last executing test programs:

39.889118002s ago: executing program 2:
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
recvmsg(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/249, 0xf9}], 0x1}, 0x0)
close(r0)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x810100, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1, 0x0, 0x0, 0x3}, 0x0)

39.6520908s ago: executing program 2:
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pidfd_send_signal(r1, 0x0, &(0x7f00000000c0), 0x0)

39.415812569s ago: executing program 2:
ptrace(0x10, 0x1)
r0 = inotify_init1(0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x0, 0x4}, 0x48)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
fcntl$getownex(r0, 0x10, &(0x7f0000000380)={0x0, <r1=>0x0})
ptrace$getenv(0x4203, r1, 0x0, &(0x7f0000000000))

14.373993085s ago: executing program 2:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x8413, &(0x7f0000000080)={[{@noload}, {@discard}, {@nogrpid}, {@noblock_validity}]}, 0x0, 0x50e, &(0x7f0000000a40)="$eJzs3c9rHG0dAPDvbLJ5myZ9k1c96Au+b7WVtGh3k4a2wUOtIHoqqPVeY7IJIZtsyW7aJhSb4h8giKjgSS9eBP8AQQpePIpQ0LOiooi2elDQjuzubJomu0nedJtNk88HpvP82Jnv8zSZ2XlmJjMBnFg3sul5mqYXI2IkK89l0yfrmY2IsxHx7OmDmfqURJre+nsSSVbWWlfa8FYMNRdprOCrX4r4RrIzbnVtfXG6XC6tZPlibelOsbq2fmlhaXq+NF9anpycuDp1berK1PirdG9uKEuciYjrX/jz9779ky9e/8Vn7v3h9l8vfDNptvlhbOvHB9S/W2Wz6/k4ta1s5YDBjqL+rYnB/S3zKPsVAQDgcNWPSz+UHedfjJHo2/1wFgAAAHgDpZ8bjv8mrWt3Owx0KAcAAADeILmIGI4kV8ju9x2OXK5QiMY9vB+J07lypVr79FxldXm2XhcxGvnc3EK5NJ7dKzwa+aSen2ikX+Qvb8tPRsQ7EfHdkcFGvjBTKc/2+uQHAAAAnBBD28b//xppjv8BAACAY2a01w0AAAAAXjvjfwAAADj+jP8BAADgWPvyzZv1KW29/3r27trqYuXupdlSdbGwtDpTmKms3CnMVyrzjWf2Le26ss1XBy6v3i/WStVasbq2fnupsrpcu73w0iuwAQAAgEP0zvuPf5dExMZnBxtT3cCW+v9k7wnoWQOB12bzlF0k2Xxg54d+/3Zz/qdDahRwKPp63QCgZ/p73QCgZ/K9bgDQc8ke9R1v3vl1Nv9Ed9sDAAB039jHOl//z+265Mbu1cCRZyOGk8v1fzi5Gtf/29zy15aDBThW8o4A4MR75ev/e/I3RAAA0GvDjSnJFbLTe8ORyxUKEWcarwXIJ3ML5dJ4RLwdEb8dyb9Vz080lkz2HDMAAAAAAAAAAAAAAAAAAAAAAAAAAE1pmkQKAAAAHGsRub8kv2w+y39s5Pzw9vMDA8m/RyJ7Rei9H976/v3pWm1lol7+j83y2g+y8su9OIMBAAAAbNcap7fG8QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQTc+ePphpTYcZ92+fj4jRdvH741RjfiryEXH6n0n0b1kuiYi+LsTfeBQRH20XP6k3azNku/iDrz9+jGb/C+3iD3UhPpxkj+v7nxvttr9cnG3M229//REv5Q+q8/4vNvd/fR22/zP7jPHuk58VO8Z/FPFuf/v9Tyt+0iH+uX3G//rX1tc71aU/ihhr+/2TvBSrWFu6U6yurV9aWJqeL82XlicnJ65OXZu6MjVenFsol7J/28b4zsd//ny3/p/uEH90j/6f32f///fk/tMPN5P5dvEvnGsT/1c/zj6xM34u++77VJau14+10hvN9Fbv/fQ37+3W/9kO/d/r539hn/2/+JVv/XGfHwUADkF1bX1xulwurRzbRH2UfgSaIXEEEw93Vr0fB15hmqZpfZt6hYYlB4/enUSyWdLrPRMAANBtL47+e90SAAAAAAAAAAAAAAAAAAAAOLkO47li22NubKaSbjxCGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgK/4fAAD//1X76Tc=")
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000080), &(0x7f0000000200)}, 0x20)
quotactl$Q_QUOTAON(0xffffffff80000202, &(0x7f0000000000)=@filename='\x00', 0x0, &(0x7f0000000080)='./file0\x00')

13.558024253s ago: executing program 2:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x8413, &(0x7f0000000080)={[{@noload}, {@discard}, {@nogrpid}, {@noblock_validity}]}, 0x0, 0x50e, &(0x7f0000000a40)="$eJzs3c9rHG0dAPDvbLJ5myZ9k1c96Au+b7WVtGh3k4a2wUOtIHoqqPVeY7IJIZtsyW7aJhSb4h8giKjgSS9eBP8AQQpePIpQ0LOiooi2elDQjuzubJomu0nedJtNk88HpvP82Jnv8zSZ2XlmJjMBnFg3sul5mqYXI2IkK89l0yfrmY2IsxHx7OmDmfqURJre+nsSSVbWWlfa8FYMNRdprOCrX4r4RrIzbnVtfXG6XC6tZPlibelOsbq2fmlhaXq+NF9anpycuDp1berK1PirdG9uKEuciYjrX/jz9779ky9e/8Vn7v3h9l8vfDNptvlhbOvHB9S/W2Wz6/k4ta1s5YDBjqL+rYnB/S3zKPsVAQDgcNWPSz+UHedfjJHo2/1wFgAAAHgDpZ8bjv8mrWt3Owx0KAcAAADeILmIGI4kV8ju9x2OXK5QiMY9vB+J07lypVr79FxldXm2XhcxGvnc3EK5NJ7dKzwa+aSen2ikX+Qvb8tPRsQ7EfHdkcFGvjBTKc/2+uQHAAAAnBBD28b//xppjv8BAACAY2a01w0AAAAAXjvjfwAAADj+jP8BAADgWPvyzZv1KW29/3r27trqYuXupdlSdbGwtDpTmKms3CnMVyrzjWf2Le26ss1XBy6v3i/WStVasbq2fnupsrpcu73w0iuwAQAAgEP0zvuPf5dExMZnBxtT3cCW+v9k7wnoWQOB12bzlF0k2Xxg54d+/3Zz/qdDahRwKPp63QCgZ/p73QCgZ/K9bgDQc8ke9R1v3vl1Nv9Ed9sDAAB039jHOl//z+265Mbu1cCRZyOGk8v1fzi5Gtf/29zy15aDBThW8o4A4MR75ev/e/I3RAAA0GvDjSnJFbLTe8ORyxUKEWcarwXIJ3ML5dJ4RLwdEb8dyb9Vz080lkz2HDMAAAAAAAAAAAAAAAAAAAAAAAAAAE1pmkQKAAAAHGsRub8kv2w+y39s5Pzw9vMDA8m/RyJ7Rei9H976/v3pWm1lol7+j83y2g+y8su9OIMBAAAAbNcap7fG8QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQTc+ePphpTYcZ92+fj4jRdvH741RjfiryEXH6n0n0b1kuiYi+LsTfeBQRH20XP6k3azNku/iDrz9+jGb/C+3iD3UhPpxkj+v7nxvttr9cnG3M229//REv5Q+q8/4vNvd/fR22/zP7jPHuk58VO8Z/FPFuf/v9Tyt+0iH+uX3G//rX1tc71aU/ihhr+/2TvBSrWFu6U6yurV9aWJqeL82XlicnJ65OXZu6MjVenFsol7J/28b4zsd//ny3/p/uEH90j/6f32f///fk/tMPN5P5dvEvnGsT/1c/zj6xM34u++77VJau14+10hvN9Fbv/fQ37+3W/9kO/d/r539hn/2/+JVv/XGfHwUADkF1bX1xulwurRzbRH2UfgSaIXEEEw93Vr0fB15hmqZpfZt6hYYlB4/enUSyWdLrPRMAANBtL47+e90SAAAAAAAAAAAAAAAAAAAAOLkO47li22NubKaSbjxCGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgK/4fAAD//1X76Tc=")
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000080), &(0x7f0000000200)}, 0x20)
quotactl$Q_QUOTAON(0xffffffff80000202, &(0x7f0000000000)=@filename='\x00', 0x0, &(0x7f0000000080)='./file0\x00')

13.33208977s ago: executing program 2:
ptrace(0x10, 0x1)
r0 = inotify_init1(0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x0, 0x4}, 0x48)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
fcntl$getownex(r0, 0x10, &(0x7f0000000380)={0x0, <r1=>0x0})
ptrace$getenv(0x4203, r1, 0x0, &(0x7f0000000000))

2.342303679s ago: executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
getrusage(0x0, 0x0)

2.198984837s ago: executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000140)={0x20})
write$cgroup_int(r0, &(0x7f0000000040), 0xfea0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_cpus\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000380), 0x101bf)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x1, 0xbb3e, 0x404})
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000080)={0x0, r1, 0x2, 0x4, 0x7})
ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000000)={0x2880008, r0, 0x0, 0x7, 0xa})

2.142212983s ago: executing program 1:
r0 = socket(0x2, 0x3, 0x100000001)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10)
socket$packet(0x11, 0x3, 0x300)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10)
sendto$inet(r0, &(0x7f0000000000)="832e", 0x2, 0x8004, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000100)="9650", 0x2, 0x0, 0x0, 0x0)

2.019080048s ago: executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x3, 0xbf22}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xd, 0x6, 0x4, 0x5, 0x0, r0}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000940)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='sched_kthread_work_queue_work\x00', r3}, 0x10)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r2, &(0x7f0000000080), 0x0}, 0x20)

2.017777398s ago: executing program 4:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='ext4_discard_preallocations\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)

1.987667052s ago: executing program 1:
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000f4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a700000008000c0095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='mm_lru_insertion\x00', r1}, 0x10)
r2 = getpid()
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = dup2(r4, r3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r5}, 0x10)
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)

1.913601711s ago: executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r1}, 0x10)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff"], 0x15)
r4 = dup(r3)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}})

1.84087111s ago: executing program 1:
io_uring_setup(0x30d5, &(0x7f00000001c0))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0xdac)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

1.83895083s ago: executing program 4:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x204092, &(0x7f0000000000), 0x6, 0x50d, &(0x7f00000006c0)="$eJzs3U1vI3cZAPBnHLubbQNOWw6lEtvQF2URrJM0fYk4lEbi5VQJUe7ZkDhRFCdeJU67iVaQfgIQqgCJC5y4IPEBkFA/AkKqBDcOnEAVZOmBCzIae9xNHDs4Wsezm/x+0mT+8//Hfp7HiSfzFk8AV9ZURLwdEWMR8UpElLP+QjbFYXtKv+/+0b2VdEqi2Xz3n0kkWV/3cz6VPSz1ve9E/CA5HXd3/2BzuVar7pzsPri1sbW8Xl2vbs/Pz72x8ObC6wuzA1aSFM8afToi3vrmpz/78W++/dYfvvb+35b+cfOHaVq3s/FedQxDu/RSjJ9YvjzS35tiq0IAAB4Hz0bEMxHxYkR8JcoxFmduRgMAAACPoeY3Jq51mgAAAMDlVIiIiUgKlex634koFCqV9jW8X4gnC7X6buOra/W97dV0LGIySoW1jVp1NrtWeDJKSbo812o/WH61a3k+uwb3w/L1dLk1BgAAAIzGYtf+/6fl9v4/AAAAcMn0Phk/NvI8AAAAgIvjYnwAAAC4/Oz/AwAAwKX23XfeSafm/aN7rfsArL63v7dZf+/WanV3s7K1t1JZqe/cqazX6+u1amWA/wio1et3XovtvbszjeJuY2Z3/2Bpq7633Vhq3dd7qfrMCGoCAAAATnr6hY/+kkTE4devt6bUE9lYKdfMgEdIUuzquP3lnDIBhuLcH/IztXcxiQAj1/03Hbg67OMDSXdH14bBeL9NhT92d9z4v7FscwAAQD6mv+j8P1xVhbwTAHLzk7wTAHIz8LH4qYvNAxi9ktv8wZV36vx/l/F+A6fO//fTbJ4rIQAAYOgm2rPDyM4FTkShUKl8dlowWduoVWcj4vMR8edy6Vq6PJdjvgAAAAAAAAAAAAAAAAAAAAAAAADwOGo2k2gCAAAAl1pE4e9Jdv+v6fLLE93HB55I/lNuzSPi/V+++/O7y43Gzlza/6/P+hu/yPpfzeMIBgAAAFxFpTNHO/vpnf14AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABim+0f3VjrTKON+shjXY7JX/GKMt+bjUYqIJ/+dRPHY45KIGBtC/MMPIuK5XvGTNK2YzLLojl+IiOs5x39qCPHhKvtoMSLe7vX+K8RUa977/VfMpof1yWLrTd4zfmf9N9Zn/fe5AWM8//HvZvrG/yDi+WLv9U8nftIn/ksDxr/9/YODfmPNX0dM9/z7k7RnhewbG1t3Znb3D25tbC2vV9er2/Pzc28svLnw+sLszNpGrZp97Rnjp1/6/eGHfetvBzgev1PnZDvDH/Wr/+UB6//vx3ePnm03S6fjR9x8qffP/7nWvPfrn/5OvJK9POn4dKd92G4fd+O3f7rRL7c0/mqf17/98y83H8Qvnqj/5mDlH6/5V4M9BAC4SLv7B5vLtVp1ZwSNF18b3hMmrUa6FTSi5PNudA52PCr5jOcT/VrkW/u3Hvp5OpvDD/M8fx1aXek+Q++hHFdKAADAhXiw0Z93JgAAAAAAAAAAAAAAAAAAAHB1tf7/f+ycHwT4wvk+aaw75mE+pQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnOl/AQAA//9DhsFC")
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
quotactl$Q_GETFMT(0xffffffff80000400, &(0x7f0000000140)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f00000011c0))

1.544462205s ago: executing program 3:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000010100008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = getpid()
sched_setscheduler(r2, 0x0, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x11, &(0x7f0000000080), 0x4)

1.361470457s ago: executing program 1:
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
r0 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000940)=@o_path={&(0x7f0000000140)='./file1\x00'}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@bloom_filter={0x1e, 0x4, 0x8, 0x8, 0x100, r0, 0x80000001, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x5, 0x8}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000a40)=""/181}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b708000000000002000000ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000260000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, &(0x7f0000000980)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00'}, 0x90)
openat$vcs(0xffffffffffffff9c, &(0x7f0000001c40), 0x4000, 0x0)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001d40)={{{@in6=@empty, @in6=@mcast1, 0x0, 0x0, 0x4e24, 0x6, 0x0, 0x80, 0x20}, {0x2, 0x101, 0x3, 0xffff, 0x5, 0x1ff, 0xffffffffffffffff, 0x3}, {0x9, 0x0, 0x9982, 0x9}, 0x3, 0x6e6bb8, 0x2, 0x0, 0x1, 0x3}, {{@in=@empty, 0x4d5, 0x2b}, 0x2, @in6=@loopback, 0x3503, 0x0, 0x3, 0x0, 0x5, 0x6}}, 0xe8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='./file1\x00', 0x0, 0x2804, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000073013b00000000009500000000000000f523bc128e9d16330ff66aeaf3e1eae3fa41706376ae6c4aad19d53374e70747f5be3d456fe61f01417867c12a572533334f0f0d2daca3d997dec1914913584cfe611d87509d"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r1, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000001380)={[{@data_err_abort}, {@stripe={'stripe', 0x3d, 0x2}}, {@noblock_validity}, {@errors_remount}, {@noblock_validity}, {}, {@sysvgroups}, {@nojournal_checksum}, {@nodelalloc}]}, 0xfc, 0x550, &(0x7f0000000340)="$eJzs3d9rW1UcAPDvTdv91nUwhvoghT04mUvX1h8TfJiPosOBvs/Q3pXRZBlNOtY6cHtwL77IEEQciH+A7z4O/wH/ioEOhoyiD75EbnrTZWvSZm22Zubzgduec89Nzz0593t6bk5CAhhaE9mPQsSrEfFtEnG4rWw08sKJteNWH16fzbYkGo3P/koiyfe1jk/y3wfzzCsR8dvXEScLG+utLa8slMrldDHPT9YrVyZryyunLlVK8+l8enl6ZubMOzPT77/3bt/a+ub5f3749O5HZ745vvr9L/eP3E7ibBzKy9rbsQM32jMTMZE/J2Nx9okDp/pQ2SBJdvsE2JaRPM7HIhsDDsdIHvXA/99XEdEAhlQi/mFIteYBrXv7Pt0HvzAefLh2A7Sx/aNrr43Evua90YHV5LE7o+x+d7wP9Wd1/PrnndvZFv17HQJgSzduRsTp0dGN41+Sj3/bd7qHY56sw/gHz8/dbP7zVqf5T2F9/hMd5j8HO8Tudmwd/4X7faimq2z+90HH+e/6otX4SJ57qTnnG0suXiqn2dj2ckSciLG9WX6z9Zwzq/ca3cra53/ZltXfmgvm53F/dO/jj5kr1Us7aXO7BzcjXus4/03W+z/p0P/Z83G+xzqOpXde71a2dfufrcbPEW907P9HK1rJ5uuTk83rYbJ1VWz0961jv3erf7fbn/X/gc3bP560r9fWnr6On/b9m3Yr2+71vyf5vJnek++7VqrXF6ci9iSfbNw//eixrXzr+Kz9J45vPv51uv73R8QXPbb/1tFbXQ8dhP6fe6r+f/rEvY+//LFb/b31/9vN1Il8Ty/jX68nuJPnDgAAAAAAAAZNISIORVIorqcLhWJx7f0dR+NAoVyt1U9erC5dnovmZ2XHY6zQWuk+3PZ+iKn8/bCt/PQT+ZmIOBIR343sb+aLs9Xy3G43HgAAAAAAAAAAAAAAAAAAAAbEwYh9nT7/n/ljZLfPDnjmfOU3DK/u8Z+X9OObnoCB5P8/DC/xD8NL/MPwEv8wvMQ/DC/xD8NL/MPwEv8AAAAAAAAAAAAAAAAAAAAAAAAAAADQV+fPncu2xurD67NZfu7q8tJC9eqpubS2UKwszRZnq4tXivPV6nw5Lc5WK1v9vXK1emVqOpauTdbTWn2ytrxyoVJduly/cKlSmk8vpGPPpVUAAAAAAAAAAAAAAAAAAADwYqktryyUyuV0UUJiW4nRwTgNiT4ndntkAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBH/gsAAP//sQI4ww==")
r5 = openat$vsock(0xffffffffffffff9c, &(0x7f0000001c80), 0x690000, 0x0)
openat$cgroup_ro(r5, &(0x7f0000001cc0)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b704000000000000850000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00'}, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018b4c700", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r8}, 0x10)
socket$igmp6(0xa, 0x3, 0x2)

1.273701907s ago: executing program 4:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getresgid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f0000000300))
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f00000000c0)=0x8004, 0x4)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x1f)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
nanosleep(&(0x7f0000000380), &(0x7f00000003c0))
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r4}, 0x10)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f0000007900)={0x0, 0x0, &(0x7f0000007840)=[{&(0x7f0000005ec0)=ANY=[@ANYBLOB="140200001a00f9ffff7b00000000000001"], 0x214}], 0x1}, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')

1.110622087s ago: executing program 1:
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r0 = socket$inet6(0xa, 0x1000080002, 0x100000000000088)
execve(0x0, 0x0, 0x0)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e23}, 0x1c)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10)
fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x802, 0x88)
setsockopt$inet6_udp_int(r3, 0x11, 0x100000000a, &(0x7f00000003c0)=0x800000001, 0x4)
sendto$inet6(r3, 0x0, 0x0, 0x4008840, &(0x7f0000000180)={0xa, 0x4e23, 0x0, @local}, 0x1c)
sendto$inet6(r3, &(0x7f0000000000)="17", 0x1, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020722500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
pipe2$9p(&(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
r6 = epoll_create(0x5)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}})
write$P9_RVERSION(r5, &(0x7f0000000000)={0x13, 0x65, 0xffff, 0x0, 0x6, '9P2000'}, 0x20000013)

724.905104ms ago: executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000400)='jbd2_handle_stats\x00', r3}, 0x10)
write$cgroup_pid(r0, &(0x7f0000000980), 0x12)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='ext4_drop_inode\x00', r4}, 0x10)
unlink(&(0x7f0000000140)='./cgroup\x00')

639.263164ms ago: executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10)
setpriority(0x0, 0x0, 0x0)

554.071294ms ago: executing program 0:
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r0=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x0, 0x0, {0x7, r0}, [@MDBA_SET_ENTRY={0x20, 0x1, {r0, 0x0, 0x0, 0x0, {@ip4=@rand_addr=0xe0000000, 0x800}}}]}, 0x38}}, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x0, 0x0, {0x7, r3}, [@MDBA_SET_ENTRY={0x20, 0x1, {r3, 0x0, 0x0, 0x0, {@ip4=@rand_addr=0xe0000000, 0x800}}}]}, 0x38}}, 0x0)
r4 = socket(0x10, 0x803, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0)
getsockname$packet(r5, &(0x7f0000000840)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000880)=0x40)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x0, 0x0, {0x7, r6}, [@MDBA_SET_ENTRY={0x20, 0x1, {r6, 0x0, 0x0, 0x0, {@ip4=@rand_addr=0xe0000000, 0x800}}}]}, 0x38}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000300)={'syztnl1\x00', &(0x7f0000000600)={'ip_vti0\x00', <r7=>0x0, 0x10, 0x10, 0x1, 0x8, {{0x43, 0x4, 0x0, 0x28, 0x10c, 0x64, 0x0, 0xd0, 0x4, 0x0, @loopback, @broadcast, {[@timestamp_addr={0x44, 0x34, 0x57, 0x1, 0x3, [{@remote, 0xfffffff8}, {@dev={0xac, 0x14, 0x14, 0x2d}, 0x800}, {@empty, 0x8000}, {@loopback, 0x8}, {@loopback, 0x9}, {@empty, 0x2}]}, @lsrr={0x83, 0x23, 0x99, [@multicast1, @local, @multicast2, @loopback, @local, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2]}, @timestamp_prespec={0x44, 0x3c, 0x1d, 0x3, 0x7, [{@multicast2, 0x4}, {@remote, 0x5}, {@rand_addr=0x64010100, 0x4}, {@empty, 0x1fffe00}, {@rand_addr=0x64010100, 0xffffbca4}, {@multicast1, 0x5}, {@multicast2, 0xeb}]}, @end, @generic={0x8c, 0x9, "c37ca1089bd0aa"}, @cipso={0x86, 0x28, 0x2, [{0x5, 0x10, "45ceb7134a00659ef3ff82fa63d3"}, {0x7, 0x2}, {0x7, 0x10, "6e9b4f25508720ed826270316ab5"}]}, @end, @timestamp={0x44, 0x20, 0xe6, 0x0, 0x9, [0x2, 0x4, 0x0, 0x8, 0xd4, 0x2, 0x2]}, @generic={0x86, 0xf, "9e805e0e3b829a0383be00777a"}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000480)={'syztnl2\x00', &(0x7f0000000740)={'ip6_vti0\x00', <r8=>0x0, 0x4, 0xfe, 0x4, 0x5, 0xc, @dev={0xfe, 0x80, '\x00', 0x2c}, @local, 0xf8a8, 0x7800, 0x6, 0x3}})
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000007c0)={&(0x7f0000000980)={0x400, 0x0, 0x400, 0x70bd29, 0x25dfdbfb, {}, [{{0x8, 0x1, r0}, {0x4}}, {{0x8, 0x1, r3}, {0xbc, 0x2, 0x0, 0x1, [{0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0xfff, 0x0, 0x3b, 0x1a8}, {0xff, 0x9, 0x0, 0x10001}]}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x81}}}]}}, {{0x8}, {0x188, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x4000007}}}, {0x5c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x2c, 0x4, [{0xfff, 0x0, 0x20, 0x3}, {0xfffe, 0xf9, 0x1, 0x3}, {0xfffd, 0x9, 0x7}, {0x6, 0x28, 0x0, 0x1}, {0xe5de, 0x4a, 0x81, 0x7fffffff}]}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8, 0x1, r6}, {0x138, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x28000}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x7, 0x3f, 0x8e, 0x3}, {0x6, 0x7, 0x3f, 0x3f}, {0x8, 0x4, 0x3, 0x7ff}]}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r0}}}]}}, {{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xfff}}, {0x8, 0x6, r8}}}]}}]}, 0x400}, 0x1, 0x0, 0x0, 0x8010}, 0x80)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0)
ioctl$FS_IOC_SETFLAGS(r9, 0x40086602, &(0x7f0000000080))
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
write$cgroup_int(r11, &(0x7f0000000380), 0x101bf)
r12 = socket$inet(0x2, 0xa, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r12, 0x891b, &(0x7f0000000000)={'lo\x00', {0x2, 0x0, @multicast1=0xac14140a}})
pwritev(r12, &(0x7f0000000180)=[{&(0x7f00000003c0)="b0239f7ee43a775fb7613625839c64777bfbe213a746e880b2892485265bee64e4fa0c1330f6b016a2ee623ec1c172215b07c4966bc4fa76fdbf45330b9cac0cc8fa9a7b0e2a850d00c9da7fe3869f0ce1a23fb2b050cbdf0a6896c7058673dcf4f7ade322a898baced9597fa431c0fd939ad36202d798d2a7bee46a7dc231bf2c957288d68d1df1c5b013", 0x8b}, {&(0x7f00000000c0)="763ebafb531c5f4ba700217bbe47026950036ac4725ba99d31b3588563034e658ddb27086556641eb60caf8d28899316", 0x30}], 0x2, 0xc5, 0xb8f)
ioctl$EXT4_IOC_MIGRATE(r10, 0x6609)

470.461364ms ago: executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x15, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='jbd2_handle_stats\x00', r2}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0)

438.519218ms ago: executing program 0:
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000f4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a700000008000c0095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='mm_lru_insertion\x00', r1}, 0x10)
r2 = getpid()
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = dup2(r4, r3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r5}, 0x10)
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)

361.109047ms ago: executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x17, 0x0, 0x8400, 0x1, 0x0, 0x1}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r0, 0x0, 0x20000000}, 0x20)
bpf$MAP_DELETE_ELEM(0x15, &(0x7f0000000500)={r0, 0x0, 0x20000000}, 0x20)

283.220787ms ago: executing program 0:
syz_emit_ethernet(0x7e, &(0x7f0000000380)={@broadcast, @empty, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, '\x00', 0x48, 0x2f, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, [0x0]}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x0]}}}}}}}, 0x0)

260.109989ms ago: executing program 3:
syz_mount_image$msdos(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', 0x80c406, &(0x7f00000005c0)=ANY=[], 0xff, 0x2bc, &(0x7f0000000180)="$eJzs3EFrE1sUwPGTTJtJ+2ja1YP3Nh50o5uhxqUKRmlBDChpR9SFMKVTDYlJmQmaiGDWrvo5ikt3gvgFuhW3grsiSFddOdJkMk7SpJZYE03/Pyhz7j136L25Uzi3MNm9t/WktOFbG05NkmmVpEhT9kUWpCgdifCaasWpqF+uZqUpFxaf7r1auf/gVi6fXyqoLudWL2VVNXPm3bMXr8++r/1z903GNGVn4eHu1+znnX93/tv9tvq46GvR10q1po6uVas1Z63s6nrRL1mqd8qu47tarPiu15XfKFc3NxvqVNbnZjc91/fVqTQ0KQ2tVTUdzqqilmXp3OxBnJZTJHXcgZ+CMLC3CwUn13fMqfrkJpvn5RxDRGYO7am9PZ4ZAQCAcRpc/yejMZ36P9lb/4v8pP5/GY7KvB1Y/wcJkWHqf0Oi+r/ktur/mtdQ55FTjNf/OJJ9bWD9f4Tk75kMfkWiGWtc70p5Xm6m/03U/wAAAAAAAAAAAAAAAAAAAAAA/A32g2A+CIL5g2tSRIKwbYqIEWv3uZU3xCdAfP+D2I8ZbvAR+48JEHtxLy3ypVm363aidW3nl2/mlxa1Jfbi3169bhtR/mI7r935aZkN89m++ZScP9fOH+Ru3M7H81t1e0bWe+ZqdLWaJ/kxAAAAAAAw0SyNLESdaYnO95alpvTmW+f3VjAlIp3/D/Sc76fk/6kRLgQAAAAAAAzkN56XnHLZ9UYTGCP8XUMHIsPdfjkwT2QahojEesxwq+JjCisiJ7fklAy75J7AFLcz29Fu3Mfc+B+b0QRXjjv4Q+bwY9MVBAmRds90uGc9fwUAAAAAJsuP88C4ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOk1iq8uG/caAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD/F9wAAAP//SmOyhw==")
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x40, 0x6, 0x8}, 0x48)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}})

238.441202ms ago: executing program 4:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
chdir(&(0x7f0000000000)='./file0\x00')
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)

117.265226ms ago: executing program 0:
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x90)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800004e9d00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

0s ago: executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x96c}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='ext4_es_lookup_extent_enter\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x6, 0x8, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

kernel console output (not intermixed with test programs):

c: Started in network mode
[  727.714667][T22912] tipc: Node identity ac1414aa, cluster identity 4711
[  727.721723][T22912] tipc: New replicast peer: 100.1.1.1
[  727.727268][T22912] tipc: Enabled bearer <udp:syz2>, priority 10
[  727.812870][T22472] attempt to access beyond end of device
[  727.812870][T22472] loop1: rw=2049, want=45104, limit=40427
[  727.836309][    T6] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  727.845165][    T6] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  727.853185][    T6] usb 5-1: Product: syz
[  727.857399][    T6] usb 5-1: Manufacturer: syz
[  727.861796][    T6] usb 5-1: SerialNumber: syz
[  728.316390][    T6] usb 5-1: 2:1: invalid format type 0x1001 is detected, processed as PCM
[  728.324748][    T6] usb 5-1: 2:1 : invalid channels 0
[  728.347954][    T6] usb 5-1: USB disconnect, device number 60
[  728.653944][T22948] loop2: detected capacity change from 0 to 40427
[  728.705801][T22948] F2FS-fs (loop2): invalid crc value
[  728.712840][T22948] F2FS-fs (loop2): Found nat_bits in checkpoint
[  728.739504][T22948] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0
[  728.753321][T22948] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  728.856367][T17301] tipc: Node number set to 2886997162
[  728.925816][T22962] attempt to access beyond end of device
[  728.925816][T22962] loop2: rw=2049, want=45112, limit=40427
[  729.024827][T22966] loop3: detected capacity change from 0 to 16
[  729.084755][T22966] erofs: (device loop3): mounted with root inode @ nid 36.
[  729.176252][T22969] SELinux:  Context system_u:object_r: is not valid (left unmapped).
[  729.184591][   T30] audit: type=1400 audit(1718567423.100:43748): avc:  denied  { relabelto } for  pid=22968 comm="syz-executor.4" name="" dev="pipefs" ino=120839 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1 trawcon="system_u:object_r:"
[  729.284100][T22971] loop1: detected capacity change from 0 to 512
[  729.326382][T22971] EXT4-fs (loop1): error: could not find journal device path: error -2
[  729.392726][T22975] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'.
[  730.425302][T22993] overlayfs: statfs failed on './file0'
[  731.261868][T23026] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  731.382840][T18762] kernel write not supported for file 23028/task/23030/clear_refs (pid: 18762 comm: kworker/1:2)
[  731.623192][T23038] loop3: detected capacity change from 0 to 256
[  732.168554][T23050] loop4: detected capacity change from 0 to 512
[  732.196624][T23050] EXT4-fs (loop4): error: could not find journal device path: error -2
[  732.342464][T23055] tipc: Started in network mode
[  732.347215][T23055] tipc: Node identity ff010000000000000000000000000001, cluster identity 4711
[  732.355902][T23055] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  732.492988][    T6] kernel write not supported for file 23058/task/23059/clear_refs (pid: 6 comm: kworker/0:0)
[  732.551509][   T30] audit: type=1400 audit(1718567426.470:43749): avc:  denied  { ioctl } for  pid=23061 comm="syz-executor.3" path="socket:[120238]" dev="sockfs" ino=120238 ioctlcmd=0x8907 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  732.636649][T23066] loop1: detected capacity change from 0 to 256
[  732.674848][T23066] exfat: Deprecated parameter 'utf8'
[  732.682624][T23066] exFAT-fs (loop1): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d)
[  733.236236][T18762] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[  733.348622][T23095] device syzkaller0 entered promiscuous mode
[  733.393185][   T30] audit: type=1400 audit(1718567427.310:43750): avc:  denied  { relabelfrom } for  pid=23096 comm="syz-executor.2" name="NETLINK" dev="sockfs" ino=120304 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  733.418731][   T30] audit: type=1400 audit(1718567427.310:43751): avc:  denied  { relabelto } for  pid=23096 comm="syz-executor.2" name="NETLINK" dev="sockfs" ino=120304 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=netlink_netfilter_socket permissive=1
[  733.496222][T18762] usb 4-1: Using ep0 maxpacket: 16
[  733.626489][T18762] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  733.677068][   T30] audit: type=1326 audit(1718567427.600:43752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23106 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2797f43ea9 code=0x7ffc0000
[  733.701280][   T30] audit: type=1326 audit(1718567427.600:43753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23106 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2797f43ea9 code=0x7ffc0000
[  733.725326][   T30] audit: type=1326 audit(1718567427.600:43754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23106 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f2797f43ea9 code=0x7ffc0000
[  733.725392][T18762] usb 4-1: New USB device found, idVendor=04e6, idProduct=0007, bcdDevice= 1.75
[  733.749530][   T30] audit: type=1326 audit(1718567427.600:43755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23106 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2797f43ea9 code=0x7ffc0000
[  733.758669][T18762] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=5
[  733.782357][   T30] audit: type=1326 audit(1718567427.600:43756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23106 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2797f43ea9 code=0x7ffc0000
[  733.790672][T18762] usb 4-1: SerialNumber: syz
[  733.818543][   T30] audit: type=1326 audit(1718567427.600:43757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23106 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2797f43ea9 code=0x7ffc0000
[  733.876534][T18762] usb-storage 4-1:1.0: USB Mass Storage device detected
[  733.884233][T18762] usb-storage 4-1:1.0: Quirks match for vid 04e6 pid 0007: 1
[  734.078522][    T6] usb 4-1: USB disconnect, device number 58
[  734.343703][T23130] incfs: Can't find or create .index dir in ./file0
[  734.350282][T23130] incfs: mount failed -5
[  735.096224][ T1292] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  735.336886][ T1292] usb 3-1: Using ep0 maxpacket: 8
[  735.399923][T23163] EXT4-fs (sda1): re-mounted. Opts: (null). Quota mode: journalled.
[  735.456306][ T1292] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  735.466950][ T1292] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  735.476452][ T1292] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  735.487285][ T1292] usb 3-1: config 1 interface 1 has no altsetting 0
[  735.646272][ T1292] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  735.655237][ T1292] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  735.663528][ T1292] usb 3-1: Product: syz
[  735.667670][ T1292] usb 3-1: Manufacturer: syz
[  735.672167][ T1292] usb 3-1: SerialNumber: syz
[  735.692321][   T30] kauditd_printk_skb: 9 callbacks suppressed
[  735.692336][   T30] audit: type=1326 audit(1718567429.610:43767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23169 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe576d06ea9 code=0x7ffc0000
[  735.722439][   T30] audit: type=1326 audit(1718567429.610:43768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23169 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe576d06ea9 code=0x7ffc0000
[  735.746389][   T30] audit: type=1326 audit(1718567429.610:43769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23169 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fe576d06ea9 code=0x7ffc0000
[  735.770432][   T30] audit: type=1326 audit(1718567429.610:43770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23169 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe576d06ea9 code=0x7ffc0000
[  735.794415][   T30] audit: type=1326 audit(1718567429.610:43771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23169 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe576d06ea9 code=0x7ffc0000
[  735.818370][   T30] audit: type=1326 audit(1718567429.610:43772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23169 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe576d06ea9 code=0x7ffc0000
[  735.842153][   T30] audit: type=1326 audit(1718567429.610:43773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23169 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe576d06ea9 code=0x7ffc0000
[  735.866086][   T30] audit: type=1326 audit(1718567429.610:43774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23169 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe576d06ea9 code=0x7ffc0000
[  735.889957][   T30] audit: type=1326 audit(1718567429.610:43775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23169 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7fe576d06ea9 code=0x7ffc0000
[  735.913862][   T30] audit: type=1326 audit(1718567429.610:43776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23169 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe576d06ea9 code=0x7ffc0000
[  736.016301][ T1292] usb 3-1: 2:1: invalid format type 0x1001 is detected, processed as PCM
[  736.024529][ T1292] usb 3-1: 2:1 : invalid channels 0
[  736.048235][ T1292] usb 3-1: USB disconnect, device number 52
[  736.090637][T23177] loop1: detected capacity change from 0 to 256
[  736.586194][ T1292] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[  736.804958][T23198] syz-executor.1[23198] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  736.805286][T23198] syz-executor.1[23198] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  736.985879][ T1292] usb 4-1: Using ep0 maxpacket: 32
[  737.157480][ T1292] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  737.169911][ T1292] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  737.181340][ T1292] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  737.190482][ T1292] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  737.200286][ T1292] usb 4-1: config 0 descriptor??
[  737.216273][T23186] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  737.241489][ T1292] hub 4-1:0.0: USB hub found
[  737.347586][T23207] loop1: detected capacity change from 0 to 128
[  737.359220][T23202] bridge0: port 1(bridge_slave_0) entered blocking state
[  737.366368][T23202] bridge0: port 1(bridge_slave_0) entered disabled state
[  737.373761][T23202] device bridge_slave_0 entered promiscuous mode
[  737.381542][  T347] device bridge_slave_1 left promiscuous mode
[  737.387566][  T347] bridge0: port 2(bridge_slave_1) entered disabled state
[  737.394930][  T347] device bridge_slave_0 left promiscuous mode
[  737.400975][  T347] bridge0: port 1(bridge_slave_0) entered disabled state
[  737.409047][  T347] device veth1_macvtap left promiscuous mode
[  737.414887][  T347] device veth0_vlan left promiscuous mode
[  737.419626][T23209] EXT4-fs (sda1): re-mounted. Opts: (null). Quota mode: journalled.
[  737.520389][T23202] bridge0: port 2(bridge_slave_1) entered blocking state
[  737.527438][T23202] bridge0: port 2(bridge_slave_1) entered disabled state
[  737.535000][T23202] device bridge_slave_1 entered promiscuous mode
[  737.894984][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  737.903793][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  737.927859][T17301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  737.936632][T17301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  737.944833][T17301] bridge0: port 1(bridge_slave_0) entered blocking state
[  737.951705][T17301] bridge0: port 1(bridge_slave_0) entered forwarding state
[  737.960275][T17301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  737.968884][T17301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  737.977239][T17301] bridge0: port 2(bridge_slave_1) entered blocking state
[  737.984086][T17301] bridge0: port 2(bridge_slave_1) entered forwarding state
[  737.991978][T17301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  738.005542][T17301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  738.013623][T17301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  738.034178][T23202] device veth0_vlan entered promiscuous mode
[  738.041923][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  738.051033][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  738.059846][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  738.068011][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  738.075757][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  738.093685][T23202] device veth1_macvtap entered promiscuous mode
[  738.102401][T17301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  738.157657][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  738.165892][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  738.186622][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  738.195049][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  739.346319][ T1292] hub 4-1:0.0: config failed, can't read hub descriptor (err -22)
[  739.456269][ T1292] usbhid 4-1:0.0: can't add hid device: -71
[  739.462195][ T1292] usbhid: probe of 4-1:0.0 failed with error -71
[  739.497191][ T1292] usb 4-1: USB disconnect, device number 59
[  740.409526][T23273] syz-executor.3[23273] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  740.409590][T23273] syz-executor.3[23273] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  740.591640][T23277] loop3: detected capacity change from 0 to 128
[  740.675999][T23279] incfs: Can't find or create .index dir in ./file0
[  740.682597][T23279] incfs: mount failed -5
[  742.002572][T23309] loop2: detected capacity change from 0 to 128
[  742.293460][T23317] incfs: Can't find or create .index dir in ./file0
[  742.300542][T23317] incfs: mount failed -5
[  742.444352][T23322] loop1: detected capacity change from 0 to 512
[  742.476661][T23325] syz-executor.3[23325] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  742.476741][T23325] syz-executor.3[23325] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  742.493675][T23322] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz-executor.1: casefold flag without casefold feature
[  742.518577][T23322] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.1: casefold flag without casefold feature
[  742.532316][T23322] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.1: ea_inode with extended attributes
[  742.545368][T23322] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor.1: error while reading EA inode 12 err=-117
[  742.559617][T23322] EXT4-fs (loop1): 1 orphan inode deleted
[  742.565529][T23322] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  742.822217][T23337] cgroup: No subsys list or none specified
[  743.026259][   T26] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[  743.096516][T23341] loop2: detected capacity change from 0 to 128
[  743.266275][   T26] usb 4-1: Using ep0 maxpacket: 32
[  743.386328][   T26] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  743.403407][T23352] incfs: Can't find or create .index dir in ./file0
[  743.409994][T23352] incfs: mount failed -5
[  743.556311][   T26] usb 4-1: New USB device found, idVendor=041e, idProduct=3f19, bcdDevice=a4.72
[  743.565311][   T26] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  743.573263][   T26] usb 4-1: Product: syz
[  743.577330][   T26] usb 4-1: Manufacturer: syz
[  743.581696][   T26] usb 4-1: SerialNumber: syz
[  743.586970][   T26] usb 4-1: config 0 descriptor??
[  743.740389][T23365] loop1: detected capacity change from 0 to 512
[  743.853283][   T30] kauditd_printk_skb: 24 callbacks suppressed
[  743.853308][   T30] audit: type=1400 audit(1718567437.770:43801): avc:  denied  { mounton } for  pid=23333 comm="syz-executor.3" path="/root/syzkaller-testdir521349125/syzkaller.brndQM/356/file0" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  743.950929][T23365] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz-executor.1: casefold flag without casefold feature
[  743.964469][T23365] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.1: casefold flag without casefold feature
[  743.979080][T23365] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.1: ea_inode with extended attributes
[  743.992766][T23365] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor.1: error while reading EA inode 12 err=-117
[  744.006170][   T30] audit: type=1400 audit(1718567437.920:43802): avc:  denied  { mounton } for  pid=23333 comm="syz-executor.3" path="/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
[  744.006522][T23365] EXT4-fs (loop1): 1 orphan inode deleted
[  744.033972][T23365] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  744.054420][T23335] loop3: detected capacity change from 0 to 512
[  744.119102][T23335] EXT4-fs (loop3): Ignoring removed oldalloc option
[  744.126761][T23335] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  744.142523][T23335] EXT4-fs (loop3): 1 truncate cleaned up
[  744.148135][T23335] EXT4-fs (loop3): mounted filesystem without journal. Opts: quota,oldalloc,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000000080,block_validity,jqfmt=vfsv1,,errors=continue. Quota mode: writeback.
[  744.326054][   T30] audit: type=1326 audit(1718567438.240:43803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23379 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000
[  744.326344][   T26] usb 4-1: unknown interface protocol 0xf, assuming v1
[  744.350984][   T30] audit: type=1326 audit(1718567438.270:43804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23379 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000
[  744.359114][   T26] usb 4-1: USB disconnect, device number 60
[  744.403215][   T30] audit: type=1326 audit(1718567438.270:43805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23379 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000
[  744.427129][   T30] audit: type=1326 audit(1718567438.310:43806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23379 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000
[  744.451426][   T30] audit: type=1326 audit(1718567438.310:43807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23379 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000
[  744.475376][   T30] audit: type=1326 audit(1718567438.310:43808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23379 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=253 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000
[  744.499712][   T30] audit: type=1326 audit(1718567438.310:43809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23379 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000
[  744.526234][   T30] audit: type=1326 audit(1718567438.310:43810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23379 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000
[  744.838121][T23390] incfs: Can't find or create .index dir in ./file0
[  744.844995][T23390] incfs: mount failed -5
[  745.029767][T23399] syz-executor.2[23399] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  745.029833][T23399] syz-executor.2[23399] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  745.054940][T23400] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  745.078231][T23400] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  745.225849][T23410] loop1: detected capacity change from 0 to 128
[  745.525317][T23417] loop2: detected capacity change from 0 to 256
[  745.816636][T23420] netlink: 'syz-executor.3': attribute type 12 has an invalid length.
[  746.307857][T23438] syz-executor.3[23438] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  746.307953][T23438] syz-executor.3[23438] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  747.279570][T23461] loop1: detected capacity change from 0 to 40427
[  747.341569][T23461] F2FS-fs (loop1): invalid crc value
[  747.349219][T23461] F2FS-fs (loop1): Found nat_bits in checkpoint
[  747.414113][T23461] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  747.432608][T23461] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=23461 comm=syz-executor.1
[  747.758698][T23469] loop2: detected capacity change from 0 to 256
[  748.163387][T23475] loop1: detected capacity change from 0 to 2048
[  748.238285][T23475] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  748.269639][T23475] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  748.284412][T23475] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[  748.296776][T23475] EXT4-fs (loop1): This should not happen!! Data will be lost
[  748.296776][T23475] 
[  748.306632][T23475] EXT4-fs (loop1): Total free blocks count 0
[  748.312444][T23475] EXT4-fs (loop1): Free/Dirty block details
[  748.318599][T23475] EXT4-fs (loop1): free_blocks=2415919104
[  748.324239][T23475] EXT4-fs (loop1): dirty_blocks=16
[  748.329528][T23475] EXT4-fs (loop1): Block reservation details
[  748.335627][T23475] EXT4-fs (loop1): i_reserved_data_blocks=1
[  748.341800][T23481] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[  748.354420][T23481] EXT4-fs (loop1): This should not happen!! Data will be lost
[  748.354420][T23481] 
[  749.174803][T23511] syz-executor.2[23511] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  749.174900][T23511] syz-executor.2[23511] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  749.403351][T23517] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  749.490737][T23519] loop2: detected capacity change from 0 to 1024
[  749.555073][T23519] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option
[  749.567469][T23519] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a003c018, mo2=0002]
[  749.575578][T23519] System zones: 0-1, 3-12
[  749.580445][T23519] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodiscard,bsddf,auto_da_alloc=0x0000000000000000,nomblk_io_submit,debug_want_extra_isize=0x0000000000000080,lazytime,nodelalloc,acl,debug,,errors=continue. Quota mode: none.
[  749.604643][   T30] kauditd_printk_skb: 26 callbacks suppressed
[  749.604658][   T30] audit: type=1400 audit(1718567443.520:43837): avc:  denied  { setattr } for  pid=23518 comm="syz-executor.2" name="file1" dev="loop2" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[  749.615095][T23519] EXT4-fs error (device loop2): ext4_expand_extra_isize_ea:2739: inode #14: comm syz-executor.2: corrupted in-inode xattr
[  749.646640][   T30] audit: type=1400 audit(1718567443.530:43838): avc:  denied  { read } for  pid=23518 comm="syz-executor.2" name="file1" dev="loop2" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1
[  749.669890][T23519] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: none.
[  749.881338][T23525] loop1: detected capacity change from 0 to 512
[  749.938497][T23525] EXT4-fs (loop1): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,nobarrier,nolazytime,,errors=continue. Quota mode: writeback.
[  749.955162][T23525] ext4 filesystem being mounted at /root/syzkaller-testdir3581808218/syzkaller.QkaCIW/92/file0 supports timestamps until 2038 (0x7fffffff)
[  750.034354][T23533] loop2: detected capacity change from 0 to 1024
[  750.065820][T23533] EXT4-fs (loop2): Test dummy encryption mode enabled
[  750.072565][T23533] EXT4-fs (loop2): Ignoring removed orlov option
[  750.080905][T23533] EXT4-fs (loop2): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback.
[  750.444140][T23548] loop1: detected capacity change from 0 to 2048
[  750.517959][T23548] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  750.551920][T23548] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  750.566673][T23548] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[  750.578749][T23548] EXT4-fs (loop1): This should not happen!! Data will be lost
[  750.578749][T23548] 
[  750.588197][T23548] EXT4-fs (loop1): Total free blocks count 0
[  750.593935][T23548] EXT4-fs (loop1): Free/Dirty block details
[  750.599813][T23548] EXT4-fs (loop1): free_blocks=2415919104
[  750.605338][T23548] EXT4-fs (loop1): dirty_blocks=16
[  750.610329][T23548] EXT4-fs (loop1): Block reservation details
[  750.616096][T23548] EXT4-fs (loop1): i_reserved_data_blocks=1
[  750.622193][T23555] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[  750.634458][T23555] EXT4-fs (loop1): This should not happen!! Data will be lost
[  750.634458][T23555] 
[  750.818990][T23563] loop2: detected capacity change from 0 to 512
[  750.875384][T23563] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz-executor.2: invalid indirect mapped block 256 (level 2)
[  750.889599][T23563] EXT4-fs (loop2): 2 truncates cleaned up
[  750.895202][T23563] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  751.027334][T21562] EXT4-fs error (device loop2): ext4_map_blocks:602: inode #2: block 13: comm syz-executor.2: lblock 0 mapped to illegal pblock 13 (length 1)
[  751.042160][T21562] EXT4-fs warning (device loop2): htree_dirblock_to_tree:1082: inode #2: lblock 0: comm syz-executor.2: error -117 reading directory block
[  751.056244][T21562] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5820: Corrupt filesystem
[  751.066182][T21562] EXT4-fs error (device loop2): ext4_dirty_inode:6024: inode #2: comm syz-executor.2: mark_inode_dirty error
[  751.096259][    T6] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[  751.136405][T23574] loop1: detected capacity change from 0 to 1024
[  751.194542][T23574] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  751.217541][T23574] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a003c018, mo2=0002]
[  751.225679][T23574] System zones: 0-1, 3-12
[  751.230448][T23574] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodiscard,bsddf,auto_da_alloc=0x0000000000000000,nomblk_io_submit,debug_want_extra_isize=0x0000000000000080,lazytime,nodelalloc,acl,debug,,errors=continue. Quota mode: none.
[  751.256832][T23574] EXT4-fs error (device loop1): ext4_expand_extra_isize_ea:2739: inode #14: comm syz-executor.1: corrupted in-inode xattr
[  751.270120][T23574] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: none.
[  751.315562][T23578] bridge0: port 1(bridge_slave_0) entered blocking state
[  751.322467][T23578] bridge0: port 1(bridge_slave_0) entered disabled state
[  751.329701][T23578] device bridge_slave_0 entered promiscuous mode
[  751.336653][T23578] bridge0: port 2(bridge_slave_1) entered blocking state
[  751.343540][T23578] bridge0: port 2(bridge_slave_1) entered disabled state
[  751.351109][T23578] device bridge_slave_1 entered promiscuous mode
[  751.400190][T23578] bridge0: port 2(bridge_slave_1) entered blocking state
[  751.407102][T23578] bridge0: port 2(bridge_slave_1) entered forwarding state
[  751.414199][T23578] bridge0: port 1(bridge_slave_0) entered blocking state
[  751.421113][T23578] bridge0: port 1(bridge_slave_0) entered forwarding state
[  751.445401][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  751.452998][ T6551] bridge0: port 1(bridge_slave_0) entered disabled state
[  751.460475][ T6551] bridge0: port 2(bridge_slave_1) entered disabled state
[  751.470857][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  751.479281][ T1292] bridge0: port 1(bridge_slave_0) entered blocking state
[  751.486118][ T1292] bridge0: port 1(bridge_slave_0) entered forwarding state
[  751.497130][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  751.505182][ T6551] bridge0: port 2(bridge_slave_1) entered blocking state
[  751.512139][ T6551] bridge0: port 2(bridge_slave_1) entered forwarding state
[  751.528074][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  751.538233][T17301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  751.557180][T23578] device veth0_vlan entered promiscuous mode
[  751.563711][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  751.572438][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  751.580476][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  751.587765][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  751.600849][T23578] device veth1_macvtap entered promiscuous mode
[  751.608547][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  751.624463][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  751.633086][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  751.647706][    T6] usb 4-1: New USB device found, idVendor=5e5b, idProduct=9318, bcdDevice=bd.92
[  751.657080][    T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  751.664909][    T6] usb 4-1: Product: syz
[  751.668994][    T6] usb 4-1: Manufacturer: syz
[  751.673505][    T6] usb 4-1: SerialNumber: syz
[  751.679590][   T45] tipc: Left network mode
[  751.681415][    T6] usb 4-1: config 0 descriptor??
[  751.726981][    T6] usb-storage 4-1:0.0: USB Mass Storage device detected
[  751.931057][   T26] usb 4-1: USB disconnect, device number 61
[  752.278663][   T45] device bridge_slave_1 left promiscuous mode
[  752.284707][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  752.292485][   T45] device bridge_slave_0 left promiscuous mode
[  752.298726][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  752.306658][   T45] device veth1_macvtap left promiscuous mode
[  752.312466][   T45] device veth0_vlan left promiscuous mode
[  752.506496][T23611] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  752.517591][T23611] FAT-fs (loop1): unable to read boot sector
[  752.920989][T23627] loop2: detected capacity change from 0 to 512
[  752.964599][T23627] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e02d, mo2=0002]
[  752.972509][T23627] System zones: 1-12
[  752.976876][T23627] EXT4-fs error (device loop2): __ext4_iget:4892: inode #11: block 393240: comm syz-executor.2: invalid block
[  752.988600][T23627] EXT4-fs (loop2): Remounting filesystem read-only
[  752.995072][T23627] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz-executor.2: couldn't read orphan inode 11 (err -117)
[  753.007618][T23627] EXT4-fs (loop2): mounted filesystem without journal. Opts: init_itable,nombcache,commit=0x0000000000000000,errors=remount-ro,resgid=0x0000000000000000. Quota mode: none.
[  753.027189][T23627] EXT4-fs error (device loop2): ext4_map_blocks:602: inode #2: block 5: comm syz-executor.2: lblock 0 mapped to illegal pblock 5 (length 1)
[  753.041541][T23627] EXT4-fs (loop2): Remounting filesystem read-only
[  753.095645][T23633] binder: 23632:23633 ioctl c0306201 20000000 returned -14
[  753.106882][  T328] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[  753.265494][T23638] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  753.276339][T23638] FAT-fs (loop3): unable to read boot sector
[  753.366267][  T328] usb 4-1: Using ep0 maxpacket: 8
[  753.546334][  T328] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  753.669709][T23645] loop2: detected capacity change from 0 to 8192
[  753.746527][  T328] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  753.755461][  T328] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  753.763368][  T328] usb 4-1: Product: syz
[  753.767341][  T328] usb 4-1: Manufacturer: syz
[  753.772073][  T328] usb 4-1: SerialNumber: syz
[  753.826880][  T328] cdc_ether: probe of 4-1:1.0 failed with error -22
[  754.032582][    T6] usb 4-1: USB disconnect, device number 62
[  754.254769][T23660] device pim6reg1 entered promiscuous mode
[  754.439406][T23667] syz-executor.1[23667] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  754.439467][T23667] syz-executor.1[23667] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  754.508899][T23669] loop2: detected capacity change from 0 to 128
[  754.553417][T23669] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  754.564112][T23669] ext4 filesystem being mounted at /root/syzkaller-testdir2640406469/syzkaller.3VoIIQ/13/mnt supports timestamps until 2038 (0x7fffffff)
[  754.625848][T23672] loop1: detected capacity change from 0 to 512
[  754.698434][T23672] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000008000,minixdf,,errors=continue. Quota mode: writeback.
[  754.714550][T23672] ext4 filesystem being mounted at /root/syzkaller-testdir3581808218/syzkaller.QkaCIW/115/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  754.766671][T23676] loop3: detected capacity change from 0 to 2048
[  754.806924][T23676]  loop3: p3 < > p4 < >
[  754.811745][T23676] loop3: partition table partially beyond EOD, truncated
[  754.819038][T23676] loop3: p3 start 4284289 is beyond EOD, truncated
[  755.075207][   T30] audit: type=1326 audit(1718567448.990:43839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23685 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc15a7fea9 code=0x7ffc0000
[  755.116300][   T30] audit: type=1326 audit(1718567448.990:43840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23685 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdc15a7fea9 code=0x7ffc0000
[  755.147711][   T30] audit: type=1326 audit(1718567449.020:43841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23685 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc15a7fea9 code=0x7ffc0000
[  755.172235][   T30] audit: type=1326 audit(1718567449.030:43842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23685 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc15a7fea9 code=0x7ffc0000
[  755.196788][   T30] audit: type=1326 audit(1718567449.030:43843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23685 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdc15a7fea9 code=0x7ffc0000
[  755.221020][   T30] audit: type=1326 audit(1718567449.030:43844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23685 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc15a7fea9 code=0x7ffc0000
[  755.248785][   T30] audit: type=1326 audit(1718567449.030:43845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23685 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdc15a7d627 code=0x7ffc0000
[  755.272949][   T30] audit: type=1326 audit(1718567449.030:43846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23685 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdc15a43309 code=0x7ffc0000
[  755.297518][   T30] audit: type=1326 audit(1718567449.030:43847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23685 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc15a7fea9 code=0x7ffc0000
[  755.321922][   T30] audit: type=1326 audit(1718567449.030:43848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23685 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdc15a7d627 code=0x7ffc0000
[  755.750552][T23702] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=23702 comm=syz-executor.1
[  755.750715][T23703] FAT-fs (loop7): invalid media value (0x1c)
[  755.769251][T23703] FAT-fs (loop7): Can't find a valid FAT filesystem
[  755.906194][T17301] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  755.946023][T23710] loop3: detected capacity change from 0 to 512
[  755.999840][T23710] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000008000,minixdf,,errors=continue. Quota mode: writeback.
[  756.016327][T23710] ext4 filesystem being mounted at /root/syzkaller-testdir521349125/syzkaller.brndQM/380/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  756.286305][T17301] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  756.295782][T17301] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[  756.305572][T17301] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  756.391475][T23725] loop3: detected capacity change from 0 to 256
[  756.520602][T17301] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  756.866319][T17301] usb 3-1: New USB device found, idVendor=04b4, idProduct=009b, bcdDevice=16.89
[  756.875252][T17301] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  756.883064][T17301] usb 3-1: Product: syz
[  756.887055][T17301] usb 3-1: Manufacturer: syz
[  756.891492][T17301] usb 3-1: SerialNumber: syz
[  756.896685][T17301] usb 3-1: config 0 descriptor??
[  756.909368][T23732] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
[  756.936969][T17301] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[  756.944594][T17301] usb 3-1: Detected FT-X
[  756.948919][T17301] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 4
[  756.956099][T17301] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 2
[  757.156278][T17301] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  757.176426][T17301] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  757.196273][T17301] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71
[  757.203200][T17301] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  757.211888][T17301] usb 3-1: USB disconnect, device number 53
[  757.218294][T17301] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  757.227867][T17301] ftdi_sio 3-1:0.0: device disconnected
[  757.237865][T23738] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  757.248672][T23738] FAT-fs (loop1): unable to read boot sector
[  757.523192][T23748] loop3: detected capacity change from 0 to 512
[  757.617014][T23750] loop1: detected capacity change from 0 to 40427
[  757.629999][T23748] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000008000,minixdf,,errors=continue. Quota mode: writeback.
[  757.646570][T23748] ext4 filesystem being mounted at /root/syzkaller-testdir521349125/syzkaller.brndQM/384/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  757.688336][T23750] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  757.695950][T23750] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  757.705543][T23750] F2FS-fs (loop1): invalid crc value
[  757.712133][T23750] F2FS-fs (loop1): Found nat_bits in checkpoint
[  757.735565][T23750] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  757.742693][T23750] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  757.774544][T23750] overlayfs: invalid redirect (./file1)
[  757.807363][   T45] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  757.816207][   T45] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  758.196212][T17301] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[  758.556241][T17301] usb 4-1: Using ep0 maxpacket: 8
[  758.897039][T17301] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  759.076282][T17301] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  759.085233][T17301] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  759.093206][T17301] usb 4-1: Product: syz
[  759.098048][T17301] usb 4-1: Manufacturer: syz
[  759.102503][T17301] usb 4-1: SerialNumber: syz
[  759.146594][T17301] cdc_ether: probe of 4-1:1.0 failed with error -22
[  759.349200][    T6] usb 4-1: USB disconnect, device number 63
[  760.236409][   T30] kauditd_printk_skb: 18 callbacks suppressed
[  760.236424][   T30] audit: type=1400 audit(1718567454.160:43867): avc:  denied  { ioctl } for  pid=23816 comm="syz-executor.3" path="/dev/fuse" dev="devtmpfs" ino=91 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  760.553662][T23831] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  760.688830][T23839] tap0: tun_chr_ioctl cmd 1074025698
[  761.159531][T23858] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'.
[  761.579938][T23866] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  761.726299][T23872] tap0: tun_chr_ioctl cmd 1074025698
[  761.746444][    T6] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[  761.996210][    T6] usb 4-1: Using ep0 maxpacket: 16
[  762.316329][    T6] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  762.326498][    T6] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 11
[  762.335343][    T6] usb 4-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[  762.344321][    T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  762.396576][    T6] ums-sddr09 4-1:1.0: USB Mass Storage device detected
[  762.599035][T23863] UDC core: couldn't find an available UDC or it's busy: -16
[  762.606400][T23863] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  762.617520][    T6] usb 4-1: USB disconnect, device number 64
[  763.334737][T23909] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'.
[  763.755376][T23916] syz-executor.1[23916] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  763.755436][T23916] syz-executor.1[23916] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  763.821747][T23917] bridge0: port 1(bridge_slave_0) entered blocking state
[  763.840672][T23917] bridge0: port 1(bridge_slave_0) entered disabled state
[  763.848391][T23917] device bridge_slave_0 entered promiscuous mode
[  763.855306][T23917] bridge0: port 2(bridge_slave_1) entered blocking state
[  763.862401][T23917] bridge0: port 2(bridge_slave_1) entered disabled state
[  763.870392][T23917] device bridge_slave_1 entered promiscuous mode
[  763.929925][T23917] bridge0: port 2(bridge_slave_1) entered blocking state
[  763.936817][T23917] bridge0: port 2(bridge_slave_1) entered forwarding state
[  763.943920][T23917] bridge0: port 1(bridge_slave_0) entered blocking state
[  763.950694][T23917] bridge0: port 1(bridge_slave_0) entered forwarding state
[  763.989450][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  763.998751][   T26] bridge0: port 1(bridge_slave_0) entered disabled state
[  764.006232][   T26] bridge0: port 2(bridge_slave_1) entered disabled state
[  764.031908][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  764.063468][ T6551] bridge0: port 1(bridge_slave_0) entered blocking state
[  764.070367][ T6551] bridge0: port 1(bridge_slave_0) entered forwarding state
[  764.087865][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  764.096730][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[  764.103573][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[  764.110873][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  764.118758][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  764.127409][   T45] device veth1_macvtap left promiscuous mode
[  764.133461][   T45] device veth0_vlan left promiscuous mode
[  764.189322][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  764.201423][T23917] device veth0_vlan entered promiscuous mode
[  764.209238][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  764.217244][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  764.224557][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  764.239592][T23917] device veth1_macvtap entered promiscuous mode
[  764.247787][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  764.265798][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  764.274474][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  764.524063][T23945] loop2: detected capacity change from 0 to 1024
[  764.578632][T23945] EXT4-fs (loop2): mounted filesystem without journal. Opts: user_xattr,init_itable=0x0000000000000003,discard,stripe=0x0000000000000009,block_validity,max_dir_size_kb=0x00000000200007b1,bsddf,min_batch_time=0x0000000000000008,delalloc,noquota,stripe=0x00000000000000ff,discard,sb=0x00,errors=continue. Quota mode: none.
[  764.966970][T23961] bridge0: port 1(bridge_slave_0) entered blocking state
[  764.973941][T23961] bridge0: port 1(bridge_slave_0) entered disabled state
[  764.981605][T23961] device bridge_slave_0 entered promiscuous mode
[  764.988788][T23961] bridge0: port 2(bridge_slave_1) entered blocking state
[  764.995720][T23961] bridge0: port 2(bridge_slave_1) entered disabled state
[  765.003102][T23961] device bridge_slave_1 entered promiscuous mode
[  765.060453][T23961] bridge0: port 2(bridge_slave_1) entered blocking state
[  765.067347][T23961] bridge0: port 2(bridge_slave_1) entered forwarding state
[  765.074433][T23961] bridge0: port 1(bridge_slave_0) entered blocking state
[  765.081202][T23961] bridge0: port 1(bridge_slave_0) entered forwarding state
[  765.202028][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  765.210819][   T26] bridge0: port 1(bridge_slave_0) entered disabled state
[  765.218521][   T26] bridge0: port 2(bridge_slave_1) entered disabled state
[  765.237980][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  765.246536][ T1292] bridge0: port 1(bridge_slave_0) entered blocking state
[  765.253404][ T1292] bridge0: port 1(bridge_slave_0) entered forwarding state
[  765.260746][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  765.269108][ T1292] bridge0: port 2(bridge_slave_1) entered blocking state
[  765.276041][ T1292] bridge0: port 2(bridge_slave_1) entered forwarding state
[  765.283722][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  765.310186][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  765.329267][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  765.342397][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  765.351257][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  765.358688][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  765.368497][   T45] device bridge_slave_1 left promiscuous mode
[  765.374771][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  765.382294][   T45] device bridge_slave_0 left promiscuous mode
[  765.388301][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  765.396414][   T45] device veth1_macvtap left promiscuous mode
[  765.402388][   T45] device veth0_vlan left promiscuous mode
[  765.520331][T23961] device veth0_vlan entered promiscuous mode
[  765.530998][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  765.540411][T23961] device veth1_macvtap entered promiscuous mode
[  765.551303][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  765.562471][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  765.671265][T23984] loop1: detected capacity change from 0 to 256
[  765.778491][T23990] loop2: detected capacity change from 0 to 256
[  766.084575][T24005] loop1: detected capacity change from 0 to 1024
[  766.119885][T24005] EXT4-fs (loop1): Ignoring removed orlov option
[  766.142010][T24005] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=8802c118, mo2=0002]
[  766.151790][T24005] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,nodiscard,debug,max_batch_time=0x0000000000000009,debug_want_extra_isize=0x0000000000000080,max_dir_size_kb=0x0000000000006dfe,norecovery,orlov,lazytime,,errors=continue. Quota mode: none.
[  766.182206][   T30] audit: type=1400 audit(1718567460.100:43868): avc:  denied  { create } for  pid=24001 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1
[  766.194130][T24005] EXT4-fs warning (device loop1): ext4_read_block_bitmap_nowait:485: Cannot get buffer for block bitmap - block_group = 0, block_bitmap = 1768304430
[  766.294881][T22472] EXT4-fs warning (device loop1): ext4_read_block_bitmap_nowait:485: Cannot get buffer for block bitmap - block_group = 0, block_bitmap = 1768304430
[  766.310133][T22472] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6153: Out of memory
[  766.319158][T22472] EXT4-fs warning (device loop1): ext4_read_inode_bitmap:149: Cannot read inode bitmap - block_group = 0, inode_bitmap = 3171692
[  766.332659][T22472] EXT4-fs error (device loop1) in ext4_free_inode:362: Out of memory
[  766.343243][T22472] EXT4-fs warning (device loop1): ext4_read_block_bitmap_nowait:485: Cannot get buffer for block bitmap - block_group = 0, block_bitmap = 1768304430
[  766.358875][T22472] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6153: Out of memory
[  766.367667][T22472] EXT4-fs warning (device loop1): ext4_read_inode_bitmap:149: Cannot read inode bitmap - block_group = 0, inode_bitmap = 3171692
[  766.383749][T22472] EXT4-fs error (device loop1) in ext4_free_inode:362: Out of memory
[  766.393268][T22472] EXT4-fs warning (device loop1): ext4_read_inode_bitmap:149: Cannot read inode bitmap - block_group = 0, inode_bitmap = 3171692
[  766.406617][T22472] EXT4-fs error (device loop1) in ext4_free_inode:362: Out of memory
[  766.415876][T22472] EXT4-fs warning (device loop1): ext4_read_inode_bitmap:149: Cannot read inode bitmap - block_group = 0, inode_bitmap = 3171692
[  766.429256][T22472] EXT4-fs error (device loop1) in ext4_free_inode:362: Out of memory
[  766.439469][T22472] EXT4-fs warning (device loop1): ext4_read_block_bitmap_nowait:485: Cannot get buffer for block bitmap - block_group = 0, block_bitmap = 1768304430
[  766.454557][T22472] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6153: Out of memory
[  766.463321][T22472] EXT4-fs warning (device loop1): ext4_read_inode_bitmap:149: Cannot read inode bitmap - block_group = 0, inode_bitmap = 3171692
[  766.476662][T22472] EXT4-fs error (device loop1) in ext4_free_inode:362: Out of memory
[  766.486705][T22472] EXT4-fs warning (device loop1): ext4_read_inode_bitmap:149: Cannot read inode bitmap - block_group = 0, inode_bitmap = 3171692
[  766.500062][T22472] EXT4-fs error (device loop1) in ext4_free_inode:362: Out of memory
[  766.509948][T22472] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6153: Out of memory
[  766.682315][T24012] syz-executor.1[24012] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  766.682478][T24012] syz-executor.1[24012] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  767.409472][T24029] device pim6reg1 entered promiscuous mode
[  768.415855][T24061] loop2: detected capacity change from 0 to 1024
[  768.468038][T24061] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  768.478539][T24061] ext4 filesystem being mounted at /root/syzkaller-testdir3031531686/syzkaller.VJ39m4/7/file1 supports timestamps until 2038 (0x7fffffff)
[  768.502612][T24066] loop3: detected capacity change from 0 to 2048
[  768.557855][T24066] EXT4-fs error (device loop3): ext4_orphan_get:1423: comm syz-executor.3: bad orphan inode 8192
[  768.568551][T24066] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  768.891729][T24076] overlayfs: failed to resolve './file1': -2
[  769.260986][T24085] loop1: detected capacity change from 0 to 512
[  769.313792][T24085] EXT4-fs (loop1): error: journal path ./file0 is not a block device
[  769.459570][T24090] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'.
[  769.928617][T24096] loop2: detected capacity change from 0 to 512
[  769.985208][T24096] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled
[  770.008471][T24096] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsold,norecovery,journal_ioprio=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  770.024570][T24096] ext4 filesystem being mounted at /root/syzkaller-testdir3031531686/syzkaller.VJ39m4/10/file0 supports timestamps until 2038 (0x7fffffff)
[  770.810862][ T4015] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  771.096250][ T4015] usb 3-1: Using ep0 maxpacket: 16
[  771.246290][ T4015] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  771.256253][ T4015] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 11
[  771.265029][ T4015] usb 3-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[  771.274084][ T4015] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  771.313176][T24129] loop3: detected capacity change from 0 to 512
[  771.326614][ T4015] ums-sddr09 3-1:1.0: USB Mass Storage device detected
[  771.373916][T24129] EXT4-fs (loop3): error: journal path ./file0 is not a block device
[  771.529090][T24119] UDC core: couldn't find an available UDC or it's busy: -16
[  771.536479][T24119] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  771.547330][ T4015] usb 3-1: USB disconnect, device number 54
[  771.834725][T24141] loop3: detected capacity change from 0 to 2048
[  771.912706][T24141]  loop3: unable to read partition table
[  771.918283][T24141] loop3: partition table beyond EOD, truncated
[  771.924297][T24141] loop_reread_partitions: partition scan of loop3 () failed (rc=-5)
[  772.038440][T24147] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.0'.
[  772.244764][T24152] loop2: detected capacity change from 0 to 2048
[  772.312517][T24155] overlayfs: failed to resolve './file1': -2
[  772.418237][T24152] EXT4-fs error (device loop2): ext4_orphan_get:1423: comm syz-executor.2: bad orphan inode 8192
[  772.428828][T24152] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  773.115098][T24170] fuse: Unknown parameter 'grou00000000000000000000'
[  773.464952][T24182] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.3'.
[  773.743116][   T30] audit: type=1400 audit(1718567467.660:43869): avc:  denied  { execute } for  pid=24184 comm="syz-executor.0" name="file1" dev="ramfs" ino=126131 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1
[  773.765847][   T30] audit: type=1400 audit(1718567467.660:43870): avc:  denied  { execute_no_trans } for  pid=24184 comm="syz-executor.0" path="/root/syzkaller-testdir3285488486/syzkaller.5vCIlA/91/file0/file1" dev="ramfs" ino=126131 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1
[  773.818561][T24191] loop2: detected capacity change from 0 to 1024
[  773.876788][T24191] EXT4-fs (loop2): Ignoring removed nobh option
[  773.882884][T24191] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled
[  773.894169][T24191] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,lazytime,errors=continue,noinit_itable,nobh,jqfmt=vfsold,usrquota,errors=continue,,errors=continue. Quota mode: writeback.
[  774.495925][T24208] fuse: Unknown parameter 'grou00000000000000000000'
[  774.553737][T24210] loop3: detected capacity change from 0 to 128
[  774.606024][T24210] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  774.616583][T24210] ext4 filesystem being mounted at /root/syzkaller-testdir521349125/syzkaller.brndQM/427/mnt supports timestamps until 2038 (0x7fffffff)
[  775.211292][T24230] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.2'.
[  775.220542][T24230] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.2'.
[  775.229941][T24230] netlink: 'syz-executor.2': attribute type 5 has an invalid length.
[  775.238531][T24230] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.2'.
[  775.468471][   T30] audit: type=1400 audit(1718567469.390:43871): avc:  denied  { nlmsg_write } for  pid=24239 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  776.558167][T24266] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.0'.
[  777.650782][   T30] audit: type=1326 audit(1718567471.570:43872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24291 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x0
[  777.751627][T24296] loop2: detected capacity change from 0 to 256
[  777.816664][T24296] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  778.195130][T24305] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  778.206241][T24305] FAT-fs (loop3): unable to read boot sector
[  778.497108][T24314] loop3: detected capacity change from 0 to 1024
[  778.531215][T24314] EXT4-fs (loop3): Ignoring removed oldalloc option
[  778.540316][T24314] EXT4-fs (loop3): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000080000,lazytime,resuid=0x0000000000000000,noblock_validity,bsddf,oldalloc,nodiscard,data_err=abort,,errors=continue. Quota mode: writeback.
[  778.565563][T24314] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback.
[  778.574661][T24314] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback.
[  779.000232][T24336] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'.
[  779.387376][T24340] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  779.703893][T24350] loop2: detected capacity change from 0 to 2048
[  779.747851][T24350] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  779.768066][T24354] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
[  779.812645][T24355] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 234: padding at end of block bitmap is not set
[  779.827802][T24355] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6153: Corrupt filesystem
[  779.837938][  T347] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2048 with error 28
[  779.850234][  T347] EXT4-fs (loop2): This should not happen!! Data will be lost
[  779.850234][  T347] 
[  779.859673][  T347] EXT4-fs (loop2): Total free blocks count 0
[  779.865641][  T347] EXT4-fs (loop2): Free/Dirty block details
[  779.871730][  T347] EXT4-fs (loop2): free_blocks=0
[  779.876528][  T347] EXT4-fs (loop2): dirty_blocks=3024
[  779.881610][  T347] EXT4-fs (loop2): Block reservation details
[  779.887521][  T347] EXT4-fs (loop2): i_reserved_data_blocks=189
[  779.899008][   T30] audit: type=1107 audit(1718567473.820:43873): pid=24356 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='¢'
[  779.918508][  T347] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 969 with error 28
[  779.931436][  T347] EXT4-fs (loop2): This should not happen!! Data will be lost
[  779.931436][  T347] 
[  780.586909][   T30] audit: type=1107 audit(1718567474.510:43874): pid=24383 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='¢'
[  780.799734][T24393] loop3: detected capacity change from 0 to 1024
[  780.837057][T24393] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[  780.848651][T24393] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,resgid=0x0000000000000000,norecovery,commit=0x0000000000000005,nombcache,,errors=continue. Quota mode: writeback.
[  780.951270][   T30] audit: type=1326 audit(1718567474.870:43875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24392 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff48a40aea9 code=0x0
[  781.911090][T24412] loop2: detected capacity change from 0 to 128
[  781.956529][T24412] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  781.967188][T24412] ext4 filesystem being mounted at /root/syzkaller-testdir3031531686/syzkaller.VJ39m4/58/mnt supports timestamps until 2038 (0x7fffffff)
[  782.167826][T24420] overlayfs: failed to resolve './file0': -2
[  782.241539][T24423] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  784.666596][T24478] overlayfs: failed to resolve './file0': -2
[  784.864439][T24487] SELinux: security_context_str_to_sid(root) failed for (dev ?, type ?) errno=-22
[  784.873776][T24487] SELinux: security_context_str_to_sid(root) failed for (dev tmpfs, type tmpfs) errno=-22
[  785.308222][T24496] loop2: detected capacity change from 0 to 128
[  785.362433][T24496] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  785.373317][T24496] ext4 filesystem being mounted at /root/syzkaller-testdir3031531686/syzkaller.VJ39m4/69/mnt supports timestamps until 2038 (0x7fffffff)
[  785.729200][T24511] loop2: detected capacity change from 0 to 2048
[  785.798001][T24511] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  785.879534][T24511] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 234: padding at end of block bitmap is not set
[  785.894408][T24511] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6153: Corrupt filesystem
[  785.907957][T20961] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2048 with error 28
[  785.920389][T20961] EXT4-fs (loop2): This should not happen!! Data will be lost
[  785.920389][T20961] 
[  785.929833][T20961] EXT4-fs (loop2): Total free blocks count 0
[  785.935613][T20961] EXT4-fs (loop2): Free/Dirty block details
[  785.941438][T20961] EXT4-fs (loop2): free_blocks=0
[  785.946200][T20961] EXT4-fs (loop2): dirty_blocks=2944
[  785.951549][T20961] EXT4-fs (loop2): Block reservation details
[  785.957367][T20961] EXT4-fs (loop2): i_reserved_data_blocks=184
[  785.969116][T20961] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 879 with error 28
[  785.981825][T20961] EXT4-fs (loop2): This should not happen!! Data will be lost
[  785.981825][T20961] 
[  786.495323][T24534] syz-executor.2[24534] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  786.495405][T24534] syz-executor.2[24534] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  787.511698][T24562] syz-executor.3[24562] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  787.523457][T24562] syz-executor.3[24562] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  788.841595][T24602] syz-executor.0[24602] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  788.853344][T24602] syz-executor.0[24602] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  789.215277][T24612] loop3: detected capacity change from 0 to 256
[  789.280666][   T30] audit: type=1400 audit(1718567483.200:43876): avc:  denied  { lock } for  pid=24611 comm="syz-executor.3" path="/root/syzkaller-testdir521349125/syzkaller.brndQM/478/file0/file0" dev="loop3" ino=1048988 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  789.602930][T24622] bridge0: port 1(bridge_slave_0) entered blocking state
[  789.610122][T24622] bridge0: port 1(bridge_slave_0) entered disabled state
[  789.618055][T24622] device bridge_slave_0 entered promiscuous mode
[  789.627145][T24622] bridge0: port 2(bridge_slave_1) entered blocking state
[  789.634055][T24622] bridge0: port 2(bridge_slave_1) entered disabled state
[  789.641387][T24622] device bridge_slave_1 entered promiscuous mode
[  789.694087][T24622] bridge0: port 2(bridge_slave_1) entered blocking state
[  789.700980][T24622] bridge0: port 2(bridge_slave_1) entered forwarding state
[  789.708073][T24622] bridge0: port 1(bridge_slave_0) entered blocking state
[  789.714839][T24622] bridge0: port 1(bridge_slave_0) entered forwarding state
[  789.740607][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  789.749238][    T6] bridge0: port 1(bridge_slave_0) entered disabled state
[  789.756317][T24633] syz-executor.0[24633] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  789.756396][T24633] syz-executor.0[24633] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  789.768656][    T6] bridge0: port 2(bridge_slave_1) entered disabled state
[  789.794539][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  789.803284][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[  789.810179][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[  789.825822][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  789.833917][ T6551] bridge0: port 2(bridge_slave_1) entered blocking state
[  789.840777][ T6551] bridge0: port 2(bridge_slave_1) entered forwarding state
[  789.857644][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  789.865449][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  789.882010][T24622] device veth0_vlan entered promiscuous mode
[  789.888926][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  789.897534][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  789.905353][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  789.912807][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  789.921492][T20961] device bridge_slave_1 left promiscuous mode
[  789.927618][T20961] bridge0: port 2(bridge_slave_1) entered disabled state
[  789.935124][T20961] device bridge_slave_0 left promiscuous mode
[  789.941276][T20961] bridge0: port 1(bridge_slave_0) entered disabled state
[  789.950285][T20961] device veth1_macvtap left promiscuous mode
[  789.956336][T20961] device veth0_vlan left promiscuous mode
[  790.042977][T24622] device veth1_macvtap entered promiscuous mode
[  790.053908][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  790.291095][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  790.305629][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  790.704515][T24653] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'.
[  791.081929][T24659] loop2: detected capacity change from 0 to 128
[  791.137706][T24659] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  791.148277][T24659] ext4 filesystem being mounted at /root/syzkaller-testdir3031531686/syzkaller.VJ39m4/90/mnt supports timestamps until 2038 (0x7fffffff)
[  791.290705][   T30] audit: type=1326 audit(1718567485.210:43877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24665 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000
[  791.314733][   T30] audit: type=1326 audit(1718567485.210:43878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24665 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000
[  791.348284][   T30] audit: type=1326 audit(1718567485.210:43879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24665 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000
[  791.372553][   T30] audit: type=1326 audit(1718567485.260:43880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24665 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000
[  791.511663][   T30] audit: type=1326 audit(1718567485.270:43881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24665 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000
[  791.546294][   T30] audit: type=1400 audit(1718567485.350:43882): avc:  denied  { getopt } for  pid=24664 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  791.567636][   T30] audit: type=1326 audit(1718567485.470:43883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24665 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000
[  791.610351][   T30] audit: type=1326 audit(1718567485.530:43884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24665 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000
[  791.634804][   T30] audit: type=1326 audit(1718567485.530:43885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24665 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000
[  791.652839][T24667] loop4: detected capacity change from 0 to 2048
[  791.696396][T24667] EXT4-fs (loop4): error: journal path ./file0 is not a block device
[  792.586344][   T26] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[  792.737882][T24700] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'.
[  793.006230][   T26] usb 4-1: Using ep0 maxpacket: 32
[  793.166295][   T26] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  793.177446][   T26] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  793.351085][   T26] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  793.371416][   T26] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  793.379651][   T26] usb 4-1: Product: syz
[  793.383688][   T26] usb 4-1: Manufacturer: syz
[  793.426560][   T26] hub 4-1:4.0: USB hub found
[  793.716282][   T26] hub 4-1:4.0: config failed, hub doesn't have any ports! (err -19)
[  794.036340][ T6551] usb 4-1: USB disconnect, device number 65
[  794.332043][T24734] loop4: detected capacity change from 0 to 512
[  794.355629][T24735] loop2: detected capacity change from 0 to 128
[  794.386978][T24734] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.4: corrupted in-inode xattr
[  794.399965][T24734] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz-executor.4: couldn't read orphan inode 15 (err -117)
[  794.401022][T24735] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  794.416684][T24734] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  794.427328][T24735] ext4 filesystem being mounted at /root/syzkaller-testdir3031531686/syzkaller.VJ39m4/97/mnt supports timestamps until 2038 (0x7fffffff)
[  795.069760][T24770] loop4: detected capacity change from 0 to 512
[  795.131703][T24770] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.4: corrupted in-inode xattr
[  795.144521][T24770] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz-executor.4: couldn't read orphan inode 15 (err -117)
[  795.157484][T24770] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  795.189342][T24765] kvm [24764]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x187 data 0x5ce00000000
[  795.371600][T20961] tipc: Disabling bearer <udp:syz2>
[  795.377169][T20961] tipc: Left network mode
[  795.627138][T24789] bridge0: port 1(bridge_slave_0) entered blocking state
[  795.634312][T24789] bridge0: port 1(bridge_slave_0) entered disabled state
[  795.642036][T24789] device bridge_slave_0 entered promiscuous mode
[  795.651788][T24789] bridge0: port 2(bridge_slave_1) entered blocking state
[  795.658886][T24789] bridge0: port 2(bridge_slave_1) entered disabled state
[  795.676610][T24789] device bridge_slave_1 entered promiscuous mode
[  795.778569][T24789] bridge0: port 2(bridge_slave_1) entered blocking state
[  795.785459][T24789] bridge0: port 2(bridge_slave_1) entered forwarding state
[  795.792608][T24789] bridge0: port 1(bridge_slave_0) entered blocking state
[  795.799464][T24789] bridge0: port 1(bridge_slave_0) entered forwarding state
[  795.840983][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  795.849635][   T26] bridge0: port 1(bridge_slave_0) entered disabled state
[  795.857304][   T26] bridge0: port 2(bridge_slave_1) entered disabled state
[  795.880046][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  795.896835][  T328] bridge0: port 1(bridge_slave_0) entered blocking state
[  795.903701][  T328] bridge0: port 1(bridge_slave_0) entered forwarding state
[  795.912309][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  795.920462][  T328] bridge0: port 2(bridge_slave_1) entered blocking state
[  795.927324][  T328] bridge0: port 2(bridge_slave_1) entered forwarding state
[  795.935610][T20961] device bridge_slave_1 left promiscuous mode
[  795.942468][T20961] bridge0: port 2(bridge_slave_1) entered disabled state
[  795.950062][T20961] device bridge_slave_0 left promiscuous mode
[  795.956588][T20961] bridge0: port 1(bridge_slave_0) entered disabled state
[  795.965013][T20961] device veth1_macvtap left promiscuous mode
[  795.970904][T20961] device veth0_vlan left promiscuous mode
[  795.991975][   T30] kauditd_printk_skb: 18 callbacks suppressed
[  795.991991][   T30] audit: type=1400 audit(1718567489.910:43904): avc:  denied  { ioctl } for  pid=24804 comm="syz-executor.4" path="socket:[129487]" dev="sockfs" ino=129487 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  796.120189][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  796.134135][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  796.151414][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  796.163872][T24789] device veth0_vlan entered promiscuous mode
[  796.176554][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  796.184391][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  796.191984][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  796.204491][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  796.214124][T24789] device veth1_macvtap entered promiscuous mode
[  796.224389][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  796.232996][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  796.308761][T24812] loop3: detected capacity change from 0 to 8192
[  796.338474][T24812]  loop3: p1 p4
[  796.341834][T24812] loop3: p1 size 8388608 extends beyond EOD, truncated
[  796.349679][T24812] loop3: p4 start 4278190080 is beyond EOD, truncated
[  796.671594][T24831] loop1: detected capacity change from 0 to 512
[  796.731475][T24831] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.1: corrupted in-inode xattr
[  796.744122][T24831] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz-executor.1: couldn't read orphan inode 15 (err -117)
[  796.756502][T24831] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  797.009090][T24846] loop4: detected capacity change from 0 to 8192
[  797.046840][T24846]  loop4: p1 p4
[  797.050219][T24846] loop4: p1 size 8388608 extends beyond EOD, truncated
[  797.057453][T24846] loop4: p4 start 4278190080 is beyond EOD, truncated
[  797.261303][T24853] loop1: detected capacity change from 0 to 40427
[  797.301140][T24853] F2FS-fs (loop1): Found nat_bits in checkpoint
[  797.327066][T24853] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  797.380704][T24789] attempt to access beyond end of device
[  797.380704][T24789] loop1: rw=2049, want=45104, limit=40427
[  797.549745][T24867] kvm [24866]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x187 data 0x5ce00000000
[  797.681633][T24878] loop4: detected capacity change from 0 to 1024
[  797.967663][T24878] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled
[  797.979619][T24878] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsddf,debug_want_extra_isize=0x0000000000000084,resuid=0x0000000000000000,grpid,lazytime,jqfmt=vfsold,usrquota,data_err=abort,,errors=continue. Quota mode: writeback.
[  798.228717][T24885] loop1: detected capacity change from 0 to 8192
[  798.255633][   T30] audit: type=1326 audit(1718567492.170:43905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24884 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000
[  798.290754][T24885]  loop1: p1 p4
[  798.296672][T24885] loop1: p1 size 8388608 extends beyond EOD, truncated
[  798.312233][T24885] loop1: p4 start 4278190080 is beyond EOD, truncated
[  798.316239][   T30] audit: type=1326 audit(1718567492.200:43906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24884 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000
[  798.343169][   T30] audit: type=1326 audit(1718567492.200:43907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24884 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000
[  798.367584][   T30] audit: type=1326 audit(1718567492.200:43908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24884 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000
[  798.392222][   T30] audit: type=1326 audit(1718567492.200:43909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24884 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000
[  798.416307][   T30] audit: type=1326 audit(1718567492.200:43910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24884 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000
[  798.440978][   T30] audit: type=1326 audit(1718567492.200:43911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24884 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000
[  798.474868][   T30] audit: type=1326 audit(1718567492.200:43912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24884 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000
[  798.499592][   T30] audit: type=1326 audit(1718567492.200:43913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24884 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000
[  799.176020][T24909] syz-executor.1[24909] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  799.176077][T24909] syz-executor.1[24909] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  799.189484][T24909] syz-executor.1[24909] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  799.201549][T24909] syz-executor.1[24909] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  799.394631][T24918] loop3: detected capacity change from 0 to 8192
[  799.446662][T24918]  loop3: p1 p4
[  799.450005][T24918] loop3: p1 size 8388608 extends beyond EOD, truncated
[  799.457171][T24918] loop3: p4 start 4278190080 is beyond EOD, truncated
[  800.753231][T24951] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  801.185968][T24953] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  801.255854][   T30] kauditd_printk_skb: 5237 callbacks suppressed
[  801.255871][   T30] audit: type=1326 audit(1718567495.170:49151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24955 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000
[  801.286431][   T30] audit: type=1326 audit(1718567495.170:49152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24955 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000
[  801.310514][   T30] audit: type=1326 audit(1718567495.180:49153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24955 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000
[  801.334391][   T30] audit: type=1326 audit(1718567495.180:49154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24955 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000
[  801.360225][   T30] audit: type=1326 audit(1718567495.180:49155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24955 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000
[  801.384251][   T30] audit: type=1326 audit(1718567495.180:49156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24955 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=225 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000
[  801.408746][   T30] audit: type=1326 audit(1718567495.180:49157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24955 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000
[  801.432879][   T30] audit: type=1326 audit(1718567495.180:49158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24955 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000
[  801.551892][T24959] loop4: detected capacity change from 0 to 8192
[  801.596622][T24959]  loop4: p1 p4
[  801.600067][T24959] loop4: p1 size 8388608 extends beyond EOD, truncated
[  801.607358][T24959] loop4: p4 start 4278190080 is beyond EOD, truncated
[  802.108633][T24978] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[  803.161073][T24988] kvm [24986]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x187 data 0x5ce00000000
[  803.905816][T25009] loop1: detected capacity change from 0 to 40427
[  803.959523][T25009] F2FS-fs (loop1): Found nat_bits in checkpoint
[  803.984832][T25009] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  804.051464][T24789] attempt to access beyond end of device
[  804.051464][T24789] loop1: rw=2049, want=45104, limit=40427
[  804.457452][T25024] loop4: detected capacity change from 0 to 256
[  804.489097][T25024] exFAT-fs (loop4): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d)
[  805.965899][T25052] loop1: detected capacity change from 0 to 256
[  805.996272][T25052] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d)
[  806.220942][T25064] loop1: detected capacity change from 0 to 256
[  806.259533][T25064] exFAT-fs (loop1): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d)
[  806.640552][T25067] loop3: detected capacity change from 0 to 40427
[  806.678118][T25067] F2FS-fs (loop3): invalid crc value
[  806.687136][T25067] F2FS-fs (loop3): Found nat_bits in checkpoint
[  806.706596][T25079] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=25079 comm=syz-executor.0
[  806.719853][T25067] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  806.779865][T25067] attempt to access beyond end of device
[  806.779865][T25067] loop3: rw=1, want=53448, limit=40427
[  806.810743][T25082] loop1: detected capacity change from 0 to 512
[  807.089013][T25086] kvm [25085]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x187 data 0x5ce00000000
[  807.202210][T25092] input: syz0 as /devices/virtual/input/input75
[  807.317906][T19473] attempt to access beyond end of device
[  807.317906][T19473] loop3: rw=2049, want=45104, limit=40427
[  807.770040][T25103] loop3: detected capacity change from 0 to 40427
[  807.816344][T25103] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  807.823920][T25103] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  807.840864][T25103] F2FS-fs (loop3): invalid crc value
[  807.850794][T25103] F2FS-fs (loop3): Found nat_bits in checkpoint
[  807.874148][T25103] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  807.881083][T25103] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  808.221500][   T30] audit: type=1326 audit(1718567502.140:49159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25112 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x0
[  808.362231][    T6] kernel write not supported for file /vcs (pid: 6 comm: kworker/0:0)
[  808.372770][T25125] IPv4: Oversized IP packet from 127.202.26.0
[  808.379490][ T1292] kernel write not supported for file /vcs (pid: 1292 comm: kworker/1:6)
[  808.581628][T25129] loop1: detected capacity change from 0 to 256
[  808.645622][T25129] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d)
[  808.805759][T25138] loop1: detected capacity change from 0 to 256
[  808.876989][T25138] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  809.123908][T25142] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=25142 comm=syz-executor.1
[  809.393151][T25147] input: syz0 as /devices/virtual/input/input76
[  809.522457][T25149] fscrypt: AES-128-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  809.534269][T25149] fscrypt: AES-128-CBC-ESSIV using implementation "essiv(cbc-aes-aesni,sha256-avx2)"
[  809.697576][T25158] IPv4: Oversized IP packet from 127.202.26.0
[  810.514914][T25175] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=25175 comm=syz-executor.1
[  810.580263][T25172] loop4: detected capacity change from 0 to 40427
[  810.625905][T25172] F2FS-fs (loop4): invalid crc value
[  810.646950][T25172] F2FS-fs (loop4): Found nat_bits in checkpoint
[  810.736291][T25172] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  810.840819][T25187] attempt to access beyond end of device
[  810.840819][T25187] loop4: rw=1, want=53360, limit=40427
[  811.105111][T25196] tipc: Enabling of bearer <eth:geneve1> rejected, failed to enable media
[  811.222586][T25198] SELinux: security_context_str_to_sid(root) failed for (dev ?, type ?) errno=-22
[  811.259125][T25198] SELinux: security_context_str_to_sid(root) failed for (dev incremental-fs, type incremental-fs) errno=-22
[  811.330098][T24622] attempt to access beyond end of device
[  811.330098][T24622] loop4: rw=2049, want=45104, limit=40427
[  811.550097][  T328] kernel write not supported for file /vcs (pid: 328 comm: kworker/1:3)
[  811.559339][  T328] kernel write not supported for file /vcs (pid: 328 comm: kworker/1:3)
[  812.635945][T25225] loop3: detected capacity change from 0 to 512
[  812.678917][T25225] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  812.690718][T25225] EXT4-fs (loop3): 1 truncate cleaned up
[  812.696284][T25225] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  812.710447][T25225] EXT4-fs error (device loop3): empty_inline_dir:1824: inode #12: comm syz-executor.3: error -117 getting inode 12 block
[  812.768929][T25231] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[  812.789362][T25231] bridge0: port 2(bridge_slave_1) entered disabled state
[  812.796690][T25231] bridge0: port 1(bridge_slave_0) entered disabled state
[  812.816800][T19473] EXT4-fs error (device loop3): ext4_map_blocks:602: inode #2: block 13: comm syz-executor.3: lblock 0 mapped to illegal pblock 13 (length 1)
[  812.834171][T19473] EXT4-fs warning (device loop3): htree_dirblock_to_tree:1082: inode #2: lblock 0: comm syz-executor.3: error -117 reading directory block
[  812.856262][T19473] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5820: Corrupt filesystem
[  812.867707][T19473] EXT4-fs error (device loop3): ext4_dirty_inode:6024: inode #2: comm syz-executor.3: mark_inode_dirty error
[  813.010166][T25239] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[  813.022099][T25236] loop1: detected capacity change from 0 to 40427
[  813.072529][T25241] tipc: Enabling of bearer <eth:geneve1> rejected, failed to enable media
[  813.087731][T25236] F2FS-fs (loop1): invalid crc value
[  813.096581][T25236] F2FS-fs (loop1): Found nat_bits in checkpoint
[  813.147413][T25236] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  813.233583][T25236] attempt to access beyond end of device
[  813.233583][T25236] loop1: rw=1, want=53424, limit=40427
[  813.277135][T25250] bridge0: port 1(bridge_slave_0) entered blocking state
[  813.284346][T25250] bridge0: port 1(bridge_slave_0) entered disabled state
[  813.292132][T25250] device bridge_slave_0 entered promiscuous mode
[  813.299357][T25250] bridge0: port 2(bridge_slave_1) entered blocking state
[  813.306775][T25250] bridge0: port 2(bridge_slave_1) entered disabled state
[  813.314039][T25250] device bridge_slave_1 entered promiscuous mode
[  813.390172][T25250] bridge0: port 2(bridge_slave_1) entered blocking state
[  813.397071][T25250] bridge0: port 2(bridge_slave_1) entered forwarding state
[  813.404182][T25250] bridge0: port 1(bridge_slave_0) entered blocking state
[  813.411039][T25250] bridge0: port 1(bridge_slave_0) entered forwarding state
[  813.448938][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  813.457399][    T6] bridge0: port 1(bridge_slave_0) entered disabled state
[  813.464870][    T6] bridge0: port 2(bridge_slave_1) entered disabled state
[  813.479064][T25257] syz-executor.0[25257] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  813.479146][T25257] syz-executor.0[25257] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  813.497533][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  813.526629][    T6] bridge0: port 1(bridge_slave_0) entered blocking state
[  813.533608][    T6] bridge0: port 1(bridge_slave_0) entered forwarding state
[  813.545348][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  813.553590][    T6] bridge0: port 2(bridge_slave_1) entered blocking state
[  813.560587][    T6] bridge0: port 2(bridge_slave_1) entered forwarding state
[  813.576653][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  813.584701][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  813.603502][T25250] device veth0_vlan entered promiscuous mode
[  813.611283][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  813.620224][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  813.628935][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  813.637276][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  813.652026][T25250] device veth1_macvtap entered promiscuous mode
[  813.661094][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  813.674901][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  813.685427][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  813.712396][T24789] attempt to access beyond end of device
[  813.712396][T24789] loop1: rw=2049, want=45104, limit=40427
[  814.492360][T25277] bridge0: port 1(bridge_slave_0) entered blocking state
[  814.499482][T25277] bridge0: port 1(bridge_slave_0) entered disabled state
[  814.507767][T25277] device bridge_slave_0 entered promiscuous mode
[  814.514687][T25277] bridge0: port 2(bridge_slave_1) entered blocking state
[  814.521812][T25277] bridge0: port 2(bridge_slave_1) entered disabled state
[  814.528981][T25277] device bridge_slave_1 entered promiscuous mode
[  814.583936][T25277] bridge0: port 2(bridge_slave_1) entered blocking state
[  814.590958][T25277] bridge0: port 2(bridge_slave_1) entered forwarding state
[  814.598079][T25277] bridge0: port 1(bridge_slave_0) entered blocking state
[  814.604922][T25277] bridge0: port 1(bridge_slave_0) entered forwarding state
[  814.634227][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  814.642640][    T6] bridge0: port 1(bridge_slave_0) entered disabled state
[  814.650303][    T6] bridge0: port 2(bridge_slave_1) entered disabled state
[  814.662857][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  814.671336][ T1292] bridge0: port 1(bridge_slave_0) entered blocking state
[  814.678191][ T1292] bridge0: port 1(bridge_slave_0) entered forwarding state
[  814.685533][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  814.693799][ T1292] bridge0: port 2(bridge_slave_1) entered blocking state
[  814.700741][ T1292] bridge0: port 2(bridge_slave_1) entered forwarding state
[  814.721863][T25277] device veth0_vlan entered promiscuous mode
[  814.729875][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  814.738143][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  814.746109][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  814.753600][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  814.761530][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  814.769543][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  814.782663][T25277] device veth1_macvtap entered promiscuous mode
[  814.790121][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  814.803334][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  814.814342][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  815.601454][T25304] loop1: detected capacity change from 0 to 40427
[  815.645894][T25304] F2FS-fs (loop1): invalid crc value
[  815.656280][T25304] F2FS-fs (loop1): Found nat_bits in checkpoint
[  815.702595][T25304] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  815.768842][T25304] attempt to access beyond end of device
[  815.768842][T25304] loop1: rw=1, want=53560, limit=40427
[  815.818420][T25310] loop3: detected capacity change from 0 to 256
[  815.875237][T25310] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  816.178966][T24789] attempt to access beyond end of device
[  816.178966][T24789] loop1: rw=2049, want=45104, limit=40427
[  816.290046][T25321] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  816.440886][T25319] loop3: detected capacity change from 0 to 40427
[  816.489476][T25319] F2FS-fs (loop3): invalid crc value
[  816.495390][T25319] F2FS-fs (loop3): invalid crc value
[  816.500589][T25319] F2FS-fs (loop3): Failed to get valid F2FS checkpoint
[  816.995005][T25351] loop4: detected capacity change from 0 to 512
[  817.046061][T25351] EXT4-fs (loop4): Unrecognized mount option "sync" or missing value
[  817.373222][T25356] overlayfs: './file0' not a directory
[  817.558843][T25368] loop1: detected capacity change from 0 to 40427
[  817.610565][T25368] F2FS-fs (loop1): invalid crc value
[  817.615881][T25368] F2FS-fs (loop1): invalid crc value
[  817.621436][T25368] F2FS-fs (loop1): Failed to get valid F2FS checkpoint
[  817.766366][T25379] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
[  817.775972][T25379] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
[  818.096087][T25389] loop1: detected capacity change from 0 to 512
[  818.315655][T25389] EXT4-fs (loop1): Unrecognized mount option "sync" or missing value
[  819.347892][T25417] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
[  819.357417][T25417] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
[  819.507896][   T30] audit: type=1400 audit(1718567513.430:49160): avc:  denied  { watch watch_reads } for  pid=25422 comm="syz-executor.3" path="/root/syzkaller-testdir334232170/syzkaller.Ebv3jE/14/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1
[  819.621854][T25427] syz-executor.0[25427] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  819.621939][T25427] syz-executor.0[25427] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  819.755632][T25426] overlayfs: overlapping lowerdir path
[  819.934536][T25436] loop1: detected capacity change from 0 to 512
[  820.008875][T25436] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock
[  820.018537][T25436] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock
[  820.028152][T25436] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 1 overlaps superblock
[  820.038328][T25436] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  820.046220][T25436] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e118, mo2=0000]
[  820.054911][T25436] EXT4-fs (loop1): orphan cleanup on readonly fs
[  820.062022][T25436] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 34: padding at end of block bitmap is not set
[  820.076793][T25436] Quota error (device loop1): write_blk: dquota write failed
[  820.080687][T25439] FAT-fs (loop7): invalid media value (0x1c)
[  820.085171][T25436] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  820.091289][T25439] FAT-fs (loop7): Can't find a valid FAT filesystem
[  820.107539][T25436] EXT4-fs (loop1): 1 truncate cleaned up
[  820.116493][T25436] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,discard,nogrpid,noblock_validity,,errors=continue. Quota mode: writeback.
[  821.117310][T25466] overlayfs: failed to resolve './file0': -2
[  821.246087][T25471] loop3: detected capacity change from 0 to 2048
[  821.294902][T25471] EXT4-fs (loop3): Ignoring removed mblk_io_submit option
[  821.310904][T25471] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,max_batch_time=0x0000000000000005,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none.
[  821.338032][T25471] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor.3: bg 0: block 234: padding at end of block bitmap is not set
[  821.352701][T25471] EXT4-fs (loop3): Remounting filesystem read-only
[  821.444496][T25478] bridge0: port 1(bridge_slave_0) entered blocking state
[  821.451495][T25478] bridge0: port 1(bridge_slave_0) entered disabled state
[  821.459112][T25478] device bridge_slave_0 entered promiscuous mode
[  821.469287][T25478] bridge0: port 2(bridge_slave_1) entered blocking state
[  821.476382][T25478] bridge0: port 2(bridge_slave_1) entered disabled state
[  821.483758][T25478] device bridge_slave_1 entered promiscuous mode
[  821.553750][T25478] bridge0: port 2(bridge_slave_1) entered blocking state
[  821.557131][    C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies.  Check SNMP counters.
[  821.560788][T25478] bridge0: port 2(bridge_slave_1) entered forwarding state
[  821.578195][T25478] bridge0: port 1(bridge_slave_0) entered blocking state
[  821.584959][T25478] bridge0: port 1(bridge_slave_0) entered forwarding state
[  821.609528][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  821.618087][  T328] bridge0: port 1(bridge_slave_0) entered disabled state
[  821.625282][  T328] bridge0: port 2(bridge_slave_1) entered disabled state
[  821.644390][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  821.652832][  T328] bridge0: port 1(bridge_slave_0) entered blocking state
[  821.659694][  T328] bridge0: port 1(bridge_slave_0) entered forwarding state
[  821.667097][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  821.675108][  T328] bridge0: port 2(bridge_slave_1) entered blocking state
[  821.681958][  T328] bridge0: port 2(bridge_slave_1) entered forwarding state
[  821.689747][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  821.697753][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  821.707107][   T45] device bridge_slave_1 left promiscuous mode
[  821.713485][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  821.720981][   T45] device bridge_slave_0 left promiscuous mode
[  821.727041][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  821.734905][   T45] device veth1_macvtap left promiscuous mode
[  821.741115][   T45] device veth0_vlan left promiscuous mode
[  821.833493][T25491] syz-executor.1[25491] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  821.833575][T25491] syz-executor.1[25491] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  821.847079][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  821.867529][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  821.875311][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  821.876235][T18762] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[  821.882741][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  821.898808][T25478] device veth0_vlan entered promiscuous mode
[  821.913498][  T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  821.922832][T25478] device veth1_macvtap entered promiscuous mode
[  821.933200][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  821.945293][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  822.001659][T25494] blk_update_request: I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  822.012725][T25494] FAT-fs (loop9): unable to read boot sector
[  822.018754][T25495] loop2: detected capacity change from 0 to 512
[  822.075885][T25495] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock
[  822.085529][T25495] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock
[  822.095016][T25495] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 1 overlaps superblock
[  822.105138][T25495] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  822.113082][T25495] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e118, mo2=0000]
[  822.121270][T25495] EXT4-fs (loop2): orphan cleanup on readonly fs
[  822.128580][T25495] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 34: padding at end of block bitmap is not set
[  822.143170][T25495] Quota error (device loop2): write_blk: dquota write failed
[  822.150840][T25495] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  822.161265][T25495] EXT4-fs (loop2): 1 truncate cleaned up
[  822.167568][T25495] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,discard,nogrpid,noblock_validity,,errors=continue. Quota mode: writeback.
[  822.276303][T18762] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  822.287321][T18762] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  822.300608][T18762] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  822.309914][T18762] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  822.318456][T18762] usb 4-1: config 0 descriptor??
[  822.857638][T18762] plantronics 0003:047F:FFFF.007C: No inputs registered, leaving
[  822.866218][T18762] plantronics 0003:047F:FFFF.007C: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  822.988305][    C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies.  Check SNMP counters.
[  823.214984][T25521] loop3: detected capacity change from 0 to 8192
[  823.308960][T18762] usb 4-1: USB disconnect, device number 66
[  823.390235][T25529] loop4: detected capacity change from 0 to 256
[  824.474513][T25558] loop3: detected capacity change from 0 to 40427
[  824.478817][T25556] loop1: detected capacity change from 0 to 40427
[  824.538334][T25558] F2FS-fs (loop3): Found nat_bits in checkpoint
[  824.548100][T25556] F2FS-fs (loop1): invalid crc value
[  824.577219][T25556] F2FS-fs (loop1): Found nat_bits in checkpoint
[  824.593587][T25558] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  824.640061][T25556] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  824.699073][T25250] attempt to access beyond end of device
[  824.699073][T25250] loop3: rw=2049, want=45104, limit=40427
[  824.702043][T25556] attempt to access beyond end of device
[  824.702043][T25556] loop1: rw=1, want=53448, limit=40427
[  825.136301][T24789] attempt to access beyond end of device
[  825.136301][T24789] loop1: rw=2049, want=45104, limit=40427
[  825.596431][T25599] loop1: detected capacity change from 0 to 2048
[  825.658351][T25599] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  825.695016][   T30] audit: type=1326 audit(1718567519.610:49161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25600 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe90f09dea9 code=0x0
[  825.725055][T25598] loop4: detected capacity change from 0 to 40427
[  825.788751][T25598] F2FS-fs (loop4): invalid crc value
[  825.798499][T25598] F2FS-fs (loop4): Found nat_bits in checkpoint
[  825.818355][    C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies.  Check SNMP counters.
[  825.829881][T25598] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  825.842387][   T30] audit: type=1400 audit(1718567519.760:49162): avc:  denied  { watch } for  pid=25597 comm="syz-executor.4" path="/root/syzkaller-testdir1792312327/syzkaller.LTarbX/106/file0" dev="loop4" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  825.870878][T25598] input: syz1 as /devices/virtual/input/input77
[  825.910759][T25612] SELinux: security_context_str_to_sid(user_u) failed for (dev ?, type ?) errno=-22
[  825.920440][T25612] SELinux: security_context_str_to_sid(user_u) failed for (dev bpf, type bpf) errno=-22
[  825.957291][T24622] attempt to access beyond end of device
[  825.957291][T24622] loop4: rw=2049, want=45112, limit=40427
[  826.629412][T25625] loop1: detected capacity change from 0 to 131072
[  826.666695][T25625] F2FS-fs (loop1): Test dummy encryption mode enabled
[  826.676953][T25625] F2FS-fs (loop1): Found nat_bits in checkpoint
[  826.711064][T25625] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  826.839663][T25644] bridge0: port 1(bridge_slave_0) entered blocking state
[  826.847045][T25644] bridge0: port 1(bridge_slave_0) entered disabled state
[  826.854721][T25644] device bridge_slave_0 entered promiscuous mode
[  826.865344][T25644] bridge0: port 2(bridge_slave_1) entered blocking state
[  826.873153][T25644] bridge0: port 2(bridge_slave_1) entered disabled state
[  826.880693][T25644] device bridge_slave_1 entered promiscuous mode
[  826.944941][T25644] bridge0: port 2(bridge_slave_1) entered blocking state
[  826.951810][T25644] bridge0: port 2(bridge_slave_1) entered forwarding state
[  826.956210][  T339] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[  826.958975][T25644] bridge0: port 1(bridge_slave_0) entered blocking state
[  826.973046][T25644] bridge0: port 1(bridge_slave_0) entered forwarding state
[  827.000040][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  827.007727][ T1292] bridge0: port 1(bridge_slave_0) entered disabled state
[  827.015374][ T1292] bridge0: port 2(bridge_slave_1) entered disabled state
[  827.025566][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  827.034376][ T4015] bridge0: port 1(bridge_slave_0) entered blocking state
[  827.041252][ T4015] bridge0: port 1(bridge_slave_0) entered forwarding state
[  827.060657][T25651] loop1: detected capacity change from 0 to 512
[  827.067811][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  827.075828][ T1292] bridge0: port 2(bridge_slave_1) entered blocking state
[  827.082669][ T1292] bridge0: port 2(bridge_slave_1) entered forwarding state
[  827.089904][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  827.106859][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  827.115529][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  827.121062][T25651] EXT4-fs (loop1): Ignoring removed bh option
[  827.127531][    T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  827.129890][T25651] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  827.137932][T25644] device veth0_vlan entered promiscuous mode
[  827.152982][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  827.160859][T25651] EXT4-fs error (device loop1): ext4_orphan_get:1423: comm syz-executor.1: bad orphan inode 17
[  827.171276][T25651] EXT4-fs (loop1): Remounting filesystem read-only
[  827.171350][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  827.177906][T25651] ext4_test_bit(bit=16, block=4) = 1
[  827.190031][T25651] is_bad_inode(inode)=0
[  827.193981][T25651] NEXT_ORPHAN(inode)=1048336
[  827.198586][T25651] max_ino=32
[  827.201642][T25651] i_nlink=0
[  827.204605][T25651] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,bh,inode_readahead_blks=0x0000000000010000,block_validity,block_validity,. Quota mode: none.
[  827.230276][T25644] device veth1_macvtap entered promiscuous mode
[  827.233366][T25651] EXT4-fs error (device loop1): ext4_remount:5845: comm syz-executor.1: Abort forced by user
[  827.237817][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  827.247042][T25651] EXT4-fs (loop1): Remounting filesystem read-only
[  827.262183][   T45] device bridge_slave_1 left promiscuous mode
[  827.269052][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  827.277089][   T45] device bridge_slave_0 left promiscuous mode
[  827.283137][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  827.290987][   T45] device veth1_macvtap left promiscuous mode
[  827.297077][   T45] device veth0_vlan left promiscuous mode
[  827.326293][  T339] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  827.337494][  T339] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  827.347213][  T339] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  827.356117][  T339] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  827.365169][  T339] usb 5-1: config 0 descriptor??
[  827.429921][T18762] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  827.438662][T18762] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  827.527958][T25658] SELinux: security_context_str_to_sid(user_u) failed for (dev ?, type ?) errno=-22
[  827.537692][T25658] SELinux: security_context_str_to_sid(user_u) failed for (dev bpf, type bpf) errno=-22
[  827.646573][   T30] audit: type=1400 audit(1718567521.570:49163): avc:  denied  { ioctl } for  pid=25660 comm="syz-executor.1" path="socket:[133579]" dev="sockfs" ino=133579 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  827.859514][   T30] audit: type=1326 audit(1718567521.780:49164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25668 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8d492b3ea9 code=0x0
[  827.965861][T25671] loop3: detected capacity change from 0 to 40427
[  828.006018][T25671] F2FS-fs (loop3): invalid crc value
[  828.012698][T25671] F2FS-fs (loop3): Found nat_bits in checkpoint
[  828.046840][T25671] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  828.070093][T25671] input: syz1 as /devices/virtual/input/input78
[  828.116047][T25677] bridge0: port 1(bridge_slave_0) entered blocking state
[  828.123050][T25677] bridge0: port 1(bridge_slave_0) entered disabled state
[  828.130552][T25250] attempt to access beyond end of device
[  828.130552][T25250] loop3: rw=2049, want=45112, limit=40427
[  828.133494][T25677] device bridge_slave_0 entered promiscuous mode
[  828.152034][T25677] bridge0: port 2(bridge_slave_1) entered blocking state
[  828.159004][T25677] bridge0: port 2(bridge_slave_1) entered disabled state
[  828.166434][T25677] device bridge_slave_1 entered promiscuous mode
[  828.218120][T25677] bridge0: port 2(bridge_slave_1) entered blocking state
[  828.225014][T25677] bridge0: port 2(bridge_slave_1) entered forwarding state
[  828.232137][T25677] bridge0: port 1(bridge_slave_0) entered blocking state
[  828.238996][T25677] bridge0: port 1(bridge_slave_0) entered forwarding state
[  828.269064][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  828.276950][ T6551] bridge0: port 1(bridge_slave_0) entered disabled state
[  828.284147][ T6551] bridge0: port 2(bridge_slave_1) entered disabled state
[  828.299595][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  828.307691][ T6551] bridge0: port 1(bridge_slave_0) entered blocking state
[  828.314520][ T6551] bridge0: port 1(bridge_slave_0) entered forwarding state
[  828.321861][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  828.330018][ T6551] bridge0: port 2(bridge_slave_1) entered blocking state
[  828.336886][ T6551] bridge0: port 2(bridge_slave_1) entered forwarding state
[  828.357577][T17301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  828.365652][T17301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  828.380202][T25677] device veth0_vlan entered promiscuous mode
[  828.387795][   T45] device bridge_slave_1 left promiscuous mode
[  828.393747][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  828.401252][   T45] device bridge_slave_0 left promiscuous mode
[  828.408403][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  828.416619][   T45] device veth1_macvtap left promiscuous mode
[  828.422575][   T45] device veth0_vlan left promiscuous mode
[  828.487976][  T339] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.007D/input/input79
[  828.500647][  T339] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.007D/input/input80
[  828.512949][  T339] uclogic 0003:256C:006D.007D: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.4-1/input0
[  828.528651][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  828.537072][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  828.545017][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  828.552382][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  828.564901][T18762] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  828.573066][T18762] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  828.584759][T25677] device veth1_macvtap entered promiscuous mode
[  828.598362][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  828.605893][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  828.614098][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  828.625910][T18762] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  828.634124][T18762] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  828.693396][ T6551] usb 5-1: USB disconnect, device number 61
[  828.884341][T25697] syz-executor.3[25697] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  828.884401][T25697] syz-executor.3[25697] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  829.305480][T25718] loop3: detected capacity change from 0 to 2048
[  829.325889][   T30] audit: type=1326 audit(1718567523.240:49165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25715 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x0
[  829.407672][T25718] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  829.548342][    C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies.  Check SNMP counters.
[  829.758629][T25730] loop3: detected capacity change from 0 to 40427
[  829.806232][T25730] F2FS-fs (loop3): invalid crc value
[  829.813572][T25730] F2FS-fs (loop3): Found nat_bits in checkpoint
[  829.847506][T25730] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  829.934655][T25730] attempt to access beyond end of device
[  829.934655][T25730] loop3: rw=1, want=53536, limit=40427
[  830.457065][T25250] attempt to access beyond end of device
[  830.457065][T25250] loop3: rw=2049, want=45104, limit=40427
[  830.493576][   T30] audit: type=1107 audit(1718567524.410:49166): pid=25749 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[  831.030425][T25758] loop3: detected capacity change from 0 to 40427
[  831.077856][T25758] F2FS-fs (loop3): Found nat_bits in checkpoint
[  831.111167][T25758] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  831.312097][T25777] loop3: detected capacity change from 0 to 16
[  831.363589][T25777] erofs: (device loop3): mounted with root inode @ nid 36.
[  831.372907][T25777] erofs: (device loop3): z_erofs_map_blocks_iter: invalid logical cluster 0 at nid 36
[  831.382407][T25777] attempt to access beyond end of device
[  831.382407][T25777] loop3: rw=0, want=304, limit=16
[  831.392849][T25777] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117]
[  831.594884][   T30] audit: type=1326 audit(1718567525.510:49167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25781 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x0
[  832.248159][T25795] loop3: detected capacity change from 0 to 131072
[  832.292108][T25795] F2FS-fs (loop3): Test dummy encryption mode enabled
[  832.301848][T25795] F2FS-fs (loop3): Found nat_bits in checkpoint
[  832.328026][T25795] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  832.968737][T25824] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.4'.
[  833.041360][T25826] loop1: detected capacity change from 0 to 512
[  833.093906][T25826] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  833.116253][T25826] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #17: comm syz-executor.1: iget: bad i_size value: -6917529027641081756
[  833.146492][T25826] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz-executor.1: couldn't read orphan inode 17 (err -117)
[  833.159087][T25826] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  834.136063][T25864] loop4: detected capacity change from 0 to 512
[  834.180694][T25864] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  834.198754][T25864] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #17: comm syz-executor.4: iget: bad i_size value: -6917529027641081756
[  834.212577][T25864] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz-executor.4: couldn't read orphan inode 17 (err -117)
[  834.225651][T25864] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  834.306400][T25873] loop1: detected capacity change from 0 to 1024
[  834.346637][   T30] audit: type=1400 audit(1718567528.270:49168): avc:  denied  { mounton } for  pid=25872 comm="syz-executor.1" path="/root/syzkaller-testdir1927821285/syzkaller.t1tSo4/18/file1" dev="configfs" ino=11619 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  834.357974][T25873] EXT4-fs (loop1): mounted filesystem without journal. Opts: data_err=abort,stripe=0x0000000000000002,noblock_validity,errors=remount-ro,noblock_validity,bsddf,sysvgroups,nojournal_checksum,nodelalloc,. Quota mode: none.
[  835.402213][T25900] loop4: detected capacity change from 0 to 1024
[  835.412042][T25902] loop3: detected capacity change from 0 to 128
[  835.434993][T25900] EXT4-fs (loop4): Ignoring removed orlov option
[  835.441291][T25900] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[  835.458231][T25900] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  835.490058][T25900] EXT4-fs error (device loop4): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.4: corrupt xattr in inline inode
[  835.503664][T25900] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.4: corrupted in-inode xattr
[  835.570500][T24622] ==================================================================
[  835.578380][T24622] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0
[  835.586196][T24622] Read of size 4 at addr ffff888139d30000 by task syz-executor.4/24622
[  835.594259][T24622] 
[  835.596431][T24622] CPU: 0 PID: 24622 Comm: syz-executor.4 Tainted: G        W         5.15.149-syzkaller-00165-g85445b5a2107 #0
[  835.608408][T24622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
2024/06/16 19:52:09 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[  835.618305][T24622] Call Trace:
[  835.621427][T24622]  <TASK>
[  835.624208][T24622]  dump_stack_lvl+0x151/0x1b7
[  835.628720][T24622]  ? io_uring_drop_tctx_refs+0x190/0x190
[  835.634193][T24622]  ? panic+0x751/0x751
[  835.638098][T24622]  print_address_description+0x87/0x3b0
[  835.643477][T24622]  kasan_report+0x179/0x1c0
[  835.647815][T24622]  ? ext4_xattr_delete_inode+0xcd0/0xce0
[  835.653279][T24622]  ? ext4_xattr_delete_inode+0xcd0/0xce0
[  835.658836][T24622]  __asan_report_load4_noabort+0x14/0x20
[  835.664303][T24622]  ext4_xattr_delete_inode+0xcd0/0xce0
[  835.669603][T24622]  ? sb_end_intwrite+0x120/0x120
[  835.674369][T24622]  ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0
[  835.680368][T24622]  ? ext4_journal_check_start+0x16c/0x230
[  835.685919][T24622]  ? __kasan_check_read+0x11/0x20
[  835.690786][T24622]  ? ext4_inode_is_fast_symlink+0x295/0x3d0
[  835.696502][T24622]  ? ext4_evict_inode+0xb8d/0x14e0
[  835.701449][T24622]  ext4_evict_inode+0xea1/0x14e0
[  835.706222][T24622]  ? _raw_spin_unlock+0x4d/0x70
[  835.710912][T24622]  ? ext4_inode_is_fast_symlink+0x3d0/0x3d0
[  835.716649][T24622]  ? _raw_spin_unlock+0x4d/0x70
[  835.721325][T24622]  ? inode_io_list_del+0x18b/0x1a0
[  835.726271][T24622]  ? ext4_inode_is_fast_symlink+0x3d0/0x3d0
[  835.732054][T24622]  evict+0x2a3/0x630
[  835.735732][T24622]  iput+0x63b/0x7e0
[  835.739378][T24622]  vfs_rmdir+0x359/0x470
[  835.743459][T24622]  do_rmdir+0x3ab/0x630
[  835.747450][T24622]  ? d_delete_notify+0x160/0x160
[  835.752226][T24622]  __x64_sys_unlinkat+0xdf/0xf0
[  835.756908][T24622]  do_syscall_64+0x3d/0xb0
[  835.761172][T24622]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  835.767241][T24622] RIP: 0033:0x7f89ec2dc687
[  835.771495][T24622] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  835.790935][T24622] RSP: 002b:00007ffcff3efd08 EFLAGS: 00000207 ORIG_RAX: 0000000000000107
[  835.799177][T24622] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f89ec2dc687
[  835.807081][T24622] RDX: 0000000000000200 RSI: 00007ffcff3f0eb0 RDI: 00000000ffffff9c
[  835.814884][T24622] RBP: 00007f89ec339636 R08: 0000000000000000 R09: 0000000000000000
[  835.822695][T24622] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffcff3f0eb0
[  835.830508][T24622] R13: 00007f89ec339636 R14: 00000000000cbf17 R15: 0000000000000007
[  835.838325][T24622]  </TASK>
[  835.841183][T24622] 
[  835.843353][T24622] The buggy address belongs to the page:
[  835.848842][T24622] page:ffffea0004e74c00 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x100 pfn:0x139d30
[  835.859409][T24622] flags: 0x4000000000000000(zone=1)
[  835.864452][T24622] raw: 4000000000000000 ffffea0004aa3188 ffffea0004af2f88 0000000000000000
[  835.872875][T24622] raw: 0000000000000100 0000000000000000 00000000ffffff7f 0000000000000000
[  835.881282][T24622] page dumped because: kasan: bad access detected
[  835.887540][T24622] page_owner tracks the page as freed
[  835.892736][T24622] page last allocated via order 0, migratetype Movable, gfp_mask 0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 25632, ts 826559205802, free_ts 826563238527
[  835.908302][T24622]  post_alloc_hook+0x1a3/0x1b0
[  835.912873][T24622]  prep_new_page+0x1b/0x110
[  835.917213][T24622]  get_page_from_freelist+0x3550/0x35d0
[  835.922592][T24622]  __alloc_pages+0x27e/0x8f0
[  835.927019][T24622]  wp_page_copy+0x1d4/0x1b00
[  835.931445][T24622]  do_wp_page+0x6fa/0xb60
[  835.935612][T24622]  handle_pte_fault+0x7c0/0x24d0
[  835.940386][T24622]  do_handle_mm_fault+0x1ea9/0x23a0
[  835.945420][T24622]  exc_page_fault+0x26f/0x830
[  835.949931][T24622]  asm_exc_page_fault+0x27/0x30
[  835.954620][T24622] page last free stack trace:
[  835.959131][T24622]  free_unref_page_prepare+0x7c8/0x7d0
[  835.964428][T24622]  free_unref_page_list+0x14b/0xa60
[  835.969461][T24622]  release_pages+0x1310/0x1370
[  835.974062][T24622]  free_pages_and_swap_cache+0x8a/0xa0
[  835.979352][T24622]  tlb_finish_mmu+0x177/0x320
[  835.983867][T24622]  exit_mmap+0x40d/0x940
[  835.987945][T24622]  __mmput+0x95/0x310
[  835.991764][T24622]  mmput+0x5b/0x170
[  835.995409][T24622]  do_exit+0xb9c/0x2ca0
[  835.999403][T24622]  do_group_exit+0x141/0x310
[  836.003830][T24622]  get_signal+0x7a3/0x1630
[  836.008083][T24622]  arch_do_signal_or_restart+0xbd/0x1680
[  836.013549][T24622]  exit_to_user_mode_loop+0xa0/0xe0
[  836.018585][T24622]  exit_to_user_mode_prepare+0x5a/0xa0
[  836.023878][T24622]  syscall_exit_to_user_mode+0x26/0x160
[  836.029259][T24622]  do_syscall_64+0x49/0xb0
[  836.033526][T24622] 
[  836.035681][T24622] Memory state around the buggy address:
[  836.041162][T24622]  ffff888139d2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  836.049140][T24622]  ffff888139d2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  836.057036][T24622] >ffff888139d30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  836.064930][T24622]                    ^
[  836.068842][T24622]  ffff888139d30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  836.076738][T24622]  ffff888139d30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  836.084632][T24622] ==================================================================
[  836.092532][T24622] Disabling lock debugging due to kernel taint