last executing test programs: 25.718914834s ago: executing program 3: r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000304fcff", 0x58}], 0x1) 25.691316208s ago: executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) getresgid(&(0x7f0000000040), &(0x7f0000000180)=0x0, &(0x7f00000016c0)) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=r1]) preadv2(r0, &(0x7f0000000140)=[{&(0x7f0000000080)=""/16, 0x2000}], 0x1, 0x0, 0x0, 0x0) 25.567413475s ago: executing program 3: socket$key(0xf, 0x3, 0x2) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)={0x2, 0x5, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, [@sadb_x_sec_ctx={0x1}, @sadb_address={0x3, 0x17, 0x0, 0xa0, 0x0, @in={0x2, 0x0, @private}}]}, 0x30}}, 0x0) 25.520299792s ago: executing program 3: r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000600)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000200)=0x10) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) renameat2(r1, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', r1, &(0x7f00000002c0)='./file0\x00', 0x0) open(&(0x7f0000000080)='./file0\x00', 0x201c2, 0x0) 25.410196127s ago: executing program 3: socketpair$unix(0x1, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000000c00)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x2) syz_open_dev$tty1(0xc, 0x4, 0x1) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r3, 0x560a, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) getsockopt$sock_buf(r4, 0x1, 0x5, 0x0, &(0x7f0000000140)) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) 25.290490345s ago: executing program 1: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) listen(r2, 0x0) epoll_pwait(r1, &(0x7f0000000140)=[{}], 0x1, 0x7d, 0x0, 0x0) shutdown(r2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000c85000)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000f2cff4)={0x77540947ad9a168d}) 25.17884536s ago: executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) open(&(0x7f00000003c0)='./file0\x00', 0x101bff, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fcntl$setsig(r1, 0xa, 0x21) fcntl$setlease(r1, 0x400, 0x0) truncate(&(0x7f0000000080)='./file0\x00', 0x0) fcntl$setlease(r1, 0x400, 0x2) 24.885605531s ago: executing program 1: r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0xff69) sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000005a0001004affffff0000000000000000080001"], 0x1c}}, 0x0) 24.676619591s ago: executing program 1: mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') open(&(0x7f0000000380)='./file1\x00', 0x0, 0x0) linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0) unlink(&(0x7f0000000180)='./file1\x00') unlink(&(0x7f0000000000)='./file0\x00') 24.108686361s ago: executing program 1: r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000600)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000200)=0x10) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) renameat2(r1, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', r1, &(0x7f00000002c0)='./file0\x00', 0x0) open(&(0x7f0000000080)='./file0\x00', 0x201c2, 0x0) 23.68734517s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 13.104455962s ago: executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008f50850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0106000000000000000009000016240004801300010062726f6164636173742d6c696e6b00000c0007800800050002"], 0x38}}, 0x0) sendmsg$TIPC_NL_NET_SET(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000780)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000fdfffff70f4000003000078008000200060000000c0003"], 0x44}}, 0x0) 12.944774705s ago: executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) connect$unix(0xffffffffffffffff, &(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x10) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'bridge0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r2}) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="940000001300290a000000000000000007000000", @ANYRES32=r1, @ANYBLOB="000000000000000008000c00004e07006c001a8054000001"], 0x94}}, 0x0) 12.857504107s ago: executing program 2: bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000001000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000040)='virtio_transport_alloc_pkt\x00', r1}, 0x10) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r2, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112) syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xc8, 0x9d, 0x5b, 0x0, 0x2001, 0x400b, 0x3b54, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x57, 0xcc, 0x5, 0x0, [], [{{0x9, 0x5, 0x0, 0x1, 0x40}}]}}]}}]}}, 0x0) syz_usb_connect$cdc_ncm(0x1, 0x98, &(0x7f0000000080)={{0x12, 0x1, 0x101, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x86, 0x2, 0x1, 0x0, 0x0, 0x40, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x8, 0x24, 0x6, 0x0, 0x1, "0c34c8"}, {0x5, 0x24, 0x0, 0xf62f}, {0xd, 0x24, 0xf, 0x1, 0x0, 0xf49b, 0x9, 0x10}, {0x6, 0x24, 0x1a, 0xb68, 0x1}, [@network_terminal={0x7, 0x24, 0xa, 0x81, 0x90, 0x7, 0x40}, @dmm={0x7, 0x24, 0x14, 0x0, 0x8000}, @acm={0x4, 0x24, 0x2, 0x7}, @mdlm={0x15, 0x24, 0x12, 0x53ba}]}, {{0x9, 0x5, 0x81, 0x3, 0x20, 0x7, 0x2f}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x80, 0x7, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x7, 0x8, 0x6}}}}}}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x110, 0x7f, 0x6, 0x0, 0x8, 0x1}, 0x0, 0x0, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x2c01}}, {0x6f, &(0x7f00000001c0)=@string={0x6f, 0x3, "7868c07d3356adc8dc85c10a60cdc8dc379ecf1646c5bff5712dee0f83286d9c1a63cde38b1cd8f6b8e7c0ddb07cafa35e3f91179e577d4a0397e859c9173cabd06939de3535a5ce8d87e5ad60b680744857649ea99f6d9f234eab2bcd250fa0de7265ac01158686e0b88da9c7"}}, {0x77, &(0x7f0000000240)=@string={0x77, 0x3, "e670fa261323306695c433a6c2ec6475c4d1a1387106540f85754e80dd4734dcc12bd000b250a083ba4dedb8e3bb4dedbd7fad47787082784a9e7445a03253e7e62a00b3ec33b034f46b68e658373ac71c2c0e74c41e88108a8e5b8162a0e2bbc84d93c5d0508df9a53a3dc3342434f1738722b745"}}]}) 9.7862403s ago: executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) eventfd2(0x0, 0x0) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000380)={0x2000000}) 9.689769023s ago: executing program 2: creat(&(0x7f00000000c0)='./control\x00', 0x0) r0 = inotify_init() r1 = epoll_create(0x200008) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendmmsg$inet(r2, &(0x7f0000004540)=[{{&(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x10, 0x0}}, {{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000180)="15b26f226e2966667482d50703b0a8d92ccd9e69d5cc4cb3d467a670b237a9225fb56c0f7ea725dee27c4bb43bb50c6748c83b71d59f0537405dfab648c096607340fac939a2efd31cbe2f8ca29c409e87ea0974b7bceff9afef5dffd691575f5115f2f961ad488e3386036913e98181a6034febaab853a3e928b9035b0e3a8e1cb393c70f6d0448970e0af2476f8b923ee09c19deca55d58f70e8eeff55dda6381cb96afe97196c0af0a8fd450a1447a1a521e2c211fb84cbcf4aebd31298972ec6be", 0xc3}, {&(0x7f0000000d80)="7d68e6de85f9b0cbc9d710267f321ec64eab043ecad9af7e01e9463218ec45924a99867163e468d36a682fadd749caa325e685d75559a87139e02fae7271be8f55671cfd32a09896278d1941370174720838039d0989bc3394b8a4c4f4a30f0496be313d6d60fe47966c634a3ee1f659e8ef310647725bda0130d5de5028220a4cf5fc808a75694738ee26cb21302b4bba4265b845a5d5dce706d9820c6936b122f9658446d74a9016b94424971dd443a6907eb5c73b6b200e92b23f2c36a214729b0bc231511e4c", 0xc8}, {&(0x7f0000000380)="73fd71361e8d6c80ae1bc9953e2a4aeac7a314273066fc7f65a51969b46df1774bb0be94ccd4824f2d57ad2cd37242b1258402395481f9f07e067652e52aa8ccefcd0962ba0c48757b68d493f3ad702e65d4daa7dfc1605a173185472ae12470eea64c70ef4e64793b8a830447de0f423bef3964934eef4243cac42939ba6fa68d821b9373b5f3e2c26e7ca75ed8fb3203aef3a6637cecdd0251532b99537e02f604058f50e66c8a657d59beeed127695475f082d3d2b9790181fc987ad000ac00887d1506be89f388ecb405660b4ea196ee8f5a92b12ec43bbf49567db613d478ebe2358364f7600bf4f80ef4b2756fb13416c4fa22880cc96a03f07888575aedb001d5a74bb2f906797912b5ac080a0a3d361425f1a92ab03bbe65d5dcb235f43b5ad1162a16ebdc647baac013bf076945126cdd5a080853976a97ad55184601102fbb8df86b21aa8162858d74465c5fb7dc766602a3567f6eaf441f85ec50ca7fb3a4fdb450d1420531da25d01a412958a5e3895c59542238cf8e188e7fb5641eb24a5f1819bf8d2e9dd6c1d0e93564d723e311db9cd268bb1e477036e822b135cdbaf40f812aa7db01d22c829ab01ae24997dae96ddeed49e62d285701d5419e3f94a8b95790cf5a296ed15bffae1f71470c6a6eda872528844a2df42590d898630263cab5cccec57b7cea365ad8c91bfbe7cb419635ce6bf340a56115c0ad922b6fade9538e543bc5def2a85d35ab16d20c219c4733837be2c14ba4d3d32c3a6882ce6857626f55109b4cdcb634425d710bf3108f9b31b4af0cc17a58e49e871a56126dd8bed08e038ba64008587237b3442d28032e52fc9fae1a5784ba59d0edfa03d38352724903ed6f6970b3f4dfa6e40bf933b6765c6ee648174765f1e8ec71b80cac86abd065a3005b40a43a665707cc590997c5048183006a9dd8026d39def05950183b3d4f12f4e1644ef78cddac7c5569985c2c232bb350f28857675339e53f63a868704d2e0b38993dc57a02d3e297fc9a5b9384622841018c303a05bac25d509df5a2d0e3232927283fcc3ec67e4fa7b71d22f115cf693851dcceab4bce38cbfbb32829e211cdcb6a359e14fe416663541050d340aef2555dbd292bd9cbab8fcf20378149cc994569c2bc95fb33fd2d9321b8ac8e5160b02e202492f470eb719a8f2ac3a4be37ea0918b54b14789b7aa228d47f7b13fd9af608740c5a8fe02109a7cc0e555b22628ef790e513ecadfd338d30aed8ca219e64ee4fb0bd0e21e5101bf2072ffa071eb1aa0454caccc015ff1e166813f819a142b56a22e4ff387bb319288a0ef747c6fc8fdee3a0e193b0d086eb816e97e0322fcdaa30da61cd26ac9d8d0748fccd911ce0fd4adc953e9486e137fe66bc8aedfd5b78c562ebfc578ac9f96a453311766564541e16955e30b95914e9411a0b4cd95e0d8732d5ff7a4f921ef41d986a195334266585353b16b9449955523913a30c087532bcb899f733af3abea59baea174cf04359547a633b5f8a582ae3ef12a1d0125bef8c6e8c9fb589d3597c5ab3879491b0c5e3607203f06836a6805d3f7979c4325f9fecb2aceddedb272237132460cda812ef7d613a585898d59f92ef68ec95f12b47b440f6d899ecbfab48055e0c1605ba4cd9dbc17c4cbfec8a953ebbd38c45a6737a57ee58e21a20e530171137968ae4f0d0366cdb0b9d6a4667b011fcd7cd9e77364e5221989d8f0d80793260e748e3bd394849c090c744f6044328304cd6f02e941c5405647daffc1fd2f2864b37f92bbf4931c8e4a7c6bafd0ea79d39d330e70e6776bf6a926de227e5a43653bba04883e98d67bb64aa86e8bf271ba87604bc598e47f2992c7618ad25068860a481554b53352c7339de7e79c3bd1aed5bef8f398432858c888a5d8651969ea40eb3d486e9fe61d49b20500fdfd1548f567da970103d36730657c35d03d2c36b142665f62203b1fb12d616478cfef6f38b34cda87a634dd06d359f33e98b94a5e5b46b2a8d73126352d1d5b65af75055455cc903e384c41876fbdff935d047284d9d203b147a6ba0e9cb50beef7798886c33d2f2f0c0d9abe0e32c7c809f8b0b28fc59471987353c862a311776b8275bf319d5cb9a59f8f103b6e567ef5dd8859973cc3fe41e356bf5bd3186240e49286977eca36a8ad44185973b276cd7958b73e14a221b7fd567818bebf54ad27ee95161bd2aeeb356482ff467500a7d36f0464f58a591ec6b728f984ec78d0abe14c6d3411ac3ffc4c3179d1f95d029f26cceb545723519d3d4209a2b1243e78767273c13dc2bd320512674b6f1a50313bae7b9d16aebb476dbc829e8fd8dd46a1696efaff5795cf75de57c90f05ed9ef4a5cdfbf20d3d9ed95fb4114b1d5c9ade0856212e7ba330ce5bccf2c993dff89112b28bd3b17d3fcfacef7590f62bf948977dd79e2d8025946c80bf263e34035409b5ba1443d4929727180761bd56d258c3670a0aa4de21111fc3172367582de2d164ff3a18d0696b8dd8e5c1423b2ea1e2c0cfe141e4cf04f8cdaed48976b94c40d6a581300458661bbdbfeeb4969af6319eb1798843d0872f68f0c6537bbc9c7dd1e9b0564bf442d8d25f8aa884aba1df074d374f99750d9227bb821ba0355f60de2829a5c8cd47c89d29a2e3d7d53d59db5c3ace8f484664202c210c68a3b33076fb00d59938e84fbad6d6618c0bb89cf94035fa2de4da351e0d71df416450ea7ec3af33aa5c0313c63e654bd79c73b39dc1933636956761058d76648746daca469f8fce62c17a8160cdefc6a927eef9ec4a8dd684e46f35282546ce2362ab8afedd39bf699fd7c2cde538f52ea43c08558f42ba77b2986b800c45fa76a130b30919b3e1d504573e3c1e7dd2dc5d81379df53d736511f1da4ad8791e46adb27bb5c38129e89edda0aed99dcc03fe400f7d05d48e3e9e17744e8487f8ac464c86f7332211fb9799e9d27a6832d5f17ccd1a2da255f6da047e4728dd80860c04391bca4b7833f0346866401ec20033bcf6dfa85fd1520de5a03b4f9f6f5d2f8d7b6e7d7df1cbe5c05e23e080cf335639c94c48aaeb0bfebbe79530d67d35fb101c91839954c0e50dd4b90a86428b22b0be1e906fee30f68d7ce4bf9c68eafe695f07f5e4e4d473d77104b7b1b5dcfeb84e8c83624c0068d4e1cccfe740f8e5d5699603f8481ef2a1f2d4b8fd2314c5cb1985fe34cf8ede7d2e8bddea269422490903489c7f5951114d7ccb29a19455a987d538955712a460243105b25ccb6e6f34c370a6bbb234bee150dbcea5188e45305253f1014f7c0b5d60d517d2d05707f5ca9249a921d6c5307caf41deca0509b49102d801320db65c00f6e1c05fb8c2e1cc554673bf6168dd64086b19af28eec508fd0c304837e802173ac9947c4d73929c61d9632ab929a25f2a04350954612c2de705c1c25215284fe933fc8ccfd30ab3fc9ff5e04dd68d4720d95a29d6da176ac9d332c9ce77358f3c262777ea828fe6473638bc77be2aa586a3733e275744bc42c3742c1ad8f89d25c31958902f2f498c58fc85e9b78fb7a331734cb081cfa9ccfd262df927c0ff46983f8765af4add3532de2b91f2436df028", 0x9fd}], 0x3}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000001700)="c9", 0x1}], 0x300}}], 0x3, 0x240080e4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000080)) r3 = inotify_add_watch(r0, &(0x7f00000001c0)='./control\x00', 0xa2000396) inotify_rm_watch(r0, r3) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0xb000001d}) epoll_wait(r1, &(0x7f0000000100)=[{}, {}], 0x2, 0x0) 9.608942385s ago: executing program 2: ptrace(0x10, 0x1) ptrace(0x4207, 0x1) 976.455861ms ago: executing program 4: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f00000002c0)={[{@jqfmt_vfsv1}, {}, {@barrier_val}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@min_batch_time={'min_batch_time', 0x3d, 0x6}}, {@nodelalloc}, {@acl}, {@noinit_itable}]}, 0xfc, 0x572, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) fallocate(r0, 0x0, 0x800003d, 0x7ff) write$binfmt_script(r0, &(0x7f00000000c0), 0xb) lseek(r0, 0x0, 0x3) 843.069ms ago: executing program 4: r0 = memfd_create(&(0x7f00000002c0)='D\xa3\xd5Wj\x00\x00\x8b\x14\xc2\xac\x1a\x1a\vG\xa9~vB\xbc\t\x00\x00\x00VoA\xaa\xbc\xee[\xe1\xa2\xe0\xff\x04\x00\x9b\x12\x0eW\xcf\t\xb0\xa9 +H/\xfd\xa4\xcaN\x84\xadS\x8bqE\x99\x01t\xb1\x1f|\x99PL\x92\x8f\xc2y\xcd\x8cj\x03X\x05\x17mwI\xf0\x01\xe5z\xcdJ)\xc7\xfa)\xaa}\xef\xde\xf5\xcd\xb1o5\x18\xd6\v\x85q\x98\x9bB\xb9\xea\xe7\xff\x7f\x00\x00T\xc0\xd2\t?\bpBl\xf4\x86\xd4\xc9\xe3\x8f\xd9\x9f\x15\x1e\xf2\x18\r\xad\b\xe0\x96NH\x85\r+\xfc\xb3\xdd\xddhg(\x03\xa7\x92\xe5\x00+h\xb7@#K\x9cMY\xd3\x9b\b-G\xb1\xdaS\x81\xb2\x93\xb83\x8a\x94*\x8d\\\b\xff/\xf8A\xaf\\\xaa\xf5u\xde\xfa\xa1\xc0\xf9&gR\x81.\xff\x83k\xe6\rDa\x16\xbd\x1a\xb2w\b\x00'/244, 0x0) write(r0, &(0x7f00000000c0)='i', 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) getsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000002e80), &(0x7f0000000000)=0x4) 733.787485ms ago: executing program 4: r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x20, 0x16, 0xa01, 0x0, 0x0, {}, [@nested={0x4}, @typed={0x8, 0x2, 0x0, 0x0, @fd}]}, 0x20}}, 0x0) 694.919031ms ago: executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x759, &(0x7f0000000080)={[{@nouser_xattr}, {@i_version}, {@noblock_validity}, {@errors_remount}, {@commit={'commit', 0x3d, 0xfffffffffffffffe}, 0x0}, {@usrjquota}, {@grpjquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2d8}}, {@abort}, {@nouser_xattr}, {@max_batch_time={'max_batch_time', 0x3d, 0x5}}, {@mblk_io_submit}, {@bsdgroups}, {@grpjquota_path={'grpjquota', 0x3d, './file0'}}], [], 0x2c}, 0x22, 0x508, &(0x7f0000000180)="$eJzs3E1vFOcdAPD/rG2MC9QufeWlZVta1WpVjM3roQdArcSlUqVWETlubIMIBiLsSICsYKIIpBwS8QnycouUT5BTcomSKIdEuQblGkVCkS+QHKKJZnbWWXt2je2svTH+/aRdnmf2mZ3nPzMP+7zsOoAtq5o9JRE7I+LziBisZxcXqNb/eTQ/O/7N/Ox4Emn6v6+TvNzD+dnxRtHGfjuKzHAlovJSEvvKh+2fvnHzUm1qavJasWFkplKkLtcuTF6YvDJ28uTRIwMnjo8d60icWZ0e7n3h6v49Z5++95/xc/ee+fDtrL5p8XpzHHVD+fO2FR+hp7SlGtXF57LJX1Ze9U1hV1M66c2eK92rDCuW3bXZ5erL2/9g9OS5usH494tdrRywrtI0TftLWxc+y+bSZklS3yFNb6fAEyCJbtcA6I7GB/3D+WykOjteHgc/2R6cjnwElMX9qHjUX+nNR7DVofrYqG+djv+riDg39+1r2SNazkMAAHTWu6cj7p6p9zsaj/orlfhNU7mfF2tDQxHxi4jYHRG/LPovv47Iy/42In7XtM/OFawCVJfky/2fTweKRHN3tWOy/t8/i7Wtxf2/hZoP9RS5XXn8fcn5i1OTh4tzMhx9/Vl+tPzWC9Nq7/3rs1fbnYlqU/8ve2THb/QFi3p81btkgm6iNlPrQOi5B7fzE3urHH8SvUkjFbEnIvau4f2zc3bxb2/tb/f6ovizOEvxv9L+zXvXUKEl0jci/lq//nOxJP4o1v+SfH3y8nMj0zdu/uNi8/rk6InjY8dGtsfU5OGRxl1R9tEnd/5bJEvDiGWuf6NprOtCWnb9f9by/l9YuRzKUgvrtdOrP8ad+3fbjmnWev9vS/6fpxvrs9drMzPXRiO2JXPl7WM/7Hu9NrCofBb/8MHW7X93xHevF/vti4jsJv59RPwhIg4Udf9jRPwpIg4uE/8HZ/78bLsh5OPjX19Z/BOruv6tElGbmjr1cUTrMj2X3n+ndOCXq6X4+6Ld9T+ap4aLLRO1me2Pi6tdTZcmfvQJBAAAgE3gQD5Pm1QOFRNNO6NSOXQoYsfCDMr0zN/PX33+ykR9Pnco+iqNma7BpvnQ0WJuOMtne4015bPXj+TzxmmapgNZPhu/T+3qbuiw5e1o0/4zX5Z/0gI8aVa1jtbuF23AprS0/d9f8Z6d/0IGsLE68D0aYJPS/mHrWnH7X69fwQFd06r934p41IWqABusVft/qrTl1IbUBdhYxv+wda29/fsyAGx2Pv9hS1rRj+TXkNh9dpkySe/6HLR9ohLL/xWAoYjGlkafZvk3/KIS0Zka9kxHRMciHVh0TSsty2yPThwrKk1bshNWLtO7ij/EsLGJyk+jGvVE/+NugEos3Gy3Gomb612xvBG82dX/nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrg+wAAAP//MrnQYA==") 462.077074ms ago: executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x64, 0x0, 0x1, 0x401, 0x0, 0x600, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xfffeffff}]}, 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)={0x44, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_ORIG={0x4}]}, 0x44}}, 0x0) 374.734086ms ago: executing program 4: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 365.598948ms ago: executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f00000043c0)={0x29, 0x2, 0x0, {0x0, 0x8, 0x0, 'group_id'}}, 0x29) 316.847644ms ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x1, 0x8008, 0x8, 0x11}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000080), &(0x7f0000000200)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) llistxattr(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 316.013005ms ago: executing program 3: bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x7fff}, 0x48) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="4000000010002104efffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b0001006272696467650000040002800a0001"], 0x40}}, 0x0) 253.114304ms ago: executing program 0: syz_mount_image$vfat(&(0x7f0000000280), &(0x7f0000000080)='./file0\x00', 0x30140ca, &(0x7f0000000600)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c666d61736b3d30303030303030303030303030303030303030303036362c696f636861727365743d69736f383835392d312c6572726f72733d636f6e74696e75652c756e695f786c6174653d302c696f636861727365743d61736369692c726f6469722c73686f72746e616d653d6d697865642c756e695f786c6174653d302c757466383d302c757466383d302c756e695f786c6174653d312c64656275672c756e695f786c6174653d312c666d61736b3d30303030303030303030303030303030303030303030332c6e6f63617365aec489af6ba9723d4b17106f6d47b9ade1c253d4e3b08066427cae9f41fd1e1dd25a22e31fad6e8bf6f67e052de91b544f2f4541f87a0c0b36e8d444150b35c110bda57fe7a9c06ba087cc975447082aaf95213301f3e04b70ea67ba7116d80f126f782a78428b878fc79c0be9ad98cb6950995e6edba78e5301e8c8e69cc85bf61421d4466d1889f02a594b00a79413eceb8b54f84a84787815ef9a18f1fe1c81b4c1830102f7e3236e2533e486ecb46ee53991c5bfe6289a474582b2e57741fd8de78f42097851bee74d4201c7767e0e0f4b34523150639b1291441ad01f2f72ed3679d7bca0e8b4e0689f883196af0d0dfe7344f276c1b4bdd0cae2309519f9d40df23cf05d9c8d8f9d07da771ea1e3bcd8478fb989f770da17f700000000000000"], 0x2, 0x2ce, &(0x7f0000000300)="$eJzs3U9rHGUYAPBn9s/sVg+bg3gQwQE9eCptr142SAti8GDZg3rQYFuQ7CI0EKiKY09evXjwMwiCH8SLX0AEr4I3KxRG5l93N91ud6MbMf39Dsmbd55n3mfeHTaTQJ589PLs6FYWd+5/8WsMh0l0xjGOB0nsRSdaX8WS8TcBAPyfPSiK+KOoxaXN85KIGO6yMABgZ5a+/z9Rbz788VzKAgB26OZ777+9f3Bw/d0sG8aN2dcnk/In+/JzfXz/TnwS07gdV2IUDyOqB4V+VE8L5fBGURR5LyvtxWuz/GRSZs4+/Kk5//7vzS8LSnvVx0dPG1X+WwfXr2a1hfy8rOO5Zv1xuf61GMULj5KX8q+tyI9JGq+/ulD/5RjFzx/HpzGNW1UR8/wvr2bZm8W3f37+QVlemZ/kJ5NBFTdXdM/xZQEAAAAAAAAAAAAAAAAAAAAA4IK73PTOGUTVv6ecavrvdB+WX/Qja9X9fYq2P0+d37b2WeoPVBRFXrXLqfvrXMmyrGgC5/19evFSb5uOwwAAAAAAAAAAAAAAAAAAAHBxHd/77OhwOr19918ZtN0AehHx182Is55nvDDzSqwPHjRrHk6nnWa4HNNbnIluG5NErC2jvIh/uC0vvrNZ8KXHam4G3/+w7aLDp8f0V691fK971tcrPz3T3l1Hh8nqPRxEOzNsFv0ujZjHpLHh6umTDhWxze2Xrjw02no30uerQb4mJpJ1hb3xW71zzUxy+irSaldXpvebwUL6qXtjk/v5lxjW6Y+/VyS9Hb4RAQAAAAAAAAAAAAAAAAAAC3//v+Lg/bWpnWKws7IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4FzN////FoM8IvrNCZ4SnMbd4//4EgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgG/B0AAP//FgdXFQ==") r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) openat(r0, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0) umount2(&(0x7f0000000240)='./file0/file0\x00', 0x0) 116.187553ms ago: executing program 0: r0 = syz_open_procfs$namespace(0x0, &(0x7f0000001240)='ns/pid\x00') ioctl$NS_GET_USERNS(r0, 0xb701, 0x0) 16.000397ms ago: executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'macsec0\x00', 0x400}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000030850000002c00000095000000000000002b4003fe37a077ae55f52c0d80a2749baca85309be96d5a45bbb29ea06f9cbc7eea15bc1ee369d2707231280f0415df341ab76de90db5ff7ffffffd075b373f51be98db7efbbe8e04acb807fbbabc68abdcce9f672b6bb61c302dfd5c1f870adac29fd64d33a3502fbeb1ed99dd0e792f24c420bfcc2635421d339ad521d6953b1137850d9e9ebf65ee988ea2dbee528678eacb4389adbb47efb7b3f19046c7f1bd1bf56e58555d96137f95b3aacd74ed1c8a8676468cf2405e48723c6b1ff3698422f88ffed8617dd64330f4c38ba86e3b50da03f4b1e4808aa5c9e9546d7190747c6abc5beab28cec4ff7faa3fab48cdb3d64cfd5d698416752a16f32a54ccef577832e4cf684fce2cb0bab7f6a5821b26483322000000000000596c6e1ac996b8a0924948750b6e52c09d53950e5c8143db8669f8a5bf6511df822532e3c78d019149651255048aab0399e5d6e317b6f3fbc2600ffc3c66c7244b7bcf6b78b5e8c0ee04ce344ceb084b4f2ef09b59a36a92b3874edc559e5bf58a567d385ba92df9121dfa257e60655dcbff581c75107b01b5baaf29ebaf24861c538fefcaecb52a6b69fc450e10645df60a9d50131466113c6aac5abbcf9e9f2f0384da3f9892af413bd87f51f7f0cf61096fd79327fa66effe89a72d7a75d40f0c1ad299f55eafcd52a39649ab6021e30f901933f11092"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000001400)=""/4106}, 0x18) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="34000000100001f8ffffff000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000c002b8008000100", @ANYRES32=r3, @ANYBLOB="08001b"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) 0s ago: executing program 4: r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0xfea7) madvise(&(0x7f0000000000/0x600000)=nil, 0xffffffffffffffff, 0x14) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xb, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffffdd, 0xa}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x98}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0xb5, 0x10, &(0x7f0000000000), 0x7, 0x0, 0xffffffffffffffff, 0x300}, 0x48) ioctl$USBDEVFS_CLEAR_HALT(r0, 0x80045505, &(0x7f00000000c0)={0x1}) kernel console output (not intermixed with test programs): [ 7.249581][ T188] iptables-restor (188) used greatest stack depth: 23096 bytes left [ 7.349514][ T23] audit: type=1400 audit(1718585501.840:30): avc: denied { search } for pid=198 comm="dhcpcd" name="/" dev="tmpfs" ino=1889 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 7.354512][ T23] audit: type=1400 audit(1718585501.840:31): avc: denied { write } for pid=198 comm="dhcpcd" name="/" dev="tmpfs" ino=1889 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 7.475519][ T204] dhcpcd-run-hook (204) used greatest stack depth: 22744 bytes left [ 14.807545][ T23] kauditd_printk_skb: 29 callbacks suppressed [ 14.807557][ T23] audit: type=1400 audit(1718585509.290:61): avc: denied { transition } for pid=286 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.813641][ T23] audit: type=1400 audit(1718585509.290:62): avc: denied { noatsecure } for pid=286 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.818080][ T23] audit: type=1400 audit(1718585509.300:63): avc: denied { write } for pid=286 comm="sh" path="pipe:[9737]" dev="pipefs" ino=9737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 14.822610][ T23] audit: type=1400 audit(1718585509.300:64): avc: denied { rlimitinh } for pid=286 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.826540][ T23] audit: type=1400 audit(1718585509.300:65): avc: denied { siginh } for pid=286 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.205' (ED25519) to the list of known hosts. 2024/06/17 00:51:57 fuzzer started 2024/06/17 00:51:57 dialing manager at 10.128.0.163:30000 [ 22.759425][ T23] audit: type=1400 audit(1718585517.240:66): avc: denied { node_bind } for pid=345 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 22.779968][ T23] audit: type=1400 audit(1718585517.250:67): avc: denied { name_bind } for pid=345 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 22.836324][ T23] audit: type=1400 audit(1718585517.320:68): avc: denied { mounton } for pid=354 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.838479][ T354] cgroup1: Unknown subsys name 'net' [ 22.859018][ T23] audit: type=1400 audit(1718585517.320:69): avc: denied { mount } for pid=354 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.890344][ T354] cgroup1: Unknown subsys name 'net_prio' [ 22.896586][ T354] cgroup1: Unknown subsys name 'devices' [ 22.902088][ T23] audit: type=1400 audit(1718585517.380:70): avc: denied { mounton } for pid=359 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.927090][ T23] audit: type=1400 audit(1718585517.380:71): avc: denied { mount } for pid=359 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 22.934752][ T358] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 22.950422][ T23] audit: type=1400 audit(1718585517.390:72): avc: denied { setattr } for pid=361 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=1858 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.981724][ T23] audit: type=1400 audit(1718585517.450:73): avc: denied { relabelto } for pid=358 comm="mkswap" name="swap-file" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.007233][ T23] audit: type=1400 audit(1718585517.450:74): avc: denied { write } for pid=358 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.032843][ T23] audit: type=1400 audit(1718585517.490:75): avc: denied { unmount } for pid=354 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.052829][ T357] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 23.172100][ T354] cgroup1: Unknown subsys name 'hugetlb' [ 23.177899][ T354] cgroup1: Unknown subsys name 'rlimit' 2024/06/17 00:51:57 starting 5 executor processes [ 23.842141][ T371] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.849122][ T371] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.856415][ T371] device bridge_slave_0 entered promiscuous mode [ 23.865542][ T371] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.872449][ T371] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.879836][ T371] device bridge_slave_1 entered promiscuous mode [ 23.985966][ T375] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.992861][ T375] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.000219][ T375] device bridge_slave_0 entered promiscuous mode [ 24.009895][ T375] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.016721][ T375] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.024547][ T375] device bridge_slave_1 entered promiscuous mode [ 24.073889][ T378] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.080892][ T378] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.088156][ T378] device bridge_slave_0 entered promiscuous mode [ 24.099610][ T378] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.106433][ T378] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.113977][ T378] device bridge_slave_1 entered promiscuous mode [ 24.159852][ T379] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.166683][ T379] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.174241][ T379] device bridge_slave_0 entered promiscuous mode [ 24.184965][ T379] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.191954][ T379] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.199375][ T379] device bridge_slave_1 entered promiscuous mode [ 24.240833][ T376] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.247667][ T376] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.255302][ T376] device bridge_slave_0 entered promiscuous mode [ 24.265899][ T376] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.272843][ T376] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.280164][ T376] device bridge_slave_1 entered promiscuous mode [ 24.443466][ T379] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.450318][ T379] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.457442][ T379] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.464214][ T379] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.475949][ T375] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.482793][ T375] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.489902][ T375] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.496665][ T375] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.525331][ T378] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.532183][ T378] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.539346][ T378] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.546169][ T378] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.554608][ T371] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.561449][ T371] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.568585][ T371] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.575323][ T371] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.611061][ T376] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.617894][ T376] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.625065][ T376] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.631897][ T376] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.654441][ T107] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.661712][ T107] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.668887][ T107] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.675861][ T107] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.683333][ T107] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.690609][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.697872][ T107] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.705240][ T107] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.712259][ T107] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.719436][ T107] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.726368][ T107] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.758368][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.766621][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.773553][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.781779][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.789923][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.797952][ T107] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.804790][ T107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.831673][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.839272][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.846489][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.855015][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.863224][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.871390][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.879271][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.886489][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.905565][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.913817][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.922132][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.928971][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.936381][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.944815][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.952981][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.959815][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.967040][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.975597][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.983953][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.990787][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.020931][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 25.028301][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.036026][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 25.044012][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.051780][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 25.060071][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.068004][ T363] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.074840][ T363] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.082016][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 25.090215][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.098266][ T363] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.105116][ T363] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.112370][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 25.120537][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.128680][ T363] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.135495][ T363] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.142722][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 25.150939][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.159155][ T363] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.166092][ T363] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.173333][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.181216][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.189179][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.197037][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.204904][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.212779][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.237343][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 25.245891][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.254864][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.261711][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.269005][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.277112][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.285289][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.293081][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.301221][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.308961][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.349322][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.357216][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.365385][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.373971][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.382111][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.390132][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.430374][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.438282][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.447773][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.455974][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.464758][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.472523][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.480293][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.488298][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.496637][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.504911][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.513482][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.521700][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.529802][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.537879][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.558416][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.566498][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.594309][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.603507][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.612896][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.621771][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.630244][ T394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.658166][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.666531][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.675095][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.684804][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.693289][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.701840][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.710280][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.718406][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.742289][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.751829][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.760193][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.768422][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.779503][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.788019][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.797257][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.356837][ T434] [ 26.362242][ T434] ********************************************************** [ 26.373871][ T434] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 26.381555][ T434] ** ** [ 26.391968][ T434] ** trace_printk() being used. Allocating extra memory. ** [ 26.399552][ T434] ** ** [ 26.408291][ T434] ** This means that this is a DEBUG kernel and it is ** [ 26.514168][ T434] ** unsafe for production use. ** [ 26.561001][ T434] ** ** [ 26.609120][ T432] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 26.635472][ T434] ** If you see this message and you are not debugging ** [ 26.646509][ T432] ext4 filesystem being mounted at /root/syzkaller-testdir1605331415/syzkaller.9riE3H/2/file0 supports timestamps until 2038 (0x7fffffff) [ 26.664781][ T434] ** the kernel, report this immediately to your vendor! ** [ 26.685517][ T432] EXT4-fs error (device loop4): ext4_search_dir:1509: inode #2: block 3: comm syz-executor.4: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0 [ 26.690869][ T439] syz-executor.1[439] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 26.690975][ T439] syz-executor.1[439] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 26.767645][ T434] ** ** [ 26.787973][ T434] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 26.834148][ T434] ********************************************************** [ 26.876733][ T432] syz-executor.4 (432) used greatest stack depth: 21816 bytes left [ 26.917241][ T371] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 3: comm syz-executor.4: path /root/syzkaller-testdir1605331415/syzkaller.9riE3H/2/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0 [ 26.961413][ T371] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 12: comm syz-executor.4: path /root/syzkaller-testdir1605331415/syzkaller.9riE3H/2/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 26.999105][ T371] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 13: comm syz-executor.4: path /root/syzkaller-testdir1605331415/syzkaller.9riE3H/2/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 27.029514][ T371] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 14: comm syz-executor.4: path /root/syzkaller-testdir1605331415/syzkaller.9riE3H/2/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 27.078775][ T371] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 15: comm syz-executor.4: path /root/syzkaller-testdir1605331415/syzkaller.9riE3H/2/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 27.112201][ T463] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 27.112287][ T371] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 16: comm syz-executor.4: path /root/syzkaller-testdir1605331415/syzkaller.9riE3H/2/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 27.150614][ T371] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 17: comm syz-executor.4: path /root/syzkaller-testdir1605331415/syzkaller.9riE3H/2/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 27.178284][ T371] EXT4-fs error (device loop4): ext4_map_blocks:617: inode #2: block 18: comm syz-executor.4: lblock 23 mapped to illegal pblock 18 (length 1) [ 27.199759][ T371] EXT4-fs error (device loop4): ext4_search_dir:1509: inode #2: block 3: comm syz-executor.4: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0 [ 27.491772][ T371] syz-executor.4 (371) used greatest stack depth: 20088 bytes left [ 27.859648][ T476] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 27.876790][ T476] ext4 filesystem being mounted at /root/syzkaller-testdir2320769152/syzkaller.3asXo0/6/file0 supports timestamps until 2038 (0x7fffffff) [ 27.894977][ T489] ------------[ cut here ]------------ [ 27.900279][ T489] WARNING: CPU: 0 PID: 489 at fs/inode.c:302 drop_nlink+0xbb/0x100 [ 27.907973][ T489] Modules linked in: [ 27.911716][ T489] CPU: 0 PID: 489 Comm: syz-executor.1 Not tainted 5.4.274-syzkaller-00002-g6f97bd951d82 #0 [ 27.921598][ T489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 27.931522][ T489] RIP: 0010:drop_nlink+0xbb/0x100 [ 27.936360][ T489] Code: 49 8b 1e 48 8d bb d0 04 00 00 be 08 00 00 00 e8 7b 9a f2 ff f0 48 ff 83 d0 04 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 e5 e1 c2 ff <0f> 0b eb 89 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c [ 27.955798][ T489] RSP: 0018:ffff8881e8097bd0 EFLAGS: 00010287 [ 27.961704][ T489] RAX: ffffffff81a15a3b RBX: 1ffff1103addef4a RCX: 0000000000040000 [ 27.969513][ T489] RDX: ffffc90000b43000 RSI: 0000000000000c27 RDI: 0000000000000c28 [ 27.977323][ T489] RBP: 0000000000000000 R08: ffffffff81a159bf R09: ffffed103dc26b61 [ 27.985135][ T489] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881d6ef7a50 [ 27.992950][ T489] R13: ffff8881edd957d8 R14: ffff8881d6ef7a08 R15: dffffc0000000000 [ 28.000968][ T489] FS: 00007eff4fc4b6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 28.009805][ T489] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.016226][ T489] CR2: 0000000000000000 CR3: 00000001d9aad000 CR4: 00000000003406b0 [ 28.024060][ T489] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 28.031849][ T489] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 28.039657][ T489] Call Trace: [ 28.042795][ T489] ? __warn+0x162/0x250 [ 28.046797][ T489] ? report_bug+0x3a1/0x4e0 [ 28.051123][ T489] ? drop_nlink+0xbb/0x100 [ 28.055380][ T489] ? drop_nlink+0xbb/0x100 [ 28.059626][ T489] ? do_invalid_op+0x6e/0x110 [ 28.064145][ T489] ? invalid_op+0x1e/0x30 [ 28.068302][ T489] ? drop_nlink+0x3f/0x100 [ 28.072563][ T489] ? drop_nlink+0xbb/0x100 [ 28.076809][ T489] ? drop_nlink+0xbb/0x100 [ 28.081068][ T489] ovl_do_remove+0x91f/0xc80 [ 28.085489][ T489] ? ovl_permission+0xd4/0x1f0 [ 28.088707][ T476] EXT4-fs error (device loop0): ext4_search_dir:1509: inode #2: block 3: comm syz-executor.0: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0 [ 28.090089][ T489] ? ovl_set_redirect+0x5f0/0x5f0 [ 28.090106][ T489] ? may_delete+0x53b/0x760 [ 28.119275][ T489] ? security_inode_unlink+0xca/0x110 [ 28.124458][ T489] vfs_unlink+0x315/0x510 [ 28.128628][ T489] do_unlinkat+0x430/0x8b0 [ 28.132884][ T489] ? fsnotify_link_count+0x80/0x80 [ 28.137829][ T489] ? getname_flags+0x1ec/0x4e0 [ 28.142424][ T489] do_syscall_64+0xca/0x1c0 [ 28.146764][ T489] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 28.152489][ T489] RIP: 0033:0x7eff508d0ea9 [ 28.156742][ T489] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 28.176183][ T489] RSP: 002b:00007eff4fc4b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 28.180160][ T490] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.184423][ T489] RAX: ffffffffffffffda RBX: 00007eff50a07f80 RCX: 00007eff508d0ea9 [ 28.184430][ T489] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 28.184443][ T489] RBP: 00007eff5093fff4 R08: 0000000000000000 R09: 0000000000000000 [ 28.204346][ T490] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.206901][ T489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 28.206908][ T489] R13: 000000000000000b R14: 00007eff50a07f80 R15: 00007ffcce2eeb48 [ 28.206922][ T489] ---[ end trace f0c35cfff88ac1c5 ]--- [ 28.226361][ T490] device bridge_slave_0 entered promiscuous mode [ 28.277615][ T490] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.292227][ T490] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.336389][ T23] kauditd_printk_skb: 62 callbacks suppressed [ 28.336401][ T23] audit: type=1400 audit(1718585522.820:138): avc: denied { create } for pid=495 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 28.383149][ T378] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 3: comm syz-executor.0: path /root/syzkaller-testdir2320769152/syzkaller.3asXo0/6/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0 [ 28.399157][ T490] device bridge_slave_1 entered promiscuous mode [ 28.443745][ T499] syz-executor.2 uses obsolete (PF_INET,SOCK_PACKET) [ 28.458661][ T23] audit: type=1400 audit(1718585522.860:139): avc: denied { write } for pid=495 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 28.495132][ T378] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 12: comm syz-executor.0: path /root/syzkaller-testdir2320769152/syzkaller.3asXo0/6/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 28.538583][ T23] audit: type=1400 audit(1718585522.980:140): avc: denied { create } for pid=498 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 28.610876][ T378] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 13: comm syz-executor.0: path /root/syzkaller-testdir2320769152/syzkaller.3asXo0/6/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 28.637711][ T503] syz-executor.2[503] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 28.637770][ T503] syz-executor.2[503] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 28.655474][ T23] audit: type=1326 audit(1718585523.140:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=501 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc610a54ea9 code=0x0 [ 28.691066][ T378] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 14: comm syz-executor.0: path /root/syzkaller-testdir2320769152/syzkaller.3asXo0/6/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 28.691070][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 28.691465][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.742494][ T378] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 15: comm syz-executor.0: path /root/syzkaller-testdir2320769152/syzkaller.3asXo0/6/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 28.768348][ T23] audit: type=1326 audit(1718585523.260:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=501 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc610a54ea9 code=0x0 [ 28.791745][ T378] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 16: comm syz-executor.0: path /root/syzkaller-testdir2320769152/syzkaller.3asXo0/6/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 28.817491][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 28.836690][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.848861][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.855696][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.863313][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 28.869399][ T378] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 17: comm syz-executor.0: path /root/syzkaller-testdir2320769152/syzkaller.3asXo0/6/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 28.872070][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.904094][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.910946][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.929272][ T378] EXT4-fs error (device loop0): ext4_map_blocks:617: inode #2: block 18: comm syz-executor.0: lblock 23 mapped to illegal pblock 18 (length 1) [ 28.943820][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 28.974800][ T378] EXT4-fs error (device loop0): ext4_search_dir:1509: inode #2: block 3: comm syz-executor.0: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0 [ 29.011547][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.030461][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.059973][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.081200][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.112956][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.170233][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.179782][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.209866][ T7] device bridge_slave_1 left promiscuous mode [ 29.217062][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.232500][ T7] device bridge_slave_0 left promiscuous mode [ 29.244973][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.395715][ T511] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 29.411640][ T23] audit: type=1400 audit(1718585523.880:143): avc: denied { ioctl } for pid=510 comm="syz-executor.2" path="/dev/kvm" dev="devtmpfs" ino=1134 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 29.602553][ T508] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.638546][ T508] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.652136][ T23] audit: type=1400 audit(1718585524.140:144): avc: denied { read write } for pid=510 comm="syz-executor.2" name="raw-gadget" dev="devtmpfs" ino=1858 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 29.679223][ T508] device bridge_slave_0 entered promiscuous mode [ 29.696860][ T508] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.716588][ T508] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.740351][ T508] device bridge_slave_1 entered promiscuous mode [ 29.757389][ T23] audit: type=1400 audit(1718585524.140:145): avc: denied { open } for pid=510 comm="syz-executor.2" path="/dev/raw-gadget" dev="devtmpfs" ino=1858 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 29.831224][ T23] audit: type=1400 audit(1718585524.140:146): avc: denied { ioctl } for pid=510 comm="syz-executor.2" path="/dev/raw-gadget" dev="devtmpfs" ino=1858 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 29.908436][ T23] audit: type=1400 audit(1718585524.140:147): avc: denied { create } for pid=510 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1 [ 29.937764][ T508] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.944648][ T508] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.951796][ T508] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.958655][ T508] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.039172][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.047086][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.063538][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.082017][ T521] F2FS-fs (loop4): Wrong segment_count / block_count (64 > 16384) [ 30.094807][ T521] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 30.112327][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.123376][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.130235][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.138220][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.147409][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.154272][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.163555][ T521] F2FS-fs (loop4): Found nat_bits in checkpoint [ 30.227281][ T521] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 30.241581][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 30.259193][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 30.266816][ T521] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 30.301949][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.322750][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.339968][ T490] attempt to access beyond end of device [ 30.339968][ T490] loop4: rw=2049, want=45104, limit=40427 [ 30.389565][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.431716][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 30.460845][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 30.612942][ T535] FAT-fs (loop0): "posix" option is obsolete, not supported now [ 30.648688][ T7] device bridge_slave_1 left promiscuous mode [ 30.654672][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.668659][ T7] device bridge_slave_0 left promiscuous mode [ 30.678620][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.103022][ T540] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 31.119926][ T540] ext4 filesystem being mounted at /root/syzkaller-testdir3981168059/syzkaller.HYIWFV/3/file0 supports timestamps until 2038 (0x7fffffff) [ 31.159210][ T544] tc_dump_action: action bad kind [ 31.165749][ T540] EXT4-fs error (device loop4): ext4_search_dir:1509: inode #2: block 3: comm syz-executor.4: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0 [ 31.290381][ T553] SELinux: Context system_u:object_r:apt_var_lib_t:s0 is not valid (left unmapped). [ 31.427800][ T490] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 3: comm syz-executor.4: path /root/syzkaller-testdir3981168059/syzkaller.HYIWFV/3/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0 [ 31.468970][ T555] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 31.478158][ T555] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 31.485300][ T555] EXT4-fs (loop2): can't mount with dioread_nolock if block size != PAGE_SIZE [ 31.494419][ T490] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 12: comm syz-executor.4: path /root/syzkaller-testdir3981168059/syzkaller.HYIWFV/3/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 31.528858][ T490] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 13: comm syz-executor.4: path /root/syzkaller-testdir3981168059/syzkaller.HYIWFV/3/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 31.555621][ T490] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 14: comm syz-executor.4: path /root/syzkaller-testdir3981168059/syzkaller.HYIWFV/3/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 31.580841][ T490] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 15: comm syz-executor.4: path /root/syzkaller-testdir3981168059/syzkaller.HYIWFV/3/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 31.609611][ T490] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 16: comm syz-executor.4: path /root/syzkaller-testdir3981168059/syzkaller.HYIWFV/3/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 31.658737][ T490] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 17: comm syz-executor.4: path /root/syzkaller-testdir3981168059/syzkaller.HYIWFV/3/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 31.708758][ T490] EXT4-fs error (device loop4): ext4_map_blocks:617: inode #2: block 18: comm syz-executor.4: lblock 23 mapped to illegal pblock 18 (length 1) [ 31.719557][ T564] ====================================================== [ 31.719557][ T564] WARNING: the mand mount option is being deprecated and [ 31.719557][ T564] will be removed in v5.15! [ 31.719557][ T564] ====================================================== [ 31.740827][ T490] EXT4-fs error (device loop4): ext4_search_dir:1509: inode #2: block 3: comm syz-executor.4: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0 [ 31.850260][ T508] FAT-fs (loop0): error, invalid access to FAT (entry 0x000004ff) [ 32.283846][ T570] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.298537][ T570] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.314812][ T570] device bridge_slave_0 entered promiscuous mode [ 32.330537][ T570] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.337367][ T570] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.384656][ T570] device bridge_slave_1 entered promiscuous mode [ 32.546094][ T7] device bridge_slave_1 left promiscuous mode [ 32.554215][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.568946][ T7] device bridge_slave_0 left promiscuous mode [ 32.574917][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.604687][ T580] erofs: (device loop2): mounted with opts: , root inode @ nid 36. [ 32.650702][ T580] attempt to access beyond end of device [ 32.650702][ T580] loop2: rw=0, want=34359738368, limit=16 [ 32.679033][ T580] attempt to access beyond end of device [ 32.679033][ T580] loop2: rw=0, want=34359738368, limit=16 [ 32.741187][ T571] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.748027][ T571] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.772874][ T571] device bridge_slave_0 entered promiscuous mode [ 32.782927][ T571] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.789971][ T571] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.797488][ T571] device bridge_slave_1 entered promiscuous mode [ 33.240039][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.247409][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.256078][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 33.265536][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 33.273799][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.280652][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.288325][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 33.308939][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.317013][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.323867][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.381332][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 33.400093][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.407986][ T393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.454474][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.482933][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.521527][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 33.541468][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.551857][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.583375][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 33.593839][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 33.645623][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 33.669085][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 33.677152][ T398] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.684023][ T398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.718657][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 33.726913][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 33.750939][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 33.768925][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.777032][ T398] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.783895][ T398] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.819289][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 33.841887][ T23] kauditd_printk_skb: 12 callbacks suppressed [ 33.841898][ T23] audit: type=1400 audit(1718585528.330:160): avc: denied { setopt } for pid=591 comm="syz-executor.2" lport=7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 33.892962][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 33.910029][ T23] audit: type=1400 audit(1718585528.390:161): avc: denied { connect } for pid=591 comm="syz-executor.2" lport=7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 33.931633][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.949066][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 33.957432][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.969789][ T594] syz-executor.2 (pid 594) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 33.979155][ T23] audit: type=1400 audit(1718585528.390:162): avc: denied { write } for pid=591 comm="syz-executor.2" laddr=::1 lport=7 faddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 34.019975][ T594] fscrypt: Adiantum using implementation "adiantum(xchacha12-simd,aes-aesni,nhpoly1305-generic)" [ 34.044542][ T594] EXT4-fs (sda1): re-mounted. Opts: (null) [ 34.051342][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 34.062857][ T23] audit: type=1400 audit(1718585528.500:163): avc: denied { mounton } for pid=570 comm="syz-executor.4" path="/dev/binderfs" dev="devtmpfs" ino=12334 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 34.068367][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 34.149688][ T23] audit: type=1400 audit(1718585528.590:164): avc: denied { create } for pid=601 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 34.252306][ T606] ------------[ cut here ]------------ [ 34.257604][ T606] WARNING: CPU: 1 PID: 606 at fs/inode.c:302 drop_nlink+0xbb/0x100 [ 34.265305][ T606] Modules linked in: [ 34.269046][ T606] CPU: 1 PID: 606 Comm: syz-executor.4 Tainted: G W 5.4.274-syzkaller-00002-g6f97bd951d82 #0 [ 34.280324][ T606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 34.290231][ T606] RIP: 0010:drop_nlink+0xbb/0x100 [ 34.295083][ T606] Code: 49 8b 1e 48 8d bb d0 04 00 00 be 08 00 00 00 e8 7b 9a f2 ff f0 48 ff 83 d0 04 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 e5 e1 c2 ff <0f> 0b eb 89 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c [ 34.314524][ T606] RSP: 0018:ffff8881e6e8fbd0 EFLAGS: 00010287 [ 34.320430][ T606] RAX: ffffffff81a15a3b RBX: 1ffff1103adcf07a RCX: 0000000000040000 [ 34.328234][ T606] RDX: ffffc90001749000 RSI: 0000000000000ab0 RDI: 0000000000000ab1 [ 34.336059][ T606] RBP: 0000000000000000 R08: ffffffff81a159bf R09: ffffed103ba1b981 [ 34.343862][ T606] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881d6e783d0 [ 34.351669][ T606] R13: ffff8881f1236f48 R14: ffff8881d6e78388 R15: dffffc0000000000 [ 34.359480][ T606] FS: 00007f4bce1976c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 34.368245][ T606] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.374668][ T606] CR2: 0000001b2f337000 CR3: 00000001e118e000 CR4: 00000000003406a0 [ 34.382478][ T606] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.390331][ T606] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.398097][ T606] Call Trace: [ 34.401236][ T606] ? __warn+0x162/0x250 [ 34.405221][ T606] ? report_bug+0x3a1/0x4e0 [ 34.409561][ T606] ? drop_nlink+0xbb/0x100 [ 34.413814][ T606] ? drop_nlink+0xbb/0x100 [ 34.418068][ T606] ? do_invalid_op+0x6e/0x110 [ 34.422668][ T606] ? invalid_op+0x1e/0x30 [ 34.426833][ T606] ? drop_nlink+0x3f/0x100 [ 34.431082][ T606] ? drop_nlink+0xbb/0x100 [ 34.435338][ T606] ? drop_nlink+0xbb/0x100 [ 34.439596][ T606] ovl_do_remove+0x91f/0xc80 [ 34.444019][ T606] ? ovl_permission+0xd4/0x1f0 [ 34.448623][ T606] ? ovl_set_redirect+0x5f0/0x5f0 [ 34.453478][ T606] ? may_delete+0x53b/0x760 [ 34.457817][ T606] ? security_inode_unlink+0xca/0x110 [ 34.463029][ T606] vfs_unlink+0x315/0x510 [ 34.467195][ T606] do_unlinkat+0x430/0x8b0 [ 34.471462][ T606] ? fsnotify_link_count+0x80/0x80 [ 34.476407][ T606] ? getname_flags+0x1ec/0x4e0 [ 34.480995][ T606] do_syscall_64+0xca/0x1c0 [ 34.485331][ T606] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 34.491058][ T606] RIP: 0033:0x7f4bcee1cea9 [ 34.495313][ T606] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 34.514752][ T606] RSP: 002b:00007f4bce1970c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 34.522997][ T606] RAX: ffffffffffffffda RBX: 00007f4bcef53f80 RCX: 00007f4bcee1cea9 [ 34.530807][ T606] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 34.538622][ T606] RBP: 00007f4bcee8bff4 R08: 0000000000000000 R09: 0000000000000000 [ 34.546426][ T606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 34.554240][ T606] R13: 000000000000000b R14: 00007f4bcef53f80 R15: 00007ffc46a05598 [ 34.562143][ T606] ---[ end trace f0c35cfff88ac1c6 ]--- [ 34.578776][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 34.586616][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 34.618612][ T23] audit: type=1400 audit(1718585528.640:165): avc: denied { read } for pid=601 comm="syz-executor.4" path="socket:[13689]" dev="sockfs" ino=13689 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 34.678936][ T23] audit: type=1400 audit(1718585528.660:166): avc: denied { setopt } for pid=603 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 34.701387][ T23] audit: type=1400 audit(1718585528.660:167): avc: denied { map } for pid=603 comm="syz-executor.2" path="socket:[13268]" dev="sockfs" ino=13268 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 34.727437][ T376] FAT-fs (loop2): error, invalid access to FAT (entry 0x000004ff) [ 34.748617][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 34.769368][ T23] audit: type=1400 audit(1718585528.660:168): avc: denied { read } for pid=603 comm="syz-executor.2" path="socket:[13268]" dev="sockfs" ino=13268 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 34.770111][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 34.818565][ T23] audit: type=1400 audit(1718585529.070:169): avc: denied { read } for pid=607 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 35.033656][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 35.049309][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 35.149438][ T620] tmpfs: Bad value for 'nr_blocks' [ 35.324048][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 35.333099][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 35.361505][ T376] syz-executor.2 (376) used greatest stack depth: 19768 bytes left [ 35.448668][ T18] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 35.623676][ T7] device bridge_slave_1 left promiscuous mode [ 35.632797][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.641256][ T7] device bridge_slave_0 left promiscuous mode [ 35.647342][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.657575][ T636] EXT4-fs (sda1): re-mounted. Opts: (null) [ 35.728654][ T18] usb 5-1: no configurations [ 35.733071][ T18] usb 5-1: can't read configurations, error -22 [ 35.898630][ T18] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 36.288808][ T18] usb 5-1: no configurations [ 36.293336][ T18] usb 5-1: can't read configurations, error -22 [ 36.308326][ T18] usb usb5-port1: attempt power cycle [ 36.324748][ T639] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.348541][ T639] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.356103][ T639] device bridge_slave_0 entered promiscuous mode [ 36.364267][ T639] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.371122][ T639] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.378639][ T639] device bridge_slave_1 entered promiscuous mode [ 36.463833][ T639] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.470712][ T639] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.477820][ T639] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.484589][ T639] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.561830][ T621] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.572409][ T621] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.588442][ T621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 36.604195][ T621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 36.639691][ T533] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 36.652024][ T533] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.658889][ T533] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.681900][ T533] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 36.699542][ T533] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.706425][ T533] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.728711][ T18] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 36.833350][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 36.849061][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 36.897398][ T621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 36.928608][ T18] usb 5-1: no configurations [ 36.935670][ T18] usb 5-1: can't read configurations, error -22 [ 36.970636][ T621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 36.987906][ T621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 37.018494][ T533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 37.037856][ T533] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 37.340760][ T18] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 37.403120][ T661] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 37.429417][ T661] tipc: Started in network mode [ 37.434154][ T661] tipc: Own node identity 6, cluster identity 4711 [ 37.448599][ T661] tipc: 32-bit node address hash set to 6 [ 37.468612][ T18] usb 5-1: no configurations [ 37.473082][ T18] usb 5-1: can't read configurations, error -22 [ 37.492756][ T18] usb usb5-port1: unable to enumerate USB device [ 37.609046][ T7] device bridge_slave_1 left promiscuous mode [ 37.615636][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.635493][ T7] device bridge_slave_0 left promiscuous mode [ 37.645343][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.886223][ T675] EXT4-fs (sda1): re-mounted. Opts: (null) [ 38.177996][ T689] tc_dump_action: action bad kind [ 38.205496][ T692] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 39.084670][ T709] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.101774][ T709] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.119173][ T709] device bridge_slave_0 entered promiscuous mode [ 39.138730][ T709] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.155686][ T709] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.164217][ T709] device bridge_slave_1 entered promiscuous mode [ 39.368439][ T709] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.375294][ T709] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.382536][ T709] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.389376][ T709] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.455608][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.472890][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.521718][ T726] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 39.601476][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 39.609420][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.639767][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 39.648091][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.671776][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.678637][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.709013][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 39.717452][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.726625][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.733473][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.742536][ T497] device bridge_slave_1 left promiscuous mode [ 39.748476][ T497] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.760361][ T23] kauditd_printk_skb: 483 callbacks suppressed [ 39.760372][ T23] audit: type=1400 audit(1718585534.250:653): avc: denied { connect } for pid=736 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 39.798699][ T497] device bridge_slave_0 left promiscuous mode [ 39.804667][ T497] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.830142][ T23] audit: type=1400 audit(1718585534.320:654): avc: denied { setopt } for pid=736 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 40.045994][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 40.053776][ T23] audit: type=1400 audit(1718585534.530:655): avc: denied { create } for pid=747 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 40.089303][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.097217][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 40.106082][ T23] audit: type=1400 audit(1718585534.570:656): avc: denied { bind } for pid=747 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 40.119140][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.126349][ T394] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 40.161622][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 40.166681][ T23] audit: type=1400 audit(1718585534.600:657): avc: denied { connect } for pid=747 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 40.178982][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.218565][ T23] audit: type=1400 audit(1718585534.610:658): avc: denied { read } for pid=747 comm="syz-executor.4" name="ppp" dev="devtmpfs" ino=9266 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 40.219001][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 40.268542][ T23] audit: type=1400 audit(1718585534.610:659): avc: denied { open } for pid=747 comm="syz-executor.4" path="/dev/ppp" dev="devtmpfs" ino=9266 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 40.279027][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.312141][ T23] audit: type=1400 audit(1718585534.630:660): avc: denied { ioctl } for pid=747 comm="syz-executor.4" path="/dev/ppp" dev="devtmpfs" ino=9266 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 40.328674][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 40.360604][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.388747][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 40.396916][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.429632][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 40.437764][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.448689][ T394] usb 3-1: device descriptor read/64, error 18 [ 40.592190][ T23] audit: type=1400 audit(1718585535.080:661): avc: denied { mounton } for pid=755 comm="syz-executor.4" path="/root/syzkaller-testdir1558010211/syzkaller.EGUPr8/23/file1/file0" dev="loop4" ino=26 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 40.670869][ T570] FAT-fs (loop4): error, invalid access to FAT (entry 0x000004ff) [ 40.804545][ T23] audit: type=1326 audit(1718585535.290:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=763 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff80fd1eea9 code=0x7ffc0000 [ 40.898551][ T394] usb 3-1: device descriptor read/64, error 18 [ 41.168625][ T394] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 41.305440][ T784] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 41.411361][ T497] device bridge_slave_1 left promiscuous mode [ 41.427426][ T497] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.435720][ T497] device bridge_slave_0 left promiscuous mode [ 41.441773][ T497] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.449085][ T394] usb 3-1: device descriptor read/64, error 18 [ 41.470162][ T788] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 41.626433][ T782] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.646143][ T782] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.666969][ T782] device bridge_slave_0 entered promiscuous mode [ 41.674174][ T782] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.681047][ T782] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.689542][ T782] device bridge_slave_1 entered promiscuous mode [ 41.770520][ T782] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.777378][ T782] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.784605][ T782] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.791441][ T782] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.838638][ T394] usb 3-1: device descriptor read/64, error 18 [ 41.894419][ T398] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.905081][ T398] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.921710][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.936844][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.959966][ T394] usb usb3-port1: attempt power cycle [ 41.965602][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.983530][ T398] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.990406][ T398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.013045][ T398] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.029537][ T398] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.036399][ T398] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.055218][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.069338][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.091618][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.105733][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.140317][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.156929][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.173232][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.391348][ T394] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 42.488809][ T394] usb 3-1: Invalid ep0 maxpacket: 0 [ 42.678602][ T394] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 42.808707][ T394] usb 3-1: device descriptor read/8, error -71 [ 43.019065][ T394] usb 3-1: device descriptor read/8, error -71 [ 43.173888][ T829] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 43.216003][ T394] usb usb3-port1: unable to enumerate USB device [ 43.638864][ T844] cgroup: syz-executor.0 (844) created nested cgroup for controller "memory" which has incomplete hierarchy support. Nested cgroups may change behavior in the future. [ 43.655486][ T844] cgroup: "memory" requires setting use_hierarchy to 1 on the root [ 43.729680][ T844] 9pnet: Insufficient options for proto=fd [ 43.915908][ T846] capability: warning: `syz-executor.4' uses deprecated v2 capabilities in a way that may be insecure [ 44.673208][ T864] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 45.346140][ T885] 9pnet: Insufficient options for proto=fd [ 46.069737][ T23] kauditd_printk_skb: 194 callbacks suppressed [ 46.069748][ T23] audit: type=1400 audit(1718585540.560:857): avc: denied { read } for pid=890 comm="syz-executor.4" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 46.076612][ T893] FAT-fs (loop0): Directory bread(block 64) failed [ 46.109662][ T893] FAT-fs (loop0): Directory bread(block 65) failed [ 46.116040][ T893] FAT-fs (loop0): Directory bread(block 66) failed [ 46.122446][ T893] FAT-fs (loop0): Directory bread(block 67) failed [ 46.129469][ T893] FAT-fs (loop0): Directory bread(block 68) failed [ 46.137784][ T893] FAT-fs (loop0): Directory bread(block 69) failed [ 46.144888][ T893] FAT-fs (loop0): Directory bread(block 70) failed [ 46.155183][ T893] FAT-fs (loop0): Directory bread(block 71) failed [ 46.169388][ T893] FAT-fs (loop0): Directory bread(block 72) failed [ 46.175711][ T893] FAT-fs (loop0): Directory bread(block 73) failed [ 46.333474][ T23] audit: type=1400 audit(1718585540.820:858): avc: denied { ioctl } for pid=902 comm="syz-executor.0" path="socket:[16324]" dev="sockfs" ino=16324 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 46.397861][ T23] audit: type=1400 audit(1718585540.820:859): avc: denied { write } for pid=902 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 46.450591][ T23] audit: type=1400 audit(1718585540.930:860): avc: denied { shutdown } for pid=908 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 46.497793][ T23] audit: type=1326 audit(1718585540.940:861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=910 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff24669dea9 code=0x7ffc0000 [ 46.625444][ T23] audit: type=1326 audit(1718585540.940:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=910 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff24669dea9 code=0x7ffc0000 [ 46.678553][ T23] audit: type=1326 audit(1718585540.960:863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=910 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff24669dea9 code=0x7ffc0000 [ 46.789628][ T23] audit: type=1326 audit(1718585540.960:864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=910 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff24669dea9 code=0x7ffc0000 [ 46.936725][ T23] audit: type=1326 audit(1718585540.960:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=910 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff24669dea9 code=0x7ffc0000 [ 46.960759][ T23] audit: type=1326 audit(1718585540.980:866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=910 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff24669dea9 code=0x7ffc0000 [ 47.002909][ T924] FAT-fs (loop0): Directory bread(block 64) failed [ 47.019223][ T924] FAT-fs (loop0): Directory bread(block 65) failed [ 47.025692][ T924] FAT-fs (loop0): Directory bread(block 66) failed [ 47.038647][ T924] FAT-fs (loop0): Directory bread(block 67) failed [ 47.049213][ T924] FAT-fs (loop0): Directory bread(block 68) failed [ 47.064803][ T924] FAT-fs (loop0): Directory bread(block 69) failed [ 47.081445][ T924] FAT-fs (loop0): Directory bread(block 70) failed [ 47.097067][ T924] FAT-fs (loop0): Directory bread(block 71) failed [ 47.103946][ T924] FAT-fs (loop0): Directory bread(block 72) failed [ 47.116644][ T924] FAT-fs (loop0): Directory bread(block 73) failed [ 47.611576][ T941] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 47.635603][ T945] erofs: (device loop0): mounted with opts: , root inode @ nid 36. [ 48.900685][ T966] FAT-fs (loop0): Directory bread(block 64) failed [ 48.914336][ T966] FAT-fs (loop0): Directory bread(block 65) failed [ 48.928094][ T966] FAT-fs (loop0): Directory bread(block 66) failed [ 48.938568][ T966] FAT-fs (loop0): Directory bread(block 67) failed [ 48.944932][ T966] FAT-fs (loop0): Directory bread(block 68) failed [ 48.970189][ T966] FAT-fs (loop0): Directory bread(block 69) failed [ 48.976559][ T966] FAT-fs (loop0): Directory bread(block 70) failed [ 48.998620][ T966] FAT-fs (loop0): Directory bread(block 71) failed [ 49.006100][ T966] FAT-fs (loop0): Directory bread(block 72) failed [ 49.018562][ T966] FAT-fs (loop0): Directory bread(block 73) failed [ 49.479437][ T978] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 49.498673][ T978] ext4 filesystem being mounted at /root/syzkaller-testdir1874033848/syzkaller.E0JNmA/49/file0 supports timestamps until 2038 (0x7fffffff) [ 50.764212][ T1004] 9pnet: Insufficient options for proto=fd [ 51.602412][ T1024] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv1,bsddf,barrier=0x0000000000000000,norecovery,debug_want_extra_isize=0x0000000000000080,min_batch_time=0x0000000000000006,nodelalloc,acl,noinit_itable,,errors=continue [ 51.738113][ T23] kauditd_printk_skb: 25 callbacks suppressed [ 51.738125][ T23] audit: type=1400 audit(1718585546.220:892): avc: denied { create } for pid=1028 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 51.838542][ T23] audit: type=1400 audit(1718585546.260:893): avc: denied { getopt } for pid=1028 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 51.925713][ T1033] EXT4-fs (loop4): Mount option "nouser_xattr" will be removed by 3.5 [ 51.925713][ T1033] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 51.925713][ T1033] [ 51.978689][ T1033] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 51.999784][ T1033] EXT4-fs (loop4): can't mount with commit=184467440737095514, fs mounted w/o journal [ 52.239437][ T1038] EXT4-fs (loop4): Ignoring removed orlov option [ 52.253159][ T1038] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 52.302501][ T1038] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue [ 52.344565][ T23] audit: type=1400 audit(1718585546.830:894): avc: denied { mounton } for pid=1037 comm="syz-executor.4" path="/root/syzkaller-testdir3054845161/syzkaller.8BNqrJ/43/file1/file0/bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 52.357686][ T1038] EXT4-fs error (device loop4): get_max_inline_xattr_value_size:68: inode #12: comm syz-executor.4: corrupt xattr in inline inode [ 52.409312][ T23] audit: type=1400 audit(1718585546.830:895): avc: denied { map } for pid=1037 comm="syz-executor.4" path="/root/syzkaller-testdir3054845161/syzkaller.8BNqrJ/43/file1/file0/bus" dev="devtmpfs" ino=9200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 52.428462][ T1038] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2221: inode #12: comm syz-executor.4: corrupted in-inode xattr [ 52.483594][ T23] audit: type=1400 audit(1718585546.970:896): avc: denied { ioctl } for pid=1055 comm="syz-executor.0" path="pid:[4026532357]" dev="nsfs" ino=4026532357 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 52.522388][ T782] ================================================================== [ 52.530281][ T782] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xc1f/0xc30 [ 52.538087][ T782] Read of size 4 at addr ffff8881ee3e6000 by task syz-executor.4/782 [ 52.545975][ T782] [ 52.548168][ T782] CPU: 1 PID: 782 Comm: syz-executor.4 Tainted: G W 5.4.274-syzkaller-00002-g6f97bd951d82 #0 [ 52.558550][ T23] audit: type=1400 audit(1718585547.000:897): avc: denied { rmdir } for pid=782 comm="syz-executor.4" name="lost+found" dev="loop4" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 52.559433][ T782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 52.591802][ T782] Call Trace: [ 52.594942][ T782] dump_stack+0x1d8/0x241 [ 52.599104][ T782] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 52.599487][ T23] audit: type=1400 audit(1718585547.000:898): avc: denied { unlink } for pid=782 comm="syz-executor.4" name="file0" dev="loop4" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 52.604742][ T782] ? printk+0xd1/0x111 2024/06/17 00:52:27 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 52.627110][ T23] audit: type=1400 audit(1718585547.000:899): avc: denied { unlink } for pid=782 comm="syz-executor.4" name="file1" dev="loop4" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 52.630869][ T782] ? ext4_xattr_delete_inode+0xc1f/0xc30 [ 52.630880][ T782] print_address_description+0x8c/0x600 [ 52.630894][ T782] ? ext4_xattr_delete_inode+0xc1f/0xc30 [ 52.630903][ T782] __kasan_report+0xf3/0x120 [ 52.630913][ T782] ? ext4_xattr_delete_inode+0xc1f/0xc30 [ 52.630922][ T782] kasan_report+0x30/0x60 [ 52.630932][ T782] ext4_xattr_delete_inode+0xc1f/0xc30 [ 52.630946][ T782] ? check_preemption_disabled+0x9f/0x320 [ 52.630957][ T782] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 52.630970][ T782] ? __ext4_journal_start_sb+0x295/0x460 [ 52.630980][ T782] ext4_evict_inode+0x1378/0x1ac0 [ 52.630999][ T782] ? ext4_truncate_restart_trans+0xe0/0xe0 [ 52.653531][ T23] audit: type=1400 audit(1718585547.010:900): avc: denied { unmount } for pid=782 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 52.658902][ T782] ? wb_io_lists_depopulated+0x85/0x170 [ 52.658919][ T782] ? ext4_truncate_restart_trans+0xe0/0xe0 [ 52.747349][ T782] evict+0x29b/0x6a0 [ 52.751083][ T782] vfs_rmdir+0x24b/0x3c0 [ 52.755153][ T782] do_rmdir+0x2c1/0x580 [ 52.759144][ T782] ? d_delete_notify+0xc0/0xc0 [ 52.763746][ T782] ? _raw_spin_unlock_irq+0x4a/0x60 [ 52.768780][ T782] do_syscall_64+0xca/0x1c0 [ 52.773130][ T782] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 52.778847][ T782] RIP: 0033:0x7ff24669d687 [ 52.783122][ T782] C