T20378] netlink: 96 bytes leftover after parsing attributes in process `syz.5.5132'. [ 1833.317146][T19869] udevd[19869]: symlink '../../loop5' '/dev/disk/by-diskseq/1441.tmp-b7:5' failed: Read-only file system [ 1833.352974][T19869] udevd[19869]: symlink '../../loop5' '/dev/disk/by-diskseq/1441.tmp-b7:5' failed: Read-only file system [ 1833.406380][T17990] usb 3-1: Using ep0 maxpacket: 16 [ 1833.412949][T17990] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1833.430184][T17990] usb 3-1: config 0 has no interfaces? [ 1833.487144][T19824] udevd[19824]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 1833.494439][T17990] usb 3-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 1833.521131][T17990] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1833.526898][T20386] fuse: Bad value for 'fd' [ 1833.708677][ T6215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1833.859522][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1445.tmp-b7:4' failed: Read-only file system [ 1833.887938][T17990] usb 3-1: config 0 descriptor?? [ 1834.651287][T20365] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1834.666630][T20365] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1834.679263][T20365] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1834.698176][T20365] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1834.713849][T20365] fuse: Bad value for 'fd' [ 1834.725783][T20365] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1834.741980][T20365] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1834.831794][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1445.tmp-b7:4' failed: Read-only file system [ 1834.875911][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1441.tmp-b7:5' failed: Read-only file system [ 1834.925569][T17990] usb 3-1: USB disconnect, device number 63 [ 1835.640367][ T28] audit: type=1400 audit(1749324929.821:106190): avc: denied { remount } for pid=20420 comm="syz.3.5143" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 1835.707526][T20424] netlink: 96 bytes leftover after parsing attributes in process `syz.1.5144'. [ 1835.819651][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1441.tmp-b7:5' failed: Read-only file system [ 1836.290062][T20436] loop5: detected capacity change from 0 to 1024 [ 1837.667187][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1446.tmp-b7:5' failed: Read-only file system [ 1837.679589][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-label/syzkaller.tmp-b7:5' failed: Read-only file system [ 1838.928284][T20436] EXT4-fs warning (device loop5): ext4_multi_mount_protect:404: Unable to create kmmpd thread for loop5. [ 1839.076347][ T220] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 1839.087623][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1446.tmp-b7:5' failed: Read-only file system [ 1839.139871][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-label/syzkaller.tmp-b7:5' failed: Read-only file system [ 1839.177942][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1446.tmp-b7:5' failed: Read-only file system [ 1839.221441][T19869] udevd[19869]: symlink '../../loop4' '/dev/disk/by-diskseq/1445.tmp-b7:4' failed: Read-only file system [ 1839.236053][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1446.tmp-b7:5' failed: Read-only file system [ 1839.842869][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1445.tmp-b7:4' failed: Read-only file system [ 1839.855368][ T220] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1839.877255][ T220] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 1839.958783][T20458] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5152'. [ 1839.969169][T20458] loop5: detected capacity change from 0 to 16 [ 1840.444906][T20460] loop4: detected capacity change from 0 to 256 [ 1840.860398][T20458] erofs: (device loop5): mounted with root inode @ nid 36. [ 1841.101799][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1448.tmp-b7:5' failed: Read-only file system [ 1841.133462][ T220] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1841.156579][T19869] udevd[19869]: symlink '../../loop4' '/dev/disk/by-diskseq/1449.tmp-b7:4' failed: Read-only file system [ 1841.178460][ T220] usb 3-1: config 0 descriptor?? [ 1841.196644][T20468] loop4: detected capacity change from 0 to 256 [ 1841.204591][T20469] device erspan0 entered promiscuous mode [ 1841.213380][ T220] usb 3-1: can't set config #0, error -71 [ 1841.239528][ T220] usb 3-1: USB disconnect, device number 64 [ 1841.261543][T20468] exfat: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ0xffffffffffffffffÿÿÿÿ' [ 1841.455180][T20465] netlink: 96 bytes leftover after parsing attributes in process `syz.3.5155'. [ 1842.111499][T20494] bridge0: port 3(macsec1) entered blocking state [ 1842.118140][T20494] bridge0: port 3(macsec1) entered disabled state [ 1842.523260][T20499] fuse: Bad value for 'fd' [ 1842.559370][ T6215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1844.333148][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1453.tmp-b7:5' failed: Read-only file system [ 1844.365090][T19869] udevd[19869]: symlink '../../loop4' '/dev/disk/by-diskseq/1452.tmp-b7:4' failed: Read-only file system [ 1844.449887][T20514] loop4: detected capacity change from 0 to 2048 [ 1844.486576][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1454.tmp-b7:4' failed: Read-only file system [ 1844.514316][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 1844.514818][T20514] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1844.565743][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1454.tmp-b7:4' failed: Read-only file system [ 1844.601639][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 1844.693596][T20514] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.5168: bg 0: block 234: padding at end of block bitmap is not set [ 1844.759773][T20514] input: syz1 as /devices/virtual/input/input89 [ 1844.869326][T12520] EXT4-fs (loop4): unmounting filesystem. [ 1844.909591][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1454.tmp-b7:4' failed: Read-only file system [ 1844.945509][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1454.tmp-b7:4' failed: Read-only file system [ 1845.139082][T20529] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5170'. [ 1845.156877][T20529] loop4: detected capacity change from 0 to 16 [ 1845.167274][T20529] erofs: (device loop4): mounted with root inode @ nid 36. [ 1845.238343][T20530] netlink: 96 bytes leftover after parsing attributes in process `syz.1.5171'. [ 1845.408547][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1456.tmp-b7:4' failed: Read-only file system [ 1845.612177][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-uuid/dc080000-0000-0000-00db-a5c46e0e7dba.tmp-b7:4' failed: Read-only file system [ 1846.523513][T20543] loop4: detected capacity change from 0 to 512 [ 1846.556618][T20543] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 1846.670930][T20543] EXT4-fs (loop4): 1 truncate cleaned up [ 1846.676715][T20543] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1848.427715][T12520] EXT4-fs (loop4): unmounting filesystem. [ 1848.539699][T20547] input: syz1 as /devices/virtual/input/input90 [ 1848.695919][T20557] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5177'. [ 1848.715714][T20557] loop4: detected capacity change from 0 to 16 [ 1848.724842][T20557] erofs: (device loop4): mounted with root inode @ nid 36. [ 1849.936365][ T4185] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 1850.128208][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1453.tmp-b7:5' failed: Read-only file system [ 1850.139735][ T4185] usb 2-1: Using ep0 maxpacket: 32 [ 1850.153337][ T4185] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 1850.186503][ T4185] usb 2-1: config 0 has no interface number 0 [ 1850.202878][ T4185] usb 2-1: config 0 interface 184 has no altsetting 0 [ 1850.224771][ T4185] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1850.245222][T20561] xt_hashlimit: size too large, truncated to 1048576 [ 1850.264531][ T4185] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1850.286337][ T4185] usb 2-1: Product: syz [ 1850.290536][ T4185] usb 2-1: Manufacturer: syz [ 1850.317133][ T4185] usb 2-1: SerialNumber: syz [ 1850.339680][ T4185] usb 2-1: config 0 descriptor?? [ 1850.356853][ T4185] smsc75xx v1.0.0 [ 1850.518672][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1460.tmp-b7:4' failed: Read-only file system [ 1850.540910][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1460.tmp-b7:4' failed: Read-only file system [ 1850.564551][T20567] loop4: detected capacity change from 0 to 2048 [ 1850.593814][T20569] netlink: 96 bytes leftover after parsing attributes in process `syz.2.5183'. [ 1850.627225][T20567] EXT4-fs: Ignoring removed mblk_io_submit option [ 1850.633733][T20567] EXT4-fs: dax option not supported [ 1850.634416][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1461.tmp-b7:4' failed: Read-only file system [ 1850.667876][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 1850.727904][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1462.tmp-b7:4' failed: Read-only file system [ 1850.766701][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1462.tmp-b7:4' failed: Read-only file system [ 1850.849383][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1462.tmp-b7:4' failed: Read-only file system [ 1851.023281][ T4185] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 1851.039129][ T4185] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 1851.049700][ T4185] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 1851.061154][ T4185] smsc75xx: probe of 2-1:0.184 failed with error -71 [ 1851.093480][ T4185] usb 2-1: USB disconnect, device number 70 [ 1851.620698][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1453.tmp-b7:5' failed: Read-only file system [ 1852.352399][T20599] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5193'. [ 1853.582911][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1463.tmp-b7:4' failed: Read-only file system [ 1853.594480][T20606] netlink: 96 bytes leftover after parsing attributes in process `syz.3.5195'. [ 1853.636444][T20613] xt_hashlimit: size too large, truncated to 1048576 [ 1853.646244][T20616] syz.3.5198[20616] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1853.647836][T20616] syz.3.5198[20616] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1853.693221][T20618] loop4: detected capacity change from 0 to 2048 [ 1853.751855][T20618] EXT4-fs: Ignoring removed mblk_io_submit option [ 1853.786558][T20618] EXT4-fs: dax option not supported [ 1854.420105][T20629] loop5: detected capacity change from 0 to 128 [ 1854.505634][T20629] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1854.529661][T20629] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1854.594306][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 1854.610868][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1854.636605][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 1854.658930][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1854.688738][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1854.712292][ T7363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1854.976452][ T4185] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 1855.097104][T20644] loop5: detected capacity change from 0 to 256 [ 1855.166805][ T4185] usb 3-1: Using ep0 maxpacket: 32 [ 1855.232186][ T4185] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 1855.343545][ T4185] usb 3-1: config 0 has no interface number 0 [ 1855.374780][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1468.tmp-b7:5' failed: Read-only file system [ 1855.429453][ T4185] usb 3-1: config 0 interface 184 has no altsetting 0 [ 1855.524846][ T4185] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1855.748480][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1468.tmp-b7:5' failed: Read-only file system [ 1855.789733][ T28] audit: type=1400 audit(1749324949.971:106191): avc: denied { checkpoint_restore } for pid=20645 comm="syz.3.5207" capability=40 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 1855.846868][ T4185] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1855.855183][ T4185] usb 3-1: Product: syz [ 1855.859590][ T4185] usb 3-1: Manufacturer: syz [ 1855.863850][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1468.tmp-b7:5' failed: Read-only file system [ 1855.864777][ T4185] usb 3-1: SerialNumber: syz [ 1855.886335][T17990] usb 2-1: new high-speed USB device number 71 using dummy_hcd [ 1855.891106][ T4185] usb 3-1: config 0 descriptor?? [ 1855.908868][ T4185] smsc75xx v1.0.0 [ 1855.925054][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1468.tmp-b7:5' failed: Read-only file system [ 1855.936428][T20648] loop5: detected capacity change from 0 to 2048 [ 1855.963514][T20648] EXT4-fs: Ignoring removed mblk_io_submit option [ 1855.970472][T20648] EXT4-fs: dax option not supported [ 1855.975835][ T28] audit: type=1400 audit(1749324950.161:106192): avc: denied { read write } for pid=20645 comm="syz.3.5207" name="ptp0" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 1856.004994][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1470.tmp-b7:5' failed: Read-only file system [ 1856.019536][ T28] audit: type=1400 audit(1749324950.161:106193): avc: denied { open } for pid=20645 comm="syz.3.5207" path="/dev/ptp0" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 1856.054372][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-label/syzkaller.tmp-b7:5' failed: Read-only file system [ 1856.106358][T17990] usb 2-1: Using ep0 maxpacket: 16 [ 1856.109382][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1470.tmp-b7:5' failed: Read-only file system [ 1856.114394][T17990] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1856.158346][T17990] usb 2-1: config 0 has no interfaces? [ 1856.163824][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1470.tmp-b7:5' failed: Read-only file system [ 1856.186795][T17990] usb 2-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 1856.204401][T20653] bridge0: port 3(macsec1) entered blocking state [ 1856.210952][T20653] bridge0: port 3(macsec1) entered disabled state [ 1856.222130][T17990] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1856.229509][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1470.tmp-b7:5' failed: Read-only file system [ 1856.251151][T17990] usb 2-1: config 0 descriptor?? [ 1856.260167][T20652] netlink: 96 bytes leftover after parsing attributes in process `syz.3.5209'. [ 1856.517439][ T4185] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 1856.533636][ T4185] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 1856.544014][ T4185] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 1856.554900][ T4185] smsc75xx: probe of 3-1:0.184 failed with error -71 [ 1856.568306][ T4185] usb 3-1: USB disconnect, device number 65 [ 1856.761450][T20643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1856.776634][T20643] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1856.782930][T19869] udevd[19869]: symlink '../../loop4' '/dev/disk/by-diskseq/1465.tmp-b7:4' failed: Read-only file system [ 1856.818394][T20643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1856.997982][T20643] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1857.012114][T20643] fuse: Bad value for 'fd' [ 1857.023218][T20643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1857.035568][T20643] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1857.216129][T20666] loop4: detected capacity change from 0 to 256 [ 1857.804642][ T4185] usb 2-1: USB disconnect, device number 71 [ 1857.901968][T20674] xt_hashlimit: size too large, truncated to 1048576 [ 1858.115625][T20682] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5218'. [ 1858.203491][T20684] FAULT_INJECTION: forcing a failure. [ 1858.203491][T20684] name failslab, interval 1, probability 0, space 0, times 0 [ 1858.216311][T14048] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 1858.223968][T20684] CPU: 1 PID: 20684 Comm: syz.3.5219 Not tainted 6.1.138-syzkaller-00056-g7af56ffc913d #0 [ 1858.233890][T20684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1858.243976][T20684] Call Trace: [ 1858.247270][T20684] [ 1858.250200][T20684] __dump_stack+0x21/0x24 [ 1858.254540][T20684] dump_stack_lvl+0xee/0x150 [ 1858.259135][T20684] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1858.264177][T20684] ? __kasan_check_write+0x14/0x20 [ 1858.269403][T20684] ? rwsem_read_trylock+0x29a/0x620 [ 1858.274618][T20684] dump_stack+0x15/0x24 [ 1858.278785][T20684] should_fail_ex+0x3d4/0x520 [ 1858.283481][T20684] __should_failslab+0xac/0xf0 [ 1858.288241][T20684] should_failslab+0x9/0x20 [ 1858.292753][T20684] kmem_cache_alloc_node+0x42/0x340 [ 1858.298053][T20684] ? __alloc_skb+0xdf/0x7e0 [ 1858.302572][T20684] ? __cfi_br_handle_frame+0x10/0x10 [ 1858.307877][T20684] __alloc_skb+0xdf/0x7e0 [ 1858.312217][T20684] rtmsg_ifinfo_build_skb+0x7c/0x190 [ 1858.317512][T20684] rtnetlink_event+0xd2/0x1a0 [ 1858.322190][T20684] raw_notifier_call_chain+0xa1/0x110 [ 1858.327573][T20684] dev_set_mac_address+0x329/0x430 [ 1858.332710][T20684] ? __cfi_dev_set_mac_address+0x10/0x10 [ 1858.338392][T20684] dev_set_mac_address_user+0x31/0x50 [ 1858.343763][T20684] dev_ifsioc+0x770/0xed0 [ 1858.348090][T20684] ? dev_ioctl+0xd10/0xd10 [ 1858.352500][T20684] ? __kasan_check_write+0x14/0x20 [ 1858.357639][T20684] ? mutex_lock+0x8d/0x1a0 [ 1858.362052][T20684] ? __cfi_mutex_lock+0x10/0x10 [ 1858.366898][T20684] ? dev_get_by_name_rcu+0xe5/0x130 [ 1858.372102][T20684] dev_ioctl+0x556/0xd10 [ 1858.376437][T20684] sock_do_ioctl+0x23f/0x310 [ 1858.381037][T20684] ? sock_show_fdinfo+0xb0/0xb0 [ 1858.385892][T20684] ? selinux_file_ioctl+0x377/0x480 [ 1858.391094][T20684] sock_ioctl+0x4d8/0x6e0 [ 1858.395433][T20684] ? __cfi_sock_ioctl+0x10/0x10 [ 1858.400293][T20684] ? __fget_files+0x2d5/0x330 [ 1858.405039][T20684] ? security_file_ioctl+0x95/0xc0 [ 1858.410162][T20684] ? __cfi_sock_ioctl+0x10/0x10 [ 1858.415010][T20684] __se_sys_ioctl+0x12f/0x1b0 [ 1858.419694][T20684] __x64_sys_ioctl+0x7b/0x90 [ 1858.424304][T20684] x64_sys_call+0x58b/0x9a0 [ 1858.428813][T20684] do_syscall_64+0x4c/0xa0 [ 1858.433242][T20684] ? clear_bhb_loop+0x15/0x70 [ 1858.437922][T20684] ? clear_bhb_loop+0x15/0x70 [ 1858.442599][T20684] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1858.448513][T20684] RIP: 0033:0x7f17b318e929 [ 1858.452923][T20684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1858.466367][T12834] usb 2-1: new high-speed USB device number 72 using dummy_hcd [ 1858.472613][T20684] RSP: 002b:00007f17b4001038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1858.472641][T20684] RAX: ffffffffffffffda RBX: 00007f17b33b5fa0 RCX: 00007f17b318e929 [ 1858.472658][T20684] RDX: 0000200000000000 RSI: 0000000000008924 RDI: 0000000000000007 [ 1858.504540][T20684] RBP: 00007f17b4001090 R08: 0000000000000000 R09: 0000000000000000 [ 1858.512511][T20684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1858.520661][T20684] R13: 0000000000000000 R14: 00007f17b33b5fa0 R15: 00007ffe936903f8 [ 1858.528653][T20684] [ 1858.546645][T20686] netlink: 96 bytes leftover after parsing attributes in process `syz.3.5220'. [ 1858.646328][T12834] usb 2-1: Using ep0 maxpacket: 32 [ 1858.652754][T12834] usb 2-1: config 1 has an invalid interface number: 6 but max is 2 [ 1858.660862][T12834] usb 2-1: config 1 has 4 interfaces, different from the descriptor's value: 3 [ 1858.669949][T12834] usb 2-1: config 1 has no interface number 3 [ 1858.676180][T12834] usb 2-1: too many endpoints for config 1 interface 6 altsetting 8: 233, using maximum allowed: 30 [ 1858.687047][T12834] usb 2-1: config 1 interface 6 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 233 [ 1858.700273][T12834] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1858.710051][T12834] usb 2-1: config 1 interface 6 has no altsetting 0 [ 1858.716365][T14048] usb 5-1: Using ep0 maxpacket: 32 [ 1858.718420][T12834] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1858.723194][T14048] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1858.730986][T12834] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1858.741607][T14048] usb 5-1: config 0 interface 0 has no altsetting 1 [ 1858.752440][T12834] usb 2-1: Product: syz [ 1858.759132][T12834] usb 2-1: Manufacturer: syz [ 1858.763837][T12834] usb 2-1: SerialNumber: syz [ 1858.764910][T14048] usb 5-1: New USB device found, idVendor=152d, idProduct=0539, bcdDevice= 0.00 [ 1858.777613][T14048] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1858.785638][T14048] usb 5-1: SerialNumber: syz [ 1858.791134][T14048] usb 5-1: config 0 descriptor?? [ 1858.797128][T14048] usb-storage 5-1:0.0: USB Mass Storage device detected [ 1858.805558][T14048] usb-storage 5-1:0.0: Quirks match for vid 152d pid 0539: 4000000 [ 1859.387456][T12834] usb 2-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 1859.433786][T20703] xt_hashlimit: size too large, truncated to 1048576 [ 1859.438364][T14048] usb 5-1: USB disconnect, device number 73 [ 1859.451837][T12834] usb 2-1: USB disconnect, device number 72 [ 1859.640131][T20707] loop5: detected capacity change from 0 to 256 [ 1860.375622][T20722] xt_hashlimit: size too large, truncated to 1048576 [ 1860.649830][T20727] loop5: detected capacity change from 0 to 256 [ 1860.897167][T19869] udevd[19869]: symlink '../../loop4' '/dev/disk/by-diskseq/1473.tmp-b7:4' failed: Read-only file system [ 1860.903971][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1476.tmp-b7:5' failed: Read-only file system [ 1860.963629][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1473.tmp-b7:4' failed: Read-only file system [ 1861.777043][T20744] loop4: detected capacity change from 0 to 256 [ 1862.124300][T19869] udevd[19869]: symlink '../../loop5' '/dev/disk/by-diskseq/1476.tmp-b7:5' failed: Read-only file system [ 1862.231855][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1477.tmp-b7:4' failed: Read-only file system [ 1862.249735][T20752] FAULT_INJECTION: forcing a failure. [ 1862.249735][T20752] name failslab, interval 1, probability 0, space 0, times 0 [ 1862.263002][T20752] CPU: 1 PID: 20752 Comm: syz.5.5238 Not tainted 6.1.138-syzkaller-00056-g7af56ffc913d #0 [ 1862.264990][T19869] udevd[19869]: symlink '../../loop5' '/dev/disk/by-diskseq/1476.tmp-b7:5' failed: Read-only file system [ 1862.273013][T20752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1862.273028][T20752] Call Trace: [ 1862.273035][T20752] [ 1862.273044][T20752] __dump_stack+0x21/0x24 [ 1862.273075][T20752] dump_stack_lvl+0xee/0x150 [ 1862.309610][T20752] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1862.314654][T20752] dump_stack+0x15/0x24 [ 1862.318818][T20752] should_fail_ex+0x3d4/0x520 [ 1862.323501][T20752] __should_failslab+0xac/0xf0 [ 1862.328365][T20752] should_failslab+0x9/0x20 [ 1862.332897][T20752] kmem_cache_alloc_node+0x42/0x340 [ 1862.338122][T20752] ? __alloc_skb+0xdf/0x7e0 [ 1862.342649][T20752] __alloc_skb+0xdf/0x7e0 [ 1862.347077][T20752] rtmsg_ifinfo_build_skb+0x7c/0x190 [ 1862.352474][T20752] rtnetlink_event+0xd2/0x1a0 [ 1862.357156][T20752] raw_notifier_call_chain+0xa1/0x110 [ 1862.362543][T20752] dev_change_tx_queue_len+0x1af/0x330 [ 1862.368013][T20752] ? __cfi_dev_change_tx_queue_len+0x10/0x10 [ 1862.374006][T20752] dev_ifsioc+0x26e/0xed0 [ 1862.378347][T20752] ? dev_ioctl+0xd10/0xd10 [ 1862.382772][T20752] ? __kasan_check_write+0x14/0x20 [ 1862.387894][T20752] ? mutex_lock+0x8d/0x1a0 [ 1862.392335][T20752] ? __cfi_mutex_lock+0x10/0x10 [ 1862.397190][T20752] ? dev_get_by_name_rcu+0xe5/0x130 [ 1862.402401][T20752] dev_ioctl+0x556/0xd10 [ 1862.406660][T20752] sock_do_ioctl+0x23f/0x310 [ 1862.411255][T20752] ? sock_show_fdinfo+0xb0/0xb0 [ 1862.416113][T20752] ? selinux_file_ioctl+0x377/0x480 [ 1862.421334][T20752] sock_ioctl+0x4d8/0x6e0 [ 1862.425664][T20752] ? __cfi_sock_ioctl+0x10/0x10 [ 1862.430513][T20752] ? __fget_files+0x2d5/0x330 [ 1862.435201][T20752] ? security_file_ioctl+0x95/0xc0 [ 1862.440333][T20752] ? __cfi_sock_ioctl+0x10/0x10 [ 1862.445185][T20752] __se_sys_ioctl+0x12f/0x1b0 [ 1862.449875][T20752] __x64_sys_ioctl+0x7b/0x90 [ 1862.454471][T20752] x64_sys_call+0x58b/0x9a0 [ 1862.458980][T20752] do_syscall_64+0x4c/0xa0 [ 1862.463403][T20752] ? clear_bhb_loop+0x15/0x70 [ 1862.468091][T20752] ? clear_bhb_loop+0x15/0x70 [ 1862.472777][T20752] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1862.478681][T20752] RIP: 0033:0x7fdf2c58e929 [ 1862.483096][T20752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1862.502705][T20752] RSP: 002b:00007fdf2d401038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1862.511120][T20752] RAX: ffffffffffffffda RBX: 00007fdf2c7b5fa0 RCX: 00007fdf2c58e929 [ 1862.519091][T20752] RDX: 0000200000002280 RSI: 0000000000008943 RDI: 0000000000000006 [ 1862.527061][T20752] RBP: 00007fdf2d401090 R08: 0000000000000000 R09: 0000000000000000 [ 1862.535116][T20752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1862.543175][T20752] R13: 0000000000000000 R14: 00007fdf2c7b5fa0 R15: 00007fff0f65a2b8 [ 1862.551243][T20752] [ 1862.561500][T19869] udevd[19869]: symlink '../../loop5' '/dev/disk/by-diskseq/1478.tmp-b7:5' failed: Read-only file system [ 1862.578124][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1477.tmp-b7:4' failed: Read-only file system [ 1862.593187][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1477.tmp-b7:4' failed: Read-only file system [ 1862.608456][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1477.tmp-b7:4' failed: Read-only file system [ 1862.655592][T20757] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5240'. [ 1862.829673][T20766] xt_hashlimit: size too large, truncated to 1048576 [ 1863.021444][T20770] loop4: detected capacity change from 0 to 256 [ 1863.811787][T20779] loop4: detected capacity change from 0 to 512 [ 1863.846724][T20779] EXT4-fs (loop4): 1 orphan inode deleted [ 1863.852544][T20779] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1863.863421][T20779] ext4 filesystem being mounted at /393/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1863.874365][ T7340] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1863.895219][ T7340] EXT4-fs error (device loop4): ext4_release_dquot:6825: comm kworker/u4:331: Failed to release dquot type 1 [ 1864.073593][T20789] FAULT_INJECTION: forcing a failure. [ 1864.073593][T20789] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1864.086721][T20789] CPU: 1 PID: 20789 Comm: syz.4.5247 Not tainted 6.1.138-syzkaller-00056-g7af56ffc913d #0 [ 1864.096633][T20789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1864.106706][T20789] Call Trace: [ 1864.110004][T20789] [ 1864.112947][T20789] __dump_stack+0x21/0x24 [ 1864.117309][T20789] dump_stack_lvl+0xee/0x150 [ 1864.122009][T20789] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1864.127059][T20789] dump_stack+0x15/0x24 [ 1864.131234][T20789] should_fail_ex+0x3d4/0x520 [ 1864.135932][T20789] should_fail+0xb/0x10 [ 1864.140107][T20789] should_fail_usercopy+0x1a/0x20 [ 1864.145146][T20789] strncpy_from_user+0x24/0x2d0 [ 1864.150022][T20789] ? getname_flags+0xb9/0x500 [ 1864.154725][T20789] getname_flags+0xf4/0x500 [ 1864.159250][T20789] getname+0x19/0x20 [ 1864.163168][T20789] do_sys_openat2+0xcb/0x7e0 [ 1864.167780][T20789] ? do_sys_open+0xe0/0xe0 [ 1864.172218][T20789] ? release_firmware_map_entry+0x194/0x194 [ 1864.178135][T20789] ? ksys_write+0x1eb/0x240 [ 1864.182661][T20789] ? __kasan_check_write+0x14/0x20 [ 1864.187795][T20789] __x64_sys_open+0x11c/0x140 [ 1864.192491][T20789] x64_sys_call+0x97b/0x9a0 [ 1864.197013][T20789] do_syscall_64+0x4c/0xa0 [ 1864.201442][T20789] ? clear_bhb_loop+0x15/0x70 [ 1864.206211][T20789] ? clear_bhb_loop+0x15/0x70 [ 1864.210901][T20789] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1864.216810][T20789] RIP: 0033:0x7f686ab8e929 [ 1864.221322][T20789] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1864.241021][T20789] RSP: 002b:00007f686ba02038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 1864.249540][T20789] RAX: ffffffffffffffda RBX: 00007f686adb6160 RCX: 00007f686ab8e929 [ 1864.257533][T20789] RDX: 0000000000000044 RSI: 000000000014927e RDI: 0000200000000300 [ 1864.265520][T20789] RBP: 00007f686ba02090 R08: 0000000000000000 R09: 0000000000000000 [ 1864.273497][T20789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1864.281476][T20789] R13: 0000000000000000 R14: 00007f686adb6160 R15: 00007ffdfeb82d38 [ 1864.289463][T20789] [ 1864.574325][T20797] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5249'. [ 1864.935946][T12520] EXT4-fs (loop4): unmounting filesystem. [ 1865.328916][T20806] loop5: detected capacity change from 0 to 512 [ 1865.354295][T20803] loop4: detected capacity change from 0 to 2048 [ 1865.402477][T20806] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 1865.443195][T20806] EXT4-fs (loop5): warning: checktime reached, running e2fsck is recommended [ 1865.457488][T20803] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1865.485674][T20806] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec02c, mo2=0002] [ 1865.504157][T20806] System zones: 0-2, 18-18, 34-34 [ 1865.524913][T20806] EXT4-fs warning (device loop5): ext4_update_dynamic_rev:1087: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 1865.555940][T20806] EXT4-fs (loop5): 1 truncate cleaned up [ 1865.566950][T20806] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 1865.638037][T14166] EXT4-fs (loop5): unmounting filesystem. [ 1865.646441][T14048] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 1865.711152][T20803] input: syz1 as /devices/virtual/input/input95 [ 1865.893231][T12520] EXT4-fs (loop4): unmounting filesystem. [ 1865.901729][T14048] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1865.924771][T20824] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5258'. [ 1866.007743][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1485.tmp-b7:4' failed: Read-only file system [ 1866.049471][T14048] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1866.095413][T20825] loop5: detected capacity change from 0 to 1024 [ 1866.132480][T14048] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1866.297911][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1485.tmp-b7:4' failed: Read-only file system [ 1866.320401][T19869] udevd[19869]: symlink '../../loop5' '/dev/disk/by-diskseq/1488.tmp-b7:5' failed: Read-only file system [ 1866.712006][T20825] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 1866.724367][T19869] udevd[19869]: symlink '../../loop5' '/dev/disk/by-label/syzkaller.tmp-b7:5' failed: Read-only file system [ 1866.754988][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1488.tmp-b7:5' failed: Read-only file system [ 1866.782762][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-label/syzkaller.tmp-b7:5' failed: Read-only file system [ 1866.945496][T14166] EXT4-fs (loop5): unmounting filesystem. [ 1867.696801][T19869] udevd[19869]: symlink '../../loop4' '/dev/disk/by-diskseq/1487.tmp-b7:4' failed: Read-only file system [ 1867.729897][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1488.tmp-b7:5' failed: Read-only file system [ 1867.747337][T14048] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1867.756650][T14048] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1867.764667][T14048] usb 3-1: Product: syz [ 1867.768907][T14048] usb 3-1: Manufacturer: syz [ 1867.799913][T19869] udevd[19869]: symlink '../../loop4' '/dev/disk/by-diskseq/1487.tmp-b7:4' failed: Read-only file system [ 1867.810539][T14048] usb 3-1: SerialNumber: syz [ 1867.875081][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1488.tmp-b7:5' failed: Read-only file system [ 1867.898784][T14048] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 1867.906169][T14048] cdc_ncm 3-1:1.0: bind() failure [ 1868.179841][T20858] loop5: detected capacity change from 0 to 256 [ 1868.614199][T20861] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5269'. [ 1868.899823][T14048] usb 3-1: USB disconnect, device number 66 [ 1869.556318][T17990] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 1869.795013][T17990] usb 4-1: Using ep0 maxpacket: 16 [ 1869.809433][T17990] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1870.098400][T17990] usb 4-1: config 0 has no interfaces? [ 1870.104363][T17990] usb 4-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 1870.113620][T17990] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1870.139281][T17990] usb 4-1: config 0 descriptor?? [ 1870.176637][T20888] loop5: detected capacity change from 0 to 128 [ 1870.286344][T12834] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 1871.114732][T20896] loop4: detected capacity change from 0 to 1024 [ 1871.142044][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1494.tmp-b7:4' failed: Read-only file system [ 1871.158488][T19869] udevd[19869]: symlink '../../loop5' '/dev/disk/by-diskseq/1493.tmp-b7:5' failed: Read-only file system [ 1871.192574][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 1871.219983][T20896] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1871.353741][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1494.tmp-b7:4' failed: Read-only file system [ 1871.374758][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 1871.380677][T20867] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1871.434937][T20910] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5283'. [ 1871.458151][T20910] loop5: detected capacity change from 0 to 16 [ 1872.602263][T12834] usb 3-1: Using ep0 maxpacket: 16 [ 1872.611033][T12834] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1872.623230][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1494.tmp-b7:4' failed: Read-only file system [ 1872.634673][T12834] usb 3-1: config 0 has no interfaces? [ 1872.641276][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-label/syzkaller.tmp-b7:4' failed: Read-only file system [ 1872.653071][T20910] erofs: (device loop5): mounted with root inode @ nid 36. [ 1872.653143][T20867] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1872.670008][T19869] udevd[19869]: symlink '../../loop5' '/dev/disk/by-diskseq/1495.tmp-b7:5' failed: Read-only file system [ 1872.676077][ T4185] usb 4-1: USB disconnect, device number 60 [ 1872.682035][T12834] usb 3-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 1872.730425][T19869] udevd[19869]: symlink '../../loop5' '/dev/disk/by-uuid/dc080000-0000-0000-00db-a5c46e0e7dba.tmp-b7:5' failed: Read-only file system [ 1872.747685][T12834] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1872.761458][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1495.tmp-b7:5' failed: Read-only file system [ 1872.778716][T12834] usb 3-1: config 0 descriptor?? [ 1872.810122][T12834] usb 3-1: USB disconnect, device number 67 [ 1872.881430][T12520] EXT4-fs (loop4): unmounting filesystem. [ 1873.073180][T20929] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5287'. [ 1873.073629][T20930] loop4: detected capacity change from 0 to 128 [ 1873.167100][T19824] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1874.027044][ T4185] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 1874.216106][T20947] loop4: detected capacity change from 0 to 256 [ 1874.256422][ T4185] usb 3-1: Using ep0 maxpacket: 32 [ 1874.272222][ T4185] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 1874.444002][ T4185] usb 3-1: config 0 has no interface number 0 [ 1874.546809][ T4185] usb 3-1: config 0 interface 184 has no altsetting 0 [ 1874.663815][ T4185] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1874.911282][ T4185] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1874.930083][ T4185] usb 3-1: Product: syz [ 1874.934569][ T4185] usb 3-1: Manufacturer: syz [ 1874.946674][ T4185] usb 3-1: SerialNumber: syz [ 1874.956791][ T4185] usb 3-1: config 0 descriptor?? [ 1874.963516][ T4185] smsc75xx v1.0.0 [ 1874.972841][T20950] netlink: 96 bytes leftover after parsing attributes in process `syz.4.5298'. [ 1875.149993][T20963] FAULT_INJECTION: forcing a failure. [ 1875.149993][T20963] name failslab, interval 1, probability 0, space 0, times 0 [ 1875.165231][T20963] CPU: 1 PID: 20963 Comm: syz.1.5304 Not tainted 6.1.138-syzkaller-00056-g7af56ffc913d #0 [ 1875.175171][T20963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1875.185335][T20963] Call Trace: [ 1875.188630][T20963] [ 1875.191578][T20963] __dump_stack+0x21/0x24 [ 1875.196035][T20963] dump_stack_lvl+0xee/0x150 [ 1875.200678][T20963] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1875.205729][T20963] ? __kasan_check_write+0x14/0x20 [ 1875.210878][T20963] ? rwsem_read_trylock+0x29a/0x620 [ 1875.216117][T20963] dump_stack+0x15/0x24 [ 1875.220311][T20963] should_fail_ex+0x3d4/0x520 [ 1875.225015][T20963] __should_failslab+0xac/0xf0 [ 1875.229807][T20963] should_failslab+0x9/0x20 [ 1875.234337][T20963] kmem_cache_alloc_node+0x42/0x340 [ 1875.239570][T20963] ? __alloc_skb+0xdf/0x7e0 [ 1875.244107][T20963] ? __cfi_br_handle_frame+0x10/0x10 [ 1875.249414][T20963] __alloc_skb+0xdf/0x7e0 [ 1875.253766][T20963] rtmsg_ifinfo_build_skb+0x7c/0x190 [ 1875.259099][T20963] rtnetlink_event+0xd2/0x1a0 [ 1875.263908][T20963] raw_notifier_call_chain+0xa1/0x110 [ 1875.269317][T20963] dev_set_mac_address+0x329/0x430 [ 1875.274471][T20963] ? __cfi_dev_set_mac_address+0x10/0x10 [ 1875.280152][T20963] dev_set_mac_address_user+0x31/0x50 [ 1875.285547][T20963] dev_ifsioc+0x770/0xed0 [ 1875.289901][T20963] ? dev_ioctl+0xd10/0xd10 [ 1875.294339][T20963] ? __kasan_check_write+0x14/0x20 [ 1875.299476][T20963] ? mutex_lock+0x8d/0x1a0 [ 1875.303938][T20963] ? __cfi_mutex_lock+0x10/0x10 [ 1875.308806][T20963] ? dev_get_by_name_rcu+0xe5/0x130 [ 1875.314037][T20963] dev_ioctl+0x556/0xd10 [ 1875.318306][T20963] sock_do_ioctl+0x23f/0x310 [ 1875.322917][T20963] ? sock_show_fdinfo+0xb0/0xb0 [ 1875.326350][T16318] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 1875.327787][T20963] ? selinux_file_ioctl+0x377/0x480 [ 1875.340536][T20963] sock_ioctl+0x4d8/0x6e0 [ 1875.344888][T20963] ? __cfi_sock_ioctl+0x10/0x10 [ 1875.349755][T20963] ? __fget_files+0x2d5/0x330 [ 1875.354464][T20963] ? security_file_ioctl+0x95/0xc0 [ 1875.359681][T20963] ? __cfi_sock_ioctl+0x10/0x10 [ 1875.364559][T20963] __se_sys_ioctl+0x12f/0x1b0 [ 1875.369270][T20963] __x64_sys_ioctl+0x7b/0x90 [ 1875.373888][T20963] x64_sys_call+0x58b/0x9a0 [ 1875.378418][T20963] do_syscall_64+0x4c/0xa0 [ 1875.382862][T20963] ? clear_bhb_loop+0x15/0x70 [ 1875.387554][T20963] ? clear_bhb_loop+0x15/0x70 [ 1875.392242][T20963] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1875.398156][T20963] RIP: 0033:0x7f3a0db8e929 [ 1875.402574][T20963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1875.422177][T20963] RSP: 002b:00007f3a0ea34038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1875.430591][T20963] RAX: ffffffffffffffda RBX: 00007f3a0ddb5fa0 RCX: 00007f3a0db8e929 [ 1875.438583][T20963] RDX: 0000200000000000 RSI: 0000000000008924 RDI: 000000000000000b [ 1875.446553][T20963] RBP: 00007f3a0ea34090 R08: 0000000000000000 R09: 0000000000000000 [ 1875.454524][T20963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1875.462493][T20963] R13: 0000000000000000 R14: 00007f3a0ddb5fa0 R15: 00007ffcac53e158 [ 1875.470470][T20963] [ 1875.554815][T20971] loop5: detected capacity change from 0 to 2048 [ 1875.566514][T16318] usb 5-1: Using ep0 maxpacket: 16 [ 1875.599558][T16318] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1875.610566][T16318] usb 5-1: config 0 has no interfaces? [ 1875.616233][T16318] usb 5-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 1875.626121][T16318] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1875.646053][T16318] usb 5-1: config 0 descriptor?? [ 1875.857937][T20971] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 1875.905475][ T4185] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 1876.023433][ T4185] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 1876.103509][ T4185] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 1876.115407][ T4185] smsc75xx: probe of 3-1:0.184 failed with error -71 [ 1876.134448][ T4185] usb 3-1: USB disconnect, device number 68 [ 1876.388556][T20979] netlink: 96 bytes leftover after parsing attributes in process `syz.1.5310'. [ 1876.535502][T20953] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1876.546008][T20953] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1876.555723][T20953] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1876.569831][T20953] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1876.582598][T20953] fuse: Bad value for 'fd' [ 1876.594481][T20953] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1876.625998][T20953] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1876.641660][T20993] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5315'. [ 1876.720449][ T4760] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm kworker/u4:174: bg 0: block 234: padding at end of block bitmap is not set [ 1876.859685][ T4760] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 1876.950419][ T4760] EXT4-fs (loop5): This should not happen!! Data will be lost [ 1876.950419][ T4760] [ 1877.080233][ T4760] EXT4-fs (loop5): Total free blocks count 0 [ 1877.108009][ T220] usb 5-1: USB disconnect, device number 74 [ 1877.169289][ T4760] EXT4-fs (loop5): Free/Dirty block details [ 1877.216745][ T4760] EXT4-fs (loop5): free_blocks=0 [ 1877.656303][ T4760] EXT4-fs (loop5): dirty_blocks=8192 [ 1877.661925][ T4760] EXT4-fs (loop5): Block reservation details [ 1877.668040][ T4760] EXT4-fs (loop5): i_reserved_data_blocks=512 [ 1877.729818][ T4760] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 1877.872698][T21002] loop4: detected capacity change from 0 to 512 [ 1877.879901][T21002] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1877.894637][T21002] EXT4-fs (loop4): orphan cleanup on readonly fs [ 1877.906463][T21002] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.5319: bg 0: block 248: padding at end of block bitmap is not set [ 1877.924846][T21002] Quota error (device loop4): write_blk: dquota write failed [ 1877.932437][T21002] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 1877.942746][T21002] EXT4-fs error (device loop4): ext4_acquire_dquot:6789: comm syz.4.5319: Failed to acquire dquot type 1 [ 1877.964229][T21002] EXT4-fs (loop4): 1 truncate cleaned up [ 1877.970437][T21002] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 1878.012139][T19869] udevd[19869]: symlink '../../loop5' '/dev/disk/by-diskseq/1504.tmp-b7:5' failed: Read-only file system [ 1878.097736][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1504.tmp-b7:5' failed: Read-only file system [ 1878.118195][T21013] loop5: detected capacity change from 0 to 128 [ 1878.444683][T19824] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1878.459297][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1505.tmp-b7:5' failed: Read-only file system [ 1878.474639][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1505.tmp-b7:5' failed: Read-only file system [ 1878.490004][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1505.tmp-b7:5' failed: Read-only file system [ 1878.505929][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1505.tmp-b7:5' failed: Read-only file system [ 1878.681418][T21018] overlayfs: failed to resolve './file2': -2 [ 1879.577083][T12520] EXT4-fs (loop4): unmounting filesystem. [ 1879.580934][T21021] loop5: detected capacity change from 0 to 128 [ 1879.601872][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1507.tmp-b7:5' failed: Read-only file system [ 1879.618107][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-uuid/76b65be2-f6da-4727-8c75-0525a5b65a09.tmp-b7:5' failed: Read-only file system [ 1879.651294][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1507.tmp-b7:5' failed: Read-only file system [ 1879.709241][T21026] loop4: detected capacity change from 0 to 128 [ 1879.761755][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1507.tmp-b7:5' failed: Read-only file system [ 1881.264873][T16318] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 1881.408570][T21035] loop5: detected capacity change from 0 to 2048 [ 1881.468006][T21035] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 1881.475801][T21049] syz.3.5333[21049] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1881.476840][T21049] syz.3.5333[21049] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1881.766409][T21047] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 1881.995074][ T7340] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 470 with error 28 [ 1882.012800][ T7340] EXT4-fs (loop5): This should not happen!! Data will be lost [ 1882.012800][ T7340] [ 1882.030111][ T7340] EXT4-fs (loop5): Total free blocks count 0 [ 1882.041425][ T7340] EXT4-fs (loop5): Free/Dirty block details [ 1882.051649][ T7340] EXT4-fs (loop5): free_blocks=0 [ 1882.059909][ T7340] EXT4-fs (loop5): dirty_blocks=480 [ 1882.069466][ T7340] EXT4-fs (loop5): Block reservation details [ 1882.081816][ T7340] EXT4-fs (loop5): i_reserved_data_blocks=30 [ 1882.101160][T14166] EXT4-fs (loop5): unmounting filesystem. [ 1883.075370][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1511.tmp-b7:4' failed: Read-only file system [ 1883.164381][T21070] loop5: detected capacity change from 0 to 2048 [ 1883.181552][T21070] EXT4-fs: Ignoring removed mblk_io_submit option [ 1883.190256][T21070] EXT4-fs: dax option not supported [ 1883.200964][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1514.tmp-b7:5' failed: Read-only file system [ 1883.215838][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-label/syzkaller.tmp-b7:5' failed: Read-only file system [ 1883.688480][T21070] bridge0: port 3(macsec1) entered blocking state [ 1883.694983][T21070] bridge0: port 3(macsec1) entered disabled state [ 1883.808262][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1514.tmp-b7:5' failed: Read-only file system [ 1883.832781][T19869] udevd[19869]: symlink '../../loop4' '/dev/disk/by-diskseq/1511.tmp-b7:4' failed: Read-only file system [ 1884.511609][T19869] udevd[19869]: symlink '../../loop4' '/dev/disk/by-diskseq/1511.tmp-b7:4' failed: Read-only file system [ 1884.518855][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1514.tmp-b7:5' failed: Read-only file system [ 1884.549154][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1514.tmp-b7:5' failed: Read-only file system [ 1884.566402][T19869] udevd[19869]: symlink '../../loop4' '/dev/disk/by-diskseq/1511.tmp-b7:4' failed: Read-only file system [ 1884.672280][T19869] udevd[19869]: symlink '../../loop4' '/dev/disk/by-diskseq/1511.tmp-b7:4' failed: Read-only file system [ 1884.797804][T21102] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5345'. [ 1884.815458][T21102] loop4: detected capacity change from 0 to 16 [ 1884.825485][T21102] erofs: (device loop4): mounted with root inode @ nid 36. [ 1885.936414][ T4185] usb 2-1: new high-speed USB device number 73 using dummy_hcd [ 1886.059362][T21119] xt_hashlimit: size too large, truncated to 1048576 [ 1886.146312][ T4185] usb 2-1: Using ep0 maxpacket: 16 [ 1886.152652][ T4185] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1886.170903][ T4185] usb 2-1: config 0 has no interfaces? [ 1886.177199][ T4185] usb 2-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 1886.187020][ T4185] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1886.202626][ T4185] usb 2-1: config 0 descriptor?? [ 1886.616940][T21111] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1886.625465][T21111] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1886.642688][T21111] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1886.663636][T21111] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1886.681828][T21135] syz.2.5357[21135] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1886.681934][T21135] syz.2.5357[21135] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1886.692921][T21111] fuse: Bad value for 'fd' [ 1886.728759][T21111] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1886.751574][T21111] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1886.942541][T12834] usb 2-1: USB disconnect, device number 73 [ 1886.951092][T21139] bridge0: port 3(macsec2) entered blocking state [ 1886.957602][T21139] bridge0: port 3(macsec2) entered disabled state [ 1887.028939][ T4185] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 1887.213324][T21144] loop4: detected capacity change from 0 to 256 [ 1887.256326][ T4185] usb 4-1: Using ep0 maxpacket: 32 [ 1887.278135][ T4185] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 1887.465224][ T4185] usb 4-1: config 0 has no interface number 0 [ 1887.576673][ T4185] usb 4-1: config 0 interface 184 has no altsetting 0 [ 1887.977602][ T4185] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1887.995584][ T4185] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1888.004136][ T4185] usb 4-1: Product: syz [ 1888.008405][ T4185] usb 4-1: Manufacturer: syz [ 1888.013080][ T4185] usb 4-1: SerialNumber: syz [ 1888.087981][ T4185] usb 4-1: config 0 descriptor?? [ 1888.106755][ T4185] smsc75xx v1.0.0 [ 1888.194490][T21154] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5362'. [ 1888.746444][ T220] usb 5-1: new high-speed USB device number 75 using dummy_hcd [ 1888.760724][ T4185] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 1888.793798][ T4185] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 1888.911529][ T4185] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 1888.924241][ T4185] smsc75xx: probe of 4-1:0.184 failed with error -71 [ 1888.969516][ T4185] usb 4-1: USB disconnect, device number 61 [ 1889.006398][ T220] usb 5-1: Using ep0 maxpacket: 32 [ 1889.014163][ T220] usb 5-1: config 0 has an invalid interface number: 184 but max is 0 [ 1889.044229][ T220] usb 5-1: config 0 has no interface number 0 [ 1889.051356][ T220] usb 5-1: config 0 interface 184 has no altsetting 0 [ 1889.062009][ T220] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1889.072496][ T220] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1889.081330][ T220] usb 5-1: Product: syz [ 1889.085932][ T220] usb 5-1: Manufacturer: syz [ 1889.095346][ T220] usb 5-1: SerialNumber: syz [ 1889.125018][ T220] usb 5-1: config 0 descriptor?? [ 1889.145365][ T220] smsc75xx v1.0.0 [ 1889.647617][T16318] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 1889.743381][ T220] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 1889.756722][ T220] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 1889.766788][ T220] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 1889.777487][ T220] smsc75xx: probe of 5-1:0.184 failed with error -71 [ 1889.788249][ T220] usb 5-1: USB disconnect, device number 75 [ 1890.036346][T16318] usb 3-1: Using ep0 maxpacket: 16 [ 1890.047741][T16318] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1890.057985][T16318] usb 3-1: config 0 has no interfaces? [ 1890.227574][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1515.tmp-b7:5' failed: Read-only file system [ 1890.389215][T16318] usb 3-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 1890.398445][T16318] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1890.415064][T21163] loop5: detected capacity change from 0 to 2048 [ 1890.426444][T16318] usb 3-1: config 0 descriptor?? [ 1890.435465][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1520.tmp-b7:5' failed: Read-only file system [ 1890.447282][T21163] EXT4-fs: Ignoring removed mblk_io_submit option [ 1890.453744][T21163] EXT4-fs: dax option not supported [ 1890.459054][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-label/syzkaller.tmp-b7:5' failed: Read-only file system [ 1890.481438][T19869] udevd[19869]: symlink '../../loop4' '/dev/disk/by-diskseq/1519.tmp-b7:4' failed: Read-only file system [ 1890.497093][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1520.tmp-b7:5' failed: Read-only file system [ 1890.512063][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1520.tmp-b7:5' failed: Read-only file system [ 1890.528482][T19824] udevd[19824]: symlink '../../loop5' '/dev/disk/by-diskseq/1521.tmp-b7:5' failed: Read-only file system [ 1890.619117][T21163] bridge0: port 3(macsec1) entered blocking state [ 1890.625615][T21163] bridge0: port 3(macsec1) entered disabled state [ 1890.780966][T21171] loop4: detected capacity change from 0 to 256 [ 1890.987091][T21148] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1890.995627][T21148] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1891.052519][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1522.tmp-b7:4' failed: Read-only file system [ 1891.067827][T21148] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1891.078816][T21148] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1891.090673][T21148] fuse: Bad value for 'fd' [ 1891.100629][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1522.tmp-b7:4' failed: Read-only file system [ 1891.112889][T21148] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1891.121724][T21148] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1891.148358][T21176] input: syz1 as /devices/virtual/input/input96 [ 1891.290958][ T4185] usb 3-1: USB disconnect, device number 70 [ 1891.395884][T19824] udevd[19824]: symlink '../../loop4' '/dev/disk/by-diskseq/1522.tmp-b7:4' failed: Read-only file system [ 1891.586551][ T220] usb 2-1: new high-speed USB device number 74 using dummy_hcd [ 1891.630549][T21198] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5375'. [ 1891.647701][T21198] loop4: detected capacity change from 0 to 16 [ 1891.657513][T21198] erofs: (device loop4): mounted with root inode @ nid 36. [ 1891.766391][ T220] usb 2-1: Using ep0 maxpacket: 16 [ 1891.774442][ T220] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1891.903268][ T220] usb 2-1: config 0 has no interfaces? [ 1891.982472][ T220] usb 2-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 1892.074272][ T220] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1892.624489][ T220] usb 2-1: config 0 descriptor?? [ 1892.981444][T21210] bridge0: port 3(macsec1) entered blocking state [ 1892.987943][T21210] bridge0: port 3(macsec1) entered disabled state [ 1893.096936][T21216] xt_hashlimit: size too large, truncated to 1048576 [ 1893.300110][T21180] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1893.355726][T21180] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1893.449582][T21180] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1893.468285][T21180] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1893.494796][T21180] fuse: Bad value for 'fd' [ 1893.505845][T21180] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1893.525743][T21180] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1893.554570][T21220] xt_hashlimit: size too large, truncated to 1048576 [ 1893.703372][T12834] usb 2-1: USB disconnect, device number 74 [ 1893.937342][T21224] xt_hashlimit: size too large, truncated to 1048576 [ 1894.064136][T21227] bridge0: port 3(macsec2) entered blocking state [ 1894.070671][T21227] bridge0: port 3(macsec2) entered disabled state [ 1894.562493][T21244] syz.5.5389[21244] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1894.562576][T21244] syz.5.5389[21244] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1894.752580][T21250] devtmpfs: Bad value for 'nr_inodes' [ 1894.875143][T21253] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5390'. [ 1896.708578][T21269] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5392'. [ 1896.753717][T21263] input: syz1 as /devices/virtual/input/input97 [ 1896.766789][T21271] xt_hashlimit: size too large, truncated to 1048576 [ 1896.936287][T12834] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 1897.126308][T12834] usb 2-1: Using ep0 maxpacket: 16 [ 1897.132696][T12834] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1897.152593][T12834] usb 2-1: config 0 has no interfaces? [ 1897.163635][T12834] usb 2-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 1897.181397][T12834] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1897.202565][T12834] usb 2-1: config 0 descriptor?? [ 1897.236615][T21278] syz.4.5401[21278] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1897.236696][T21278] syz.4.5401[21278] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1897.343756][T21279] bridge0: port 3(macsec1) entered blocking state [ 1897.361669][T21279] bridge0: port 3(macsec1) entered disabled state [ 1897.479630][T21284] devtmpfs: Bad value for 'nr_inodes' [ 1897.624686][T21266] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1897.644686][T21266] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1897.659140][T21266] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1897.668778][T21266] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1897.678876][T21266] fuse: Bad value for 'fd' [ 1897.684885][T21266] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1897.694548][T21266] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1897.995193][ T220] usb 2-1: USB disconnect, device number 75 [ 1899.250639][T21308] syz.1.5410[21308] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1899.250718][T21308] syz.1.5410[21308] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1899.347685][T21315] syz.3.5413[21315] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1899.393156][T21315] syz.3.5413[21315] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1899.409185][T21317] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5408'. [ 1899.438711][T21317] loop5: detected capacity change from 0 to 16 [ 1899.449188][T21317] erofs: (device loop5): mounted with root inode @ nid 36. [ 1899.606331][ T220] usb 5-1: new high-speed USB device number 76 using dummy_hcd [ 1899.806380][ T220] usb 5-1: Using ep0 maxpacket: 32 [ 1899.850274][ T220] usb 5-1: config 0 has an invalid interface number: 184 but max is 0 [ 1899.890624][ T220] usb 5-1: config 0 has no interface number 0 [ 1899.922189][ T220] usb 5-1: config 0 interface 184 has no altsetting 0 [ 1899.959290][ T220] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1900.101255][ T220] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1900.116308][ T220] usb 5-1: Product: syz [ 1900.126647][ T220] usb 5-1: Manufacturer: syz [ 1900.136460][ T220] usb 5-1: SerialNumber: syz [ 1900.150591][ T220] usb 5-1: config 0 descriptor?? [ 1900.168576][ T220] smsc75xx v1.0.0 [ 1900.349526][T21321] devtmpfs: Bad value for 'nr_inodes' [ 1900.776127][ T220] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 1900.790189][ T220] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 1900.802529][ T220] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 1900.813123][ T220] smsc75xx: probe of 5-1:0.184 failed with error -71 [ 1900.875186][T21331] bridge0: port 3(macsec1) entered blocking state [ 1900.881697][T21331] bridge0: port 3(macsec1) entered disabled state [ 1901.193501][T14048] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 1901.312726][ T220] usb 5-1: USB disconnect, device number 76 [ 1901.412196][T21328] netlink: 'syz.1.5417': attribute type 12 has an invalid length. [ 1901.506282][T14048] usb 3-1: Using ep0 maxpacket: 32 [ 1901.512584][T14048] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 1901.521146][T14048] usb 3-1: config 0 has no interface number 0 [ 1901.527760][T14048] usb 3-1: config 0 interface 184 has no altsetting 0 [ 1901.551496][T14048] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1901.560621][T14048] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1901.568719][T14048] usb 3-1: Product: syz [ 1901.572951][T14048] usb 3-1: Manufacturer: syz [ 1901.578075][T14048] usb 3-1: SerialNumber: syz [ 1901.584245][T14048] usb 3-1: config 0 descriptor?? [ 1901.592183][T14048] smsc75xx v1.0.0 [ 1901.866313][T12236] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 1901.896430][ T220] usb 6-1: new high-speed USB device number 46 using dummy_hcd [ 1902.056476][T12236] usb 2-1: Using ep0 maxpacket: 16 [ 1902.062890][T12236] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1902.073119][T12236] usb 2-1: config 0 has no interfaces? [ 1902.078689][T12236] usb 2-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 1902.087825][T12236] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1902.097125][T12236] usb 2-1: config 0 descriptor?? [ 1902.126439][ T220] usb 6-1: Using ep0 maxpacket: 32 [ 1902.134258][ T220] usb 6-1: config 0 has an invalid interface number: 184 but max is 0 [ 1902.149028][ T220] usb 6-1: config 0 has no interface number 0 [ 1902.177265][ T220] usb 6-1: config 0 interface 184 has no altsetting 0 [ 1902.188673][ T220] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1902.198782][ T220] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1902.208633][ T220] usb 6-1: Product: syz [ 1902.213632][ T220] usb 6-1: Manufacturer: syz [ 1902.220044][ T220] usb 6-1: SerialNumber: syz [ 1902.241592][T14048] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 1902.292453][ T220] usb 6-1: config 0 descriptor?? [ 1902.333087][T14048] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 1902.346164][T14048] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 1902.370785][ T220] smsc75xx v1.0.0 [ 1902.375281][T14048] smsc75xx: probe of 3-1:0.184 failed with error -71 [ 1902.425616][T14048] usb 3-1: USB disconnect, device number 71 [ 1902.531347][T21340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1902.560928][T21340] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1902.608680][T21340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1902.625000][T21340] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1902.642841][T21340] fuse: Bad value for 'fd' [ 1902.662507][T21340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1902.679555][T21340] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1902.898241][T21351] loop4: detected capacity change from 0 to 128 [ 1902.913579][T16318] usb 2-1: USB disconnect, device number 76 [ 1902.920866][T19824] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1902.999144][ T220] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 1903.010553][ T220] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 1903.020462][ T220] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 1903.031078][ T220] smsc75xx: probe of 6-1:0.184 failed with error -71 [ 1903.046816][ T220] usb 6-1: USB disconnect, device number 46 [ 1903.705413][T21357] xt_hashlimit: size too large, truncated to 1048576 [ 1903.780661][T21361] loop5: detected capacity change from 0 to 512 [ 1903.787510][T16318] usb 2-1: new full-speed USB device number 77 using dummy_hcd [ 1903.804818][T21363] syz.3.5427[21363] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1903.804897][T21363] syz.3.5427[21363] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1903.817755][T21361] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 1903.840621][T21361] EXT4-fs (loop5): warning: checktime reached, running e2fsck is recommended [ 1903.851006][T21361] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec02c, mo2=0002] [ 1903.859517][T21361] System zones: 0-2, 18-18, 34-34 [ 1903.869740][T21361] EXT4-fs warning (device loop5): ext4_update_dynamic_rev:1087: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 1903.884719][T21361] EXT4-fs (loop5): 1 truncate cleaned up [ 1903.890655][T21361] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 1903.922091][T14166] EXT4-fs (loop5): unmounting filesystem. [ 1903.923091][T21371] FAULT_INJECTION: forcing a failure. [ 1903.923091][T21371] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1903.961108][T21375] xt_hashlimit: size too large, truncated to 1048576 [ 1903.962575][T21371] CPU: 1 PID: 21371 Comm: syz.2.5431 Not tainted 6.1.138-syzkaller-00056-g7af56ffc913d #0 [ 1903.977816][T21371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1903.987888][T21371] Call Trace: [ 1903.991191][T21371] [ 1903.994138][T21371] __dump_stack+0x21/0x24 [ 1903.998502][T21371] dump_stack_lvl+0xee/0x150 [ 1904.003131][T21371] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1904.008186][T21371] ? memcpy+0x56/0x70 [ 1904.012209][T21371] dump_stack+0x15/0x24 [ 1904.016388][T21371] should_fail_ex+0x3d4/0x520 [ 1904.017454][T16318] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 1904.021097][T21371] should_fail+0xb/0x10 [ 1904.021131][T21371] should_fail_usercopy+0x1a/0x20 [ 1904.041244][T21371] strncpy_from_user+0x24/0x2d0 [ 1904.042368][T16318] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 1904.046133][T21371] bpf_prog_load+0x1bb/0x15a0 [ 1904.063568][T21371] ? map_freeze+0x390/0x390 [ 1904.068120][T21371] ? selinux_bpf+0xc7/0xf0 [ 1904.072579][T21371] ? security_bpf+0x93/0xb0 [ 1904.076342][T16318] usb 2-1: New USB device found, idVendor=05ac, idProduct=0264, bcdDevice= 0.00 [ 1904.077102][T21371] __sys_bpf+0x504/0x780 [ 1904.090363][T21371] ? bpf_link_show_fdinfo+0x320/0x320 [ 1904.095770][T21371] ? __cfi_ksys_write+0x10/0x10 [ 1904.096312][T16318] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1904.100640][T21371] ? debug_smp_processor_id+0x17/0x20 [ 1904.113999][T21371] __x64_sys_bpf+0x7c/0x90 [ 1904.118454][T21371] x64_sys_call+0x488/0x9a0 [ 1904.121000][T16318] usb 2-1: config 0 descriptor?? [ 1904.122984][T21371] do_syscall_64+0x4c/0xa0 [ 1904.132339][T21371] ? clear_bhb_loop+0x15/0x70 [ 1904.134834][T21355] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1904.137037][T21371] ? clear_bhb_loop+0x15/0x70 [ 1904.148815][T21371] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1904.154746][T21371] RIP: 0033:0x7f614558e929 [ 1904.159183][T21371] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1904.178816][T21371] RSP: 002b:00007f6146471038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1904.187258][T21371] RAX: ffffffffffffffda RBX: 00007f61457b5fa0 RCX: 00007f614558e929 [ 1904.195247][T21371] RDX: 0000000000000094 RSI: 0000200000000440 RDI: 0000000000000005 [ 1904.203237][T21371] RBP: 00007f6146471090 R08: 0000000000000000 R09: 0000000000000000 [ 1904.211228][T21371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1904.219220][T21371] R13: 0000000000000000 R14: 00007f61457b5fa0 R15: 00007ffde65b3d08 [ 1904.227212][T21371] [ 1904.415937][T21390] xt_hashlimit: size too large, truncated to 1048576 [ 1904.501995][T21394] input: syz1 as /devices/virtual/input/input98 [ 1904.576469][T17990] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 1904.776598][T17990] usb 4-1: Using ep0 maxpacket: 16 [ 1906.883791][T16318] apple 0003:05AC:0264.000D: unbalanced delimiter at end of report description [ 1906.909651][T17990] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1907.066166][T21405] loop5: detected capacity change from 0 to 1024 [ 1907.073115][T21405] EXT4-fs: Ignoring removed nobh option [ 1907.078787][T21405] EXT4-fs: Ignoring removed bh option [ 1907.098820][T21405] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1907.197888][T21405] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 1907.532493][T16318] apple 0003:05AC:0264.000D: parse failed [ 1907.540451][T17990] usb 4-1: config 0 has no interfaces? [ 1907.546198][T16318] apple: probe of 0003:05AC:0264.000D failed with error -22 [ 1907.553659][T17990] usb 4-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 1907.572828][T17990] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1907.587779][T21414] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3841: comm syz.5.5443: Allocating blocks 497-513 which overlap fs metadata [ 1907.609192][T17990] usb 4-1: config 0 descriptor?? [ 1907.619767][T21414] EXT4-fs (loop5): pa ffff888133436930: logic 1, phys. 449, len 4 [ 1907.627753][T21414] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:4881: group 0, free 1, pa_free 2 [ 1907.628519][T21416] syz.3.5444[21416] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1907.639614][T21416] syz.3.5444[21416] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1907.642064][T17990] usb 4-1: can't set config #0, error -71 [ 1907.670111][ T28] audit: type=1400 audit(1749325001.861:106194): avc: denied { ioctl } for pid=21404 comm="syz.5.5443" path="/346/file1/file1" dev="loop5" ino=15 ioctlcmd=0x6628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1907.675524][T17990] usb 4-1: USB disconnect, device number 62 [ 1907.702688][T21414] EXT4-fs error (device loop5): mb_free_blocks:1815: group 0, inode 15: block 449:freeing already freed block (bit 28); block bitmap corrupt. [ 1907.761156][T14166] EXT4-fs (loop5): unmounting filesystem. [ 1907.857296][T21424] xt_hashlimit: size too large, truncated to 1048576 [ 1909.696857][T14048] usb 2-1: USB disconnect, device number 77 [ 1909.747738][T21432] loop5: detected capacity change from 0 to 2048 [ 1909.841014][T21432] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 1909.856724][T21432] input: syz1 as /devices/virtual/input/input99 [ 1911.679575][T14166] EXT4-fs (loop5): unmounting filesystem. [ 1911.715465][T21459] xt_hashlimit: size too large, truncated to 1048576 [ 1912.016296][T12236] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 1912.246425][T12236] usb 3-1: Using ep0 maxpacket: 16 [ 1912.254267][T12236] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1912.293008][T12236] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 1912.306691][ T28] audit: type=1400 audit(1749325006.401:106195): avc: denied { append } for pid=21464 comm="syz.5.5457" name="event1" dev="devtmpfs" ino=261 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 1912.454975][T21481] input: syz1 as /devices/virtual/input/input100 [ 1912.482948][T12236] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1912.515958][T12236] usb 3-1: config 0 descriptor?? [ 1912.522307][T21489] FAULT_INJECTION: forcing a failure. [ 1912.522307][T21489] name failslab, interval 1, probability 0, space 0, times 0 [ 1912.535110][T21489] CPU: 1 PID: 21489 Comm: syz.3.5470 Not tainted 6.1.138-syzkaller-00056-g7af56ffc913d #0 [ 1912.545045][T21489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1912.555192][T21489] Call Trace: [ 1912.558468][T21489] [ 1912.561400][T21489] __dump_stack+0x21/0x24 [ 1912.565743][T21489] dump_stack_lvl+0xee/0x150 [ 1912.570336][T21489] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1912.575393][T21489] dump_stack+0x15/0x24 [ 1912.579585][T21489] should_fail_ex+0x3d4/0x520 [ 1912.584298][T21489] __should_failslab+0xac/0xf0 [ 1912.589094][T21489] ? bpf_test_init+0xce/0x160 [ 1912.593800][T21489] should_failslab+0x9/0x20 [ 1912.598345][T21489] __kmem_cache_alloc_node+0x3d/0x2c0 [ 1912.603741][T21489] ? bpf_test_init+0xce/0x160 [ 1912.608706][T21489] __kmalloc+0xa1/0x1e0 [ 1912.612889][T21489] bpf_test_init+0xce/0x160 [ 1912.617425][T21489] bpf_prog_test_run_xdp+0x359/0xe50 [ 1912.622731][T21489] ? __cfi_bpf_prog_test_run_xdp+0x10/0x10 [ 1912.628555][T21489] ? __kasan_check_write+0x14/0x20 [ 1912.633699][T21489] ? __cfi_bpf_prog_test_run_xdp+0x10/0x10 [ 1912.639519][T21489] bpf_prog_test_run+0x3e3/0x630 [ 1912.644466][T21489] ? slab_free_freelist_hook+0xc2/0x190 [ 1912.650080][T21489] ? bpf_prog_query+0x270/0x270 [ 1912.654964][T21489] ? selinux_bpf+0xce/0xf0 [ 1912.659407][T21489] ? security_bpf+0x93/0xb0 [ 1912.663942][T21489] __sys_bpf+0x56d/0x780 [ 1912.668297][T21489] ? bpf_link_show_fdinfo+0x320/0x320 [ 1912.673700][T21489] ? __cfi_ksys_write+0x10/0x10 [ 1912.678574][T21489] ? debug_smp_processor_id+0x17/0x20 [ 1912.683965][T21489] __x64_sys_bpf+0x7c/0x90 [ 1912.688402][T21489] x64_sys_call+0x488/0x9a0 [ 1912.692936][T21489] do_syscall_64+0x4c/0xa0 [ 1912.697388][T21489] ? clear_bhb_loop+0x15/0x70 [ 1912.702080][T21489] ? clear_bhb_loop+0x15/0x70 [ 1912.706771][T21489] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1912.712691][T21489] RIP: 0033:0x7f17b318e929 [ 1912.717125][T21489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1912.736746][T21489] RSP: 002b:00007f17b4001038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1912.745195][T21489] RAX: ffffffffffffffda RBX: 00007f17b33b5fa0 RCX: 00007f17b318e929 [ 1912.753212][T21489] RDX: 0000000000000050 RSI: 0000200000000340 RDI: 000000000000000a [ 1912.761232][T21489] RBP: 00007f17b4001090 R08: 0000000000000000 R09: 0000000000000000 [ 1912.769205][T21489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1912.777174][T21489] R13: 0000000000000000 R14: 00007f17b33b5fa0 R15: 00007ffe936903f8 [ 1912.785161][T21489] [ 1912.791034][T21490] loop4: detected capacity change from 0 to 256 [ 1912.906310][T12834] usb 6-1: new high-speed USB device number 47 using dummy_hcd [ 1912.992087][T21495] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5471'. [ 1913.126776][T21497] xt_hashlimit: size too large, truncated to 1048576 [ 1913.764293][T12236] usbhid 3-1:0.0: can't add hid device: -71 [ 1913.772634][T12236] usbhid: probe of 3-1:0.0 failed with error -71 [ 1913.786192][T12236] usb 3-1: USB disconnect, device number 72 [ 1913.944436][T21513] FAULT_INJECTION: forcing a failure. [ 1913.944436][T21513] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 1913.957766][T21513] CPU: 0 PID: 21513 Comm: syz.4.5478 Not tainted 6.1.138-syzkaller-00056-g7af56ffc913d #0 [ 1913.967693][T21513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1913.977756][T21513] Call Trace: [ 1913.981035][T21513] [ 1913.984055][T21513] __dump_stack+0x21/0x24 [ 1913.988394][T21513] dump_stack_lvl+0xee/0x150 [ 1913.992988][T21513] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1913.998039][T21513] ? is_bpf_text_address+0x177/0x190 [ 1914.003434][T21513] ? kernel_text_address+0xa0/0xd0 [ 1914.008732][T21513] dump_stack+0x15/0x24 [ 1914.012899][T21513] should_fail_ex+0x3d4/0x520 [ 1914.017587][T21513] should_fail_alloc_page+0x61/0x90 [ 1914.022823][T21513] prepare_alloc_pages+0x148/0x5f0 [ 1914.027946][T21513] ? __alloc_pages_bulk+0x9c0/0x9c0 [ 1914.033147][T21513] ? __stack_depot_save+0x36/0x480 [ 1914.038277][T21513] __alloc_pages+0x115/0x3a0 [ 1914.042887][T21513] ? __cfi___alloc_pages+0x10/0x10 [ 1914.048028][T21513] ? kstrtoull+0x137/0x1d0 [ 1914.052471][T21513] ? avc_policy_seqno+0x1b/0x70 [ 1914.057350][T21513] __get_free_pages+0xe/0x30 [ 1914.061952][T21513] environ_read+0xbc/0x3a0 [ 1914.066379][T21513] ? fsnotify_perm+0x269/0x5b0 [ 1914.071186][T21513] ? security_file_permission+0x94/0xb0 [ 1914.076734][T21513] do_iter_read+0x4b0/0xb30 [ 1914.081248][T21513] ? _copy_from_user+0x8f/0xc0 [ 1914.086019][T21513] ? vfs_iter_read+0xa0/0xa0 [ 1914.090704][T21513] ? import_iovec+0x7c/0xb0 [ 1914.095300][T21513] do_preadv+0x1f6/0x330 [ 1914.099549][T21513] ? vfs_writev+0x590/0x590 [ 1914.104061][T21513] ? __kasan_check_write+0x14/0x20 [ 1914.109183][T21513] ? fput+0x154/0x1a0 [ 1914.113261][T21513] __x64_sys_preadv+0x9e/0xb0 [ 1914.117946][T21513] x64_sys_call+0x370/0x9a0 [ 1914.122454][T21513] do_syscall_64+0x4c/0xa0 [ 1914.126927][T21513] ? clear_bhb_loop+0x15/0x70 [ 1914.131627][T21513] ? clear_bhb_loop+0x15/0x70 [ 1914.136324][T21513] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1914.142228][T21513] RIP: 0033:0x7f686ab8e929 [ 1914.146649][T21513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1914.166615][T21513] RSP: 002b:00007f686ba44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 1914.175136][T21513] RAX: ffffffffffffffda RBX: 00007f686adb5fa0 RCX: 00007f686ab8e929 [ 1914.183113][T21513] RDX: 0000000000000001 RSI: 0000200000001400 RDI: 0000000000000006 [ 1914.191083][T21513] RBP: 00007f686ba44090 R08: 0000000000000000 R09: 0000000000000000 [ 1914.199054][T21513] R10: 0000000000c002a0 R11: 0000000000000246 R12: 0000000000000001 [ 1914.207027][T21513] R13: 0000000000000000 R14: 00007f686adb5fa0 R15: 00007ffdfeb82d38 [ 1914.215009][T21513] [ 1914.218263][ T220] usb 2-1: new high-speed USB device number 78 using dummy_hcd [ 1914.244139][T21517] devtmpfs: Bad value for 'nr_blocks' [ 1914.250790][T12834] usb 6-1: config 0 has no interfaces? [ 1914.267871][T12834] usb 6-1: New USB device found, idVendor=ffff, idProduct=ffff, bcdDevice= 0.40 [ 1914.277336][T12834] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1914.290228][T12834] usb 6-1: Product: syz [ 1914.293915][T21519] loop4: detected capacity change from 0 to 2048 [ 1914.294430][T12834] usb 6-1: Manufacturer: syz [ 1914.305536][T12834] usb 6-1: SerialNumber: syz [ 1914.313049][T12834] usb 6-1: config 0 descriptor?? [ 1914.320625][T21519] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1914.332573][T21519] input: syz1 as /devices/virtual/input/input101 [ 1914.349561][T12520] EXT4-fs (loop4): unmounting filesystem. [ 1914.446320][ T220] usb 2-1: Using ep0 maxpacket: 8 [ 1914.451764][T11868] ------------[ cut here ]------------ [ 1914.453081][ T220] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1914.457313][T11868] WARNING: CPU: 0 PID: 11868 at fs/inode.c:332 drop_nlink+0xc5/0x110 [ 1914.466152][ T220] usb 2-1: config 8 has an invalid interface number: 1 but max is 0 [ 1914.473104][T11868] Modules linked in: [ 1914.473120][T11868] CPU: 0 PID: 11868 Comm: syz-executor Not tainted 6.1.138-syzkaller-00056-g7af56ffc913d #0 [ 1914.481713][ T220] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 1914.485038][T11868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1914.485054][T11868] RIP: 0010:drop_nlink+0xc5/0x110 [ 1914.485095][T11868] Code: 1b 48 8d bb b8 04 00 00 be 08 00 00 00 e8 63 ee f0 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 9b 94 ac ff <0f> 0b eb 86 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5e ff ff ff 4c [ 1914.485114][T11868] RSP: 0018:ffffc90001287c38 EFLAGS: 00010293 [ 1914.485134][T11868] RAX: ffffffff81c35c75 RBX: ffff88816409ade0 RCX: ffff88815c22d100 [ 1914.485149][T11868] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1914.485162][T11868] RBP: ffffc90001287c60 R08: 0000000000000004 R09: 0000000000000003 [ 1914.485175][T11868] R10: fffff52000250f78 R11: 1ffff92000250f78 R12: dffffc0000000000 [ 1914.485190][T11868] R13: 1ffff1102c8135c5 R14: ffff88816409ae28 R15: 0000000000000000 [ 1914.485204][T11868] FS: 000055555c654500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 1914.485221][T11868] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1914.485235][T11868] CR2: 000055555c6774e8 CR3: 0000000124b03000 CR4: 00000000003506b0 [ 1914.485254][T11868] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1914.485267][T11868] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1914.485281][T11868] Call Trace: [ 1914.485288][T11868] [ 1914.485298][T11868] shmem_rmdir+0x5b/0x90 [ 1914.485328][T11868] vfs_rmdir+0x393/0x500 [ 1914.485352][T11868] incfs_kill_sb+0x105/0x220 [ 1914.485377][T11868] deactivate_locked_super+0xb5/0x120 [ 1914.485402][T11868] deactivate_super+0xaf/0xe0 [ 1914.485425][T11868] cleanup_mnt+0x45f/0x4e0 [ 1914.485455][T11868] __cleanup_mnt+0x19/0x20 [ 1914.485484][T11868] task_work_run+0x1db/0x240 [ 1914.485510][T11868] ? __cfi_task_work_run+0x10/0x10 [ 1914.485533][T11868] ? __x64_sys_umount+0x125/0x160 [ 1914.485557][T11868] ? __cfi___x64_sys_umount+0x10/0x10 [ 1914.485582][T11868] exit_to_user_mode_loop+0x9b/0xb0 [ 1914.485604][T11868] exit_to_user_mode_prepare+0x5a/0xa0 [ 1914.485625][T11868] syscall_exit_to_user_mode+0x1a/0x30 [ 1914.496092][ T220] usb 2-1: config 8 has no interface number 0 [ 1914.505885][T11868] do_syscall_64+0x58/0xa0 [ 1914.522654][ T220] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 1914.540848][T11868] ? clear_bhb_loop+0x15/0x70 [ 1914.547514][ T220] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1914.554995][T11868] ? clear_bhb_loop+0x15/0x70 [ 1914.555034][T11868] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1914.563637][ T220] usb 2-1: Product: syz [ 1914.571105][T11868] RIP: 0033:0x7f614558fc57 [ 1914.579578][ T220] usb 2-1: Manufacturer: syz [ 1914.587115][T11868] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 1914.596566][ T220] usb 2-1: SerialNumber: syz [ 1914.602666][T11868] RSP: 002b:00007ffde65b2f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1914.789950][T11868] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f614558fc57 [ 1914.797966][T11868] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffde65b3050 [ 1914.805953][T11868] RBP: 00007ffde65b3050 R08: 0000000000000000 R09: 0000000000000000 [ 1914.814018][T11868] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffde65b40e0 [ 1914.822129][T11868] R13: 00007f6145610925 R14: 00000000001d362f R15: 00007ffde65b4120 [ 1914.830159][T11868] [ 1914.833203][T11868] ---[ end trace 0000000000000000 ]--- [ 1914.839839][T11868] ================================================================== [ 1914.847925][T11868] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60 [ 1914.854206][T11868] Write of size 4 at addr 0000000000000170 by task syz-executor/11868 [ 1914.862377][T11868] [ 1914.864725][T11868] CPU: 1 PID: 11868 Comm: syz-executor Tainted: G W 6.1.138-syzkaller-00056-g7af56ffc913d #0 [ 1914.876274][T11868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1914.886422][T11868] Call Trace: [ 1914.889710][T11868] [ 1914.892652][T11868] __dump_stack+0x21/0x24 [ 1914.897010][T11868] dump_stack_lvl+0xee/0x150 [ 1914.901624][T11868] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1914.906670][T11868] ? ihold+0x20/0x60 [ 1914.910586][T11868] ? ihold+0x20/0x60 [ 1914.914497][T11868] ? ihold+0x20/0x60 [ 1914.918412][T11868] print_report+0x3d/0x60 [ 1914.922760][T11868] kasan_report+0x122/0x150 [ 1914.927315][T11868] ? ihold+0x20/0x60 [ 1914.931239][T11868] kasan_check_range+0x280/0x290 [ 1914.936204][T11868] __kasan_check_write+0x14/0x20 [ 1914.941165][T11868] ihold+0x20/0x60 [ 1914.944932][T11868] vfs_rmdir+0x25f/0x500 [ 1914.949192][T11868] incfs_kill_sb+0x105/0x220 [ 1914.953818][T11868] deactivate_locked_super+0xb5/0x120 [ 1914.959226][T11868] deactivate_super+0xaf/0xe0 [ 1914.963915][T11868] cleanup_mnt+0x45f/0x4e0 [ 1914.968356][T11868] __cleanup_mnt+0x19/0x20 [ 1914.972793][T11868] task_work_run+0x1db/0x240 [ 1914.977401][T11868] ? __cfi_task_work_run+0x10/0x10 [ 1914.982518][T11868] ? __x64_sys_umount+0x125/0x160 [ 1914.987558][T11868] ? __cfi___x64_sys_umount+0x10/0x10 [ 1914.992948][T11868] exit_to_user_mode_loop+0x9b/0xb0 [ 1914.998175][T11868] exit_to_user_mode_prepare+0x5a/0xa0 [ 1915.003649][T11868] syscall_exit_to_user_mode+0x1a/0x30 [ 1915.009119][T11868] do_syscall_64+0x58/0xa0 [ 1915.013553][T11868] ? clear_bhb_loop+0x15/0x70 [ 1915.018241][T11868] ? clear_bhb_loop+0x15/0x70 [ 1915.023041][T11868] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1915.028961][T11868] RIP: 0033:0x7f614558fc57 [ 1915.033380][T11868] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 1915.052986][T11868] RSP: 002b:00007ffde65b2f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1915.061430][T11868] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f614558fc57 [ 1915.069400][T11868] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffde65b3050 [ 1915.077375][T11868] RBP: 00007ffde65b3050 R08: 0000000000000000 R09: 0000000000000000 [ 1915.085348][T11868] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffde65b40e0 [ 1915.093400][T11868] R13: 00007f6145610925 R14: 00000000001d362f R15: 00007ffde65b4120 [ 1915.101380][T11868] [ 1915.104395][T11868] ================================================================== [ 1915.122996][T11868] Disabling lock debugging due to kernel taint [ 1915.129515][T11868] BUG: kernel NULL pointer dereference, address: 0000000000000170 [ 1915.137344][T11868] #PF: supervisor write access in kernel mode [ 1915.143422][T11868] #PF: error_code(0x0002) - not-present page [ 1915.149434][T11868] PGD 11b5bc067 P4D 11b5bc067 PUD 0 [ 1915.154759][T11868] Oops: 0002 [#1] PREEMPT SMP KASAN [ 1915.159982][T11868] CPU: 0 PID: 11868 Comm: syz-executor Tainted: G B W 6.1.138-syzkaller-00056-g7af56ffc913d #0 [ 1915.171734][T11868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1915.181822][T11868] RIP: 0010:ihold+0x26/0x60 [ 1915.186382][T11868] Code: 33 36 7c df 55 48 89 e5 41 56 53 48 89 fb e8 01 8c ac ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 a0 e5 f0 ff 41 be 01 00 00 00 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 f1 [ 1915.206024][T11868] RSP: 0018:ffffc90001287c78 EFLAGS: 00010246 [ 1915.212196][T11868] RAX: ffff88815c22d100 RBX: 0000000000000000 RCX: ffff88815c22d100 [ 1915.220170][T11868] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1915.228226][T11868] RBP: ffffc90001287c88 R08: dffffc0000000000 R09: fffffbfff0f2cafd [ 1915.236198][T11868] R10: fffffbfff0f2cafd R11: 1ffffffff0f2cafc R12: ffff88816409adec [ 1915.244172][T11868] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000 [ 1915.252142][T11868] FS: 000055555c654500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 1915.261075][T11868] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1915.267659][T11868] CR2: 0000000000000170 CR3: 0000000124b03000 CR4: 00000000003506b0 [ 1915.275631][T11868] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1915.283605][T11868] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1915.291586][T11868] Call Trace: [ 1915.294867][T11868] [ 1915.297811][T11868] vfs_rmdir+0x25f/0x500 [ 1915.302082][T11868] incfs_kill_sb+0x105/0x220 [ 1915.306701][T11868] deactivate_locked_super+0xb5/0x120 [ 1915.312081][T11868] deactivate_super+0xaf/0xe0 [ 1915.316764][T11868] cleanup_mnt+0x45f/0x4e0 [ 1915.321190][T11868] __cleanup_mnt+0x19/0x20 [ 1915.325610][T11868] task_work_run+0x1db/0x240 [ 1915.330208][T11868] ? __cfi_task_work_run+0x10/0x10 [ 1915.335350][T11868] ? __x64_sys_umount+0x125/0x160 [ 1915.340386][T11868] ? __cfi___x64_sys_umount+0x10/0x10 [ 1915.345765][T11868] exit_to_user_mode_loop+0x9b/0xb0 [ 1915.350966][T11868] exit_to_user_mode_prepare+0x5a/0xa0 [ 1915.356440][T11868] syscall_exit_to_user_mode+0x1a/0x30 [ 1915.361910][T11868] do_syscall_64+0x58/0xa0 [ 1915.366332][T11868] ? clear_bhb_loop+0x15/0x70 [ 1915.371009][T11868] ? clear_bhb_loop+0x15/0x70 [ 1915.375687][T11868] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1915.381591][T11868] RIP: 0033:0x7f614558fc57 [ 1915.386008][T11868] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 1915.405703][T11868] RSP: 002b:00007ffde65b2f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1915.414118][T11868] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f614558fc57 [ 1915.422089][T11868] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffde65b3050 [ 1915.430062][T11868] RBP: 00007ffde65b3050 R08: 0000000000000000 R09: 0000000000000000 [ 1915.438034][T11868] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffde65b40e0 [ 1915.446008][T11868] R13: 00007f6145610925 R14: 00000000001d362f R15: 00007ffde65b4120 [ 1915.453988][T11868] [ 1915.457010][T11868] Modules linked in: [ 1915.460932][T11868] CR2: 0000000000000170 [ 1915.465086][T11868] ---[ end trace 0000000000000000 ]--- [ 1915.470538][T11868] RIP: 0010:ihold+0x26/0x60 [ 1915.475062][T11868] Code: 33 36 7c df 55 48 89 e5 41 56 53 48 89 fb e8 01 8c ac ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 a0 e5 f0 ff 41 be 01 00 00 00 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 f1 [ 1915.494675][T11868] RSP: 0018:ffffc90001287c78 EFLAGS: 00010246 [ 1915.500748][T11868] RAX: ffff88815c22d100 RBX: 0000000000000000 RCX: ffff88815c22d100 [ 1915.508726][T11868] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1915.516785][T11868] RBP: ffffc90001287c88 R08: dffffc0000000000 R09: fffffbfff0f2cafd [ 1915.524756][T11868] R10: fffffbfff0f2cafd R11: 1ffffffff0f2cafc R12: ffff88816409adec [ 1915.532728][T11868] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000 [ 1915.540699][T11868] FS: 000055555c654500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 1915.549627][T11868] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1915.556230][T11868] CR2: 0000000000000170 CR3: 0000000124b03000 CR4: 00000000003506b0 [ 1915.564206][T11868] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1915.572177][T11868] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1915.580156][T11868] Kernel panic - not syncing: Fatal exception [ 1915.586519][T11868] Kernel Offset: disabled [ 1915.590841][T11868] Rebooting in 86400 seconds..