last executing test programs: 39.889118002s ago: executing program 2: socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) recvmsg(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/249, 0xf9}], 0x1}, 0x0) close(r0) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x810100, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1, 0x0, 0x0, 0x3}, 0x0) 39.6520908s ago: executing program 2: r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pidfd_send_signal(r1, 0x0, &(0x7f00000000c0), 0x0) 39.415812569s ago: executing program 2: ptrace(0x10, 0x1) r0 = inotify_init1(0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x0, 0x4}, 0x48) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000380)={0x0, 0x0}) ptrace$getenv(0x4203, r1, 0x0, &(0x7f0000000000)) 14.373993085s ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x8413, &(0x7f0000000080)={[{@noload}, {@discard}, {@nogrpid}, {@noblock_validity}]}, 0x0, 0x50e, &(0x7f0000000a40)="$eJzs3c9rHG0dAPDvbLJ5myZ9k1c96Au+b7WVtGh3k4a2wUOtIHoqqPVeY7IJIZtsyW7aJhSb4h8giKjgSS9eBP8AQQpePIpQ0LOiooi2elDQjuzubJomu0nedJtNk88HpvP82Jnv8zSZ2XlmJjMBnFg3sul5mqYXI2IkK89l0yfrmY2IsxHx7OmDmfqURJre+nsSSVbWWlfa8FYMNRdprOCrX4r4RrIzbnVtfXG6XC6tZPlibelOsbq2fmlhaXq+NF9anpycuDp1berK1PirdG9uKEuciYjrX/jz9779ky9e/8Vn7v3h9l8vfDNptvlhbOvHB9S/W2Wz6/k4ta1s5YDBjqL+rYnB/S3zKPsVAQDgcNWPSz+UHedfjJHo2/1wFgAAAHgDpZ8bjv8mrWt3Owx0KAcAAADeILmIGI4kV8ju9x2OXK5QiMY9vB+J07lypVr79FxldXm2XhcxGvnc3EK5NJ7dKzwa+aSen2ikX+Qvb8tPRsQ7EfHdkcFGvjBTKc/2+uQHAAAAnBBD28b//xppjv8BAACAY2a01w0AAAAAXjvjfwAAADj+jP8BAADgWPvyzZv1KW29/3r27trqYuXupdlSdbGwtDpTmKms3CnMVyrzjWf2Le26ss1XBy6v3i/WStVasbq2fnupsrpcu73w0iuwAQAAgEP0zvuPf5dExMZnBxtT3cCW+v9k7wnoWQOB12bzlF0k2Xxg54d+/3Zz/qdDahRwKPp63QCgZ/p73QCgZ/K9bgDQc8ke9R1v3vl1Nv9Ed9sDAAB039jHOl//z+265Mbu1cCRZyOGk8v1fzi5Gtf/29zy15aDBThW8o4A4MR75ev/e/I3RAAA0GvDjSnJFbLTe8ORyxUKEWcarwXIJ3ML5dJ4RLwdEb8dyb9Vz080lkz2HDMAAAAAAAAAAAAAAAAAAAAAAAAAAE1pmkQKAAAAHGsRub8kv2w+y39s5Pzw9vMDA8m/RyJ7Rei9H976/v3pWm1lol7+j83y2g+y8su9OIMBAAAAbNcap7fG8QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQTc+ePphpTYcZ92+fj4jRdvH741RjfiryEXH6n0n0b1kuiYi+LsTfeBQRH20XP6k3azNku/iDrz9+jGb/C+3iD3UhPpxkj+v7nxvttr9cnG3M229//REv5Q+q8/4vNvd/fR22/zP7jPHuk58VO8Z/FPFuf/v9Tyt+0iH+uX3G//rX1tc71aU/ihhr+/2TvBSrWFu6U6yurV9aWJqeL82XlicnJ65OXZu6MjVenFsol7J/28b4zsd//ny3/p/uEH90j/6f32f///fk/tMPN5P5dvEvnGsT/1c/zj6xM34u++77VJau14+10hvN9Fbv/fQ37+3W/9kO/d/r539hn/2/+JVv/XGfHwUADkF1bX1xulwurRzbRH2UfgSaIXEEEw93Vr0fB15hmqZpfZt6hYYlB4/enUSyWdLrPRMAANBtL47+e90SAAAAAAAAAAAAAAAAAAAAOLkO47li22NubKaSbjxCGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgK/4fAAD//1X76Tc=") r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000080), &(0x7f0000000200)}, 0x20) quotactl$Q_QUOTAON(0xffffffff80000202, &(0x7f0000000000)=@filename='\x00', 0x0, &(0x7f0000000080)='./file0\x00') 13.558024253s ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x8413, &(0x7f0000000080)={[{@noload}, {@discard}, {@nogrpid}, {@noblock_validity}]}, 0x0, 0x50e, &(0x7f0000000a40)="$eJzs3c9rHG0dAPDvbLJ5myZ9k1c96Au+b7WVtGh3k4a2wUOtIHoqqPVeY7IJIZtsyW7aJhSb4h8giKjgSS9eBP8AQQpePIpQ0LOiooi2elDQjuzubJomu0nedJtNk88HpvP82Jnv8zSZ2XlmJjMBnFg3sul5mqYXI2IkK89l0yfrmY2IsxHx7OmDmfqURJre+nsSSVbWWlfa8FYMNRdprOCrX4r4RrIzbnVtfXG6XC6tZPlibelOsbq2fmlhaXq+NF9anpycuDp1berK1PirdG9uKEuciYjrX/jz9779ky9e/8Vn7v3h9l8vfDNptvlhbOvHB9S/W2Wz6/k4ta1s5YDBjqL+rYnB/S3zKPsVAQDgcNWPSz+UHedfjJHo2/1wFgAAAHgDpZ8bjv8mrWt3Owx0KAcAAADeILmIGI4kV8ju9x2OXK5QiMY9vB+J07lypVr79FxldXm2XhcxGvnc3EK5NJ7dKzwa+aSen2ikX+Qvb8tPRsQ7EfHdkcFGvjBTKc/2+uQHAAAAnBBD28b//xppjv8BAACAY2a01w0AAAAAXjvjfwAAADj+jP8BAADgWPvyzZv1KW29/3r27trqYuXupdlSdbGwtDpTmKms3CnMVyrzjWf2Le26ss1XBy6v3i/WStVasbq2fnupsrpcu73w0iuwAQAAgEP0zvuPf5dExMZnBxtT3cCW+v9k7wnoWQOB12bzlF0k2Xxg54d+/3Zz/qdDahRwKPp63QCgZ/p73QCgZ/K9bgDQc8ke9R1v3vl1Nv9Ed9sDAAB039jHOl//z+265Mbu1cCRZyOGk8v1fzi5Gtf/29zy15aDBThW8o4A4MR75ev/e/I3RAAA0GvDjSnJFbLTe8ORyxUKEWcarwXIJ3ML5dJ4RLwdEb8dyb9Vz080lkz2HDMAAAAAAAAAAAAAAAAAAAAAAAAAAE1pmkQKAAAAHGsRub8kv2w+y39s5Pzw9vMDA8m/RyJ7Rei9H976/v3pWm1lol7+j83y2g+y8su9OIMBAAAAbNcap7fG8QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQTc+ePphpTYcZ92+fj4jRdvH741RjfiryEXH6n0n0b1kuiYi+LsTfeBQRH20XP6k3azNku/iDrz9+jGb/C+3iD3UhPpxkj+v7nxvttr9cnG3M229//REv5Q+q8/4vNvd/fR22/zP7jPHuk58VO8Z/FPFuf/v9Tyt+0iH+uX3G//rX1tc71aU/ihhr+/2TvBSrWFu6U6yurV9aWJqeL82XlicnJ65OXZu6MjVenFsol7J/28b4zsd//ny3/p/uEH90j/6f32f///fk/tMPN5P5dvEvnGsT/1c/zj6xM34u++77VJau14+10hvN9Fbv/fQ37+3W/9kO/d/r539hn/2/+JVv/XGfHwUADkF1bX1xulwurRzbRH2UfgSaIXEEEw93Vr0fB15hmqZpfZt6hYYlB4/enUSyWdLrPRMAANBtL47+e90SAAAAAAAAAAAAAAAAAAAAOLkO47li22NubKaSbjxCGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgK/4fAAD//1X76Tc=") r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000080), &(0x7f0000000200)}, 0x20) quotactl$Q_QUOTAON(0xffffffff80000202, &(0x7f0000000000)=@filename='\x00', 0x0, &(0x7f0000000080)='./file0\x00') 13.33208977s ago: executing program 2: ptrace(0x10, 0x1) r0 = inotify_init1(0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x0, 0x4}, 0x48) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000380)={0x0, 0x0}) ptrace$getenv(0x4203, r1, 0x0, &(0x7f0000000000)) 2.342303679s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) getrusage(0x0, 0x0) 2.198984837s ago: executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000140)={0x20}) write$cgroup_int(r0, &(0x7f0000000040), 0xfea0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_cpus\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000380), 0x101bf) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x1, 0xbb3e, 0x404}) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000080)={0x0, r1, 0x2, 0x4, 0x7}) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000000)={0x2880008, r0, 0x0, 0x7, 0xa}) 2.142212983s ago: executing program 1: r0 = socket(0x2, 0x3, 0x100000001) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) socket$packet(0x11, 0x3, 0x300) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10) sendto$inet(r0, &(0x7f0000000000)="832e", 0x2, 0x8004, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000100)="9650", 0x2, 0x0, 0x0, 0x0) 2.019080048s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x3, 0xbf22}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xd, 0x6, 0x4, 0x5, 0x0, r0}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000940)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='sched_kthread_work_queue_work\x00', r3}, 0x10) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r2, &(0x7f0000000080), 0x0}, 0x20) 2.017777398s ago: executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='ext4_discard_preallocations\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) 1.987667052s ago: executing program 1: r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a700000008000c0095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='mm_lru_insertion\x00', r1}, 0x10) r2 = getpid() r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = dup2(r4, r3) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r5}, 0x10) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) 1.913601711s ago: executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r1}, 0x10) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r4 = dup(r3) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}}) 1.84087111s ago: executing program 1: io_uring_setup(0x30d5, &(0x7f00000001c0)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0xdac) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 1.83895083s ago: executing program 4: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x204092, &(0x7f0000000000), 0x6, 0x50d, &(0x7f00000006c0)="$eJzs3U1vI3cZAPBnHLubbQNOWw6lEtvQF2URrJM0fYk4lEbi5VQJUe7ZkDhRFCdeJU67iVaQfgIQqgCJC5y4IPEBkFA/AkKqBDcOnEAVZOmBCzIae9xNHDs4Wsezm/x+0mT+8//Hfp7HiSfzFk8AV9ZURLwdEWMR8UpElLP+QjbFYXtKv+/+0b2VdEqi2Xz3n0kkWV/3cz6VPSz1ve9E/CA5HXd3/2BzuVar7pzsPri1sbW8Xl2vbs/Pz72x8ObC6wuzA1aSFM8afToi3vrmpz/78W++/dYfvvb+35b+cfOHaVq3s/FedQxDu/RSjJ9YvjzS35tiq0IAAB4Hz0bEMxHxYkR8JcoxFmduRgMAAACPoeY3Jq51mgAAAMDlVIiIiUgKlex634koFCqV9jW8X4gnC7X6buOra/W97dV0LGIySoW1jVp1NrtWeDJKSbo812o/WH61a3k+uwb3w/L1dLk1BgAAAIzGYtf+/6fl9v4/AAAAcMn0Phk/NvI8AAAAgIvjYnwAAAC4/Oz/AwAAwKX23XfeSafm/aN7rfsArL63v7dZf+/WanV3s7K1t1JZqe/cqazX6+u1amWA/wio1et3XovtvbszjeJuY2Z3/2Bpq7633Vhq3dd7qfrMCGoCAAAATnr6hY/+kkTE4devt6bUE9lYKdfMgEdIUuzquP3lnDIBhuLcH/IztXcxiQAj1/03Hbg67OMDSXdH14bBeL9NhT92d9z4v7FscwAAQD6mv+j8P1xVhbwTAHLzk7wTAHIz8LH4qYvNAxi9ktv8wZV36vx/l/F+A6fO//fTbJ4rIQAAYOgm2rPDyM4FTkShUKl8dlowWduoVWcj4vMR8edy6Vq6PJdjvgAAAAAAAAAAAAAAAAAAAAAAAADwOGo2k2gCAAAAl1pE4e9Jdv+v6fLLE93HB55I/lNuzSPi/V+++/O7y43Gzlza/6/P+hu/yPpfzeMIBgAAAFxFpTNHO/vpnf14AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABim+0f3VjrTKON+shjXY7JX/GKMt+bjUYqIJ/+dRPHY45KIGBtC/MMPIuK5XvGTNK2YzLLojl+IiOs5x39qCPHhKvtoMSLe7vX+K8RUa977/VfMpof1yWLrTd4zfmf9N9Zn/fe5AWM8//HvZvrG/yDi+WLv9U8nftIn/ksDxr/9/YODfmPNX0dM9/z7k7RnhewbG1t3Znb3D25tbC2vV9er2/Pzc28svLnw+sLszNpGrZp97Rnjp1/6/eGHfetvBzgev1PnZDvDH/Wr/+UB6//vx3ePnm03S6fjR9x8qffP/7nWvPfrn/5OvJK9POn4dKd92G4fd+O3f7rRL7c0/mqf17/98y83H8Qvnqj/5mDlH6/5V4M9BAC4SLv7B5vLtVp1ZwSNF18b3hMmrUa6FTSi5PNudA52PCr5jOcT/VrkW/u3Hvp5OpvDD/M8fx1aXek+Q++hHFdKAADAhXiw0Z93JgAAAAAAAAAAAAAAAAAAAHB1tf7/f+ycHwT4wvk+aaw75mE+pQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnOl/AQAA//9DhsFC") r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) quotactl$Q_GETFMT(0xffffffff80000400, &(0x7f0000000140)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f00000011c0)) 1.544462205s ago: executing program 3: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000010100008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() sched_setscheduler(r2, 0x0, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r5, 0x29, 0x11, &(0x7f0000000080), 0x4) 1.361470457s ago: executing program 1: bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0}, 0x10) r0 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000940)=@o_path={&(0x7f0000000140)='./file1\x00'}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@bloom_filter={0x1e, 0x4, 0x8, 0x8, 0x100, r0, 0x80000001, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x5, 0x8}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000a40)=""/181}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b708000000000002000000ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000260000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, &(0x7f0000000980)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00'}, 0x90) openat$vcs(0xffffffffffffff9c, &(0x7f0000001c40), 0x4000, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001d40)={{{@in6=@empty, @in6=@mcast1, 0x0, 0x0, 0x4e24, 0x6, 0x0, 0x80, 0x20}, {0x2, 0x101, 0x3, 0xffff, 0x5, 0x1ff, 0xffffffffffffffff, 0x3}, {0x9, 0x0, 0x9982, 0x9}, 0x3, 0x6e6bb8, 0x2, 0x0, 0x1, 0x3}, {{@in=@empty, 0x4d5, 0x2b}, 0x2, @in6=@loopback, 0x3503, 0x0, 0x3, 0x0, 0x5, 0x6}}, 0xe8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='./file1\x00', 0x0, 0x2804, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000073013b00000000009500000000000000f523bc128e9d16330ff66aeaf3e1eae3fa41706376ae6c4aad19d53374e70747f5be3d456fe61f01417867c12a572533334f0f0d2daca3d997dec1914913584cfe611d87509d"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r1, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000001380)={[{@data_err_abort}, {@stripe={'stripe', 0x3d, 0x2}}, {@noblock_validity}, {@errors_remount}, {@noblock_validity}, {}, {@sysvgroups}, {@nojournal_checksum}, {@nodelalloc}]}, 0xfc, 0x550, &(0x7f0000000340)="$eJzs3d9rW1UcAPDvTdv91nUwhvoghT04mUvX1h8TfJiPosOBvs/Q3pXRZBlNOtY6cHtwL77IEEQciH+A7z4O/wH/ioEOhoyiD75EbnrTZWvSZm22Zubzgduec89Nzz0593t6bk5CAhhaE9mPQsSrEfFtEnG4rWw08sKJteNWH16fzbYkGo3P/koiyfe1jk/y3wfzzCsR8dvXEScLG+utLa8slMrldDHPT9YrVyZryyunLlVK8+l8enl6ZubMOzPT77/3bt/a+ub5f3749O5HZ745vvr9L/eP3E7ibBzKy9rbsQM32jMTMZE/J2Nx9okDp/pQ2SBJdvsE2JaRPM7HIhsDDsdIHvXA/99XEdEAhlQi/mFIteYBrXv7Pt0HvzAefLh2A7Sx/aNrr43Evua90YHV5LE7o+x+d7wP9Wd1/PrnndvZFv17HQJgSzduRsTp0dGN41+Sj3/bd7qHY56sw/gHz8/dbP7zVqf5T2F9/hMd5j8HO8Tudmwd/4X7faimq2z+90HH+e/6otX4SJ57qTnnG0suXiqn2dj2ckSciLG9WX6z9Zwzq/ca3cra53/ZltXfmgvm53F/dO/jj5kr1Us7aXO7BzcjXus4/03W+z/p0P/Z83G+xzqOpXde71a2dfufrcbPEW907P9HK1rJ5uuTk83rYbJ1VWz0961jv3erf7fbn/X/gc3bP560r9fWnr6On/b9m3Yr2+71vyf5vJnek++7VqrXF6ci9iSfbNw//eixrXzr+Kz9J45vPv51uv73R8QXPbb/1tFbXQ8dhP6fe6r+f/rEvY+//LFb/b31/9vN1Il8Ty/jX68nuJPnDgAAAAAAAAZNISIORVIorqcLhWJx7f0dR+NAoVyt1U9erC5dnovmZ2XHY6zQWuk+3PZ+iKn8/bCt/PQT+ZmIOBIR343sb+aLs9Xy3G43HgAAAAAAAAAAAAAAAAAAAAbEwYh9nT7/n/ljZLfPDnjmfOU3DK/u8Z+X9OObnoCB5P8/DC/xD8NL/MPwEv8wvMQ/DC/xD8NL/MPwEv8AAAAAAAAAAAAAAAAAAAAAAAAAAADQV+fPncu2xurD67NZfu7q8tJC9eqpubS2UKwszRZnq4tXivPV6nw5Lc5WK1v9vXK1emVqOpauTdbTWn2ytrxyoVJduly/cKlSmk8vpGPPpVUAAAAAAAAAAAAAAAAAAADwYqktryyUyuV0UUJiW4nRwTgNiT4ndntkAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBH/gsAAP//sQI4ww==") r5 = openat$vsock(0xffffffffffffff9c, &(0x7f0000001c80), 0x690000, 0x0) openat$cgroup_ro(r5, &(0x7f0000001cc0)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b704000000000000850000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00'}, 0x10) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018b4c700", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r8}, 0x10) socket$igmp6(0xa, 0x3, 0x2) 1.273701907s ago: executing program 4: bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getresgid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f0000000300)) r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f00000000c0)=0x8004, 0x4) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x1f) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) nanosleep(&(0x7f0000000380), &(0x7f00000003c0)) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r4}, 0x10) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r5, &(0x7f0000007900)={0x0, 0x0, &(0x7f0000007840)=[{&(0x7f0000005ec0)=ANY=[@ANYBLOB="140200001a00f9ffff7b00000000000001"], 0x214}], 0x1}, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') 1.110622087s ago: executing program 1: openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r0 = socket$inet6(0xa, 0x1000080002, 0x100000000000088) execve(0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e23}, 0x1c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = socket$inet6(0xa, 0x802, 0x88) setsockopt$inet6_udp_int(r3, 0x11, 0x100000000a, &(0x7f00000003c0)=0x800000001, 0x4) sendto$inet6(r3, 0x0, 0x0, 0x4008840, &(0x7f0000000180)={0xa, 0x4e23, 0x0, @local}, 0x1c) sendto$inet6(r3, &(0x7f0000000000)="17", 0x1, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020722500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r6 = epoll_create(0x5) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}}) write$P9_RVERSION(r5, &(0x7f0000000000)={0x13, 0x65, 0xffff, 0x0, 0x6, '9P2000'}, 0x20000013) 724.905104ms ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000400)='jbd2_handle_stats\x00', r3}, 0x10) write$cgroup_pid(r0, &(0x7f0000000980), 0x12) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='ext4_drop_inode\x00', r4}, 0x10) unlink(&(0x7f0000000140)='./cgroup\x00') 639.263164ms ago: executing program 0: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10) setpriority(0x0, 0x0, 0x0) 554.071294ms ago: executing program 0: getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x0, 0x0, {0x7, r0}, [@MDBA_SET_ENTRY={0x20, 0x1, {r0, 0x0, 0x0, 0x0, {@ip4=@rand_addr=0xe0000000, 0x800}}}]}, 0x38}}, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x0, 0x0, {0x7, r3}, [@MDBA_SET_ENTRY={0x20, 0x1, {r3, 0x0, 0x0, 0x0, {@ip4=@rand_addr=0xe0000000, 0x800}}}]}, 0x38}}, 0x0) r4 = socket(0x10, 0x803, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0) getsockname$packet(r5, &(0x7f0000000840)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000880)=0x40) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x0, 0x0, {0x7, r6}, [@MDBA_SET_ENTRY={0x20, 0x1, {r6, 0x0, 0x0, 0x0, {@ip4=@rand_addr=0xe0000000, 0x800}}}]}, 0x38}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000300)={'syztnl1\x00', &(0x7f0000000600)={'ip_vti0\x00', 0x0, 0x10, 0x10, 0x1, 0x8, {{0x43, 0x4, 0x0, 0x28, 0x10c, 0x64, 0x0, 0xd0, 0x4, 0x0, @loopback, @broadcast, {[@timestamp_addr={0x44, 0x34, 0x57, 0x1, 0x3, [{@remote, 0xfffffff8}, {@dev={0xac, 0x14, 0x14, 0x2d}, 0x800}, {@empty, 0x8000}, {@loopback, 0x8}, {@loopback, 0x9}, {@empty, 0x2}]}, @lsrr={0x83, 0x23, 0x99, [@multicast1, @local, @multicast2, @loopback, @local, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2]}, @timestamp_prespec={0x44, 0x3c, 0x1d, 0x3, 0x7, [{@multicast2, 0x4}, {@remote, 0x5}, {@rand_addr=0x64010100, 0x4}, {@empty, 0x1fffe00}, {@rand_addr=0x64010100, 0xffffbca4}, {@multicast1, 0x5}, {@multicast2, 0xeb}]}, @end, @generic={0x8c, 0x9, "c37ca1089bd0aa"}, @cipso={0x86, 0x28, 0x2, [{0x5, 0x10, "45ceb7134a00659ef3ff82fa63d3"}, {0x7, 0x2}, {0x7, 0x10, "6e9b4f25508720ed826270316ab5"}]}, @end, @timestamp={0x44, 0x20, 0xe6, 0x0, 0x9, [0x2, 0x4, 0x0, 0x8, 0xd4, 0x2, 0x2]}, @generic={0x86, 0xf, "9e805e0e3b829a0383be00777a"}]}}}}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000480)={'syztnl2\x00', &(0x7f0000000740)={'ip6_vti0\x00', 0x0, 0x4, 0xfe, 0x4, 0x5, 0xc, @dev={0xfe, 0x80, '\x00', 0x2c}, @local, 0xf8a8, 0x7800, 0x6, 0x3}}) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000007c0)={&(0x7f0000000980)={0x400, 0x0, 0x400, 0x70bd29, 0x25dfdbfb, {}, [{{0x8, 0x1, r0}, {0x4}}, {{0x8, 0x1, r3}, {0xbc, 0x2, 0x0, 0x1, [{0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0xfff, 0x0, 0x3b, 0x1a8}, {0xff, 0x9, 0x0, 0x10001}]}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x81}}}]}}, {{0x8}, {0x188, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x4000007}}}, {0x5c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x2c, 0x4, [{0xfff, 0x0, 0x20, 0x3}, {0xfffe, 0xf9, 0x1, 0x3}, {0xfffd, 0x9, 0x7}, {0x6, 0x28, 0x0, 0x1}, {0xe5de, 0x4a, 0x81, 0x7fffffff}]}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8, 0x1, r6}, {0x138, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x28000}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x7, 0x3f, 0x8e, 0x3}, {0x6, 0x7, 0x3f, 0x3f}, {0x8, 0x4, 0x3, 0x7ff}]}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r0}}}]}}, {{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xfff}}, {0x8, 0x6, r8}}}]}}]}, 0x400}, 0x1, 0x0, 0x0, 0x8010}, 0x80) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r9, 0x40086602, &(0x7f0000000080)) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) write$cgroup_int(r11, &(0x7f0000000380), 0x101bf) r12 = socket$inet(0x2, 0xa, 0x0) ioctl$sock_inet_SIOCSIFADDR(r12, 0x891b, &(0x7f0000000000)={'lo\x00', {0x2, 0x0, @multicast1=0xac14140a}}) pwritev(r12, &(0x7f0000000180)=[{&(0x7f00000003c0)="b0239f7ee43a775fb7613625839c64777bfbe213a746e880b2892485265bee64e4fa0c1330f6b016a2ee623ec1c172215b07c4966bc4fa76fdbf45330b9cac0cc8fa9a7b0e2a850d00c9da7fe3869f0ce1a23fb2b050cbdf0a6896c7058673dcf4f7ade322a898baced9597fa431c0fd939ad36202d798d2a7bee46a7dc231bf2c957288d68d1df1c5b013", 0x8b}, {&(0x7f00000000c0)="763ebafb531c5f4ba700217bbe47026950036ac4725ba99d31b3588563034e658ddb27086556641eb60caf8d28899316", 0x30}], 0x2, 0xc5, 0xb8f) ioctl$EXT4_IOC_MIGRATE(r10, 0x6609) 470.461364ms ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x15, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='jbd2_handle_stats\x00', r2}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0) 438.519218ms ago: executing program 0: r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a700000008000c0095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='mm_lru_insertion\x00', r1}, 0x10) r2 = getpid() r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = dup2(r4, r3) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r5}, 0x10) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) 361.109047ms ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x17, 0x0, 0x8400, 0x1, 0x0, 0x1}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r0, 0x0, 0x20000000}, 0x20) bpf$MAP_DELETE_ELEM(0x15, &(0x7f0000000500)={r0, 0x0, 0x20000000}, 0x20) 283.220787ms ago: executing program 0: syz_emit_ethernet(0x7e, &(0x7f0000000380)={@broadcast, @empty, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, '\x00', 0x48, 0x2f, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, [0x0]}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x0]}}}}}}}, 0x0) 260.109989ms ago: executing program 3: syz_mount_image$msdos(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', 0x80c406, &(0x7f00000005c0)=ANY=[], 0xff, 0x2bc, &(0x7f0000000180)="$eJzs3EFrE1sUwPGTTJtJ+2ja1YP3Nh50o5uhxqUKRmlBDChpR9SFMKVTDYlJmQmaiGDWrvo5ikt3gvgFuhW3grsiSFddOdJkMk7SpJZYE03/Pyhz7j136L25Uzi3MNm9t/WktOFbG05NkmmVpEhT9kUWpCgdifCaasWpqF+uZqUpFxaf7r1auf/gVi6fXyqoLudWL2VVNXPm3bMXr8++r/1z903GNGVn4eHu1+znnX93/tv9tvq46GvR10q1po6uVas1Z63s6nrRL1mqd8qu47tarPiu15XfKFc3NxvqVNbnZjc91/fVqTQ0KQ2tVTUdzqqilmXp3OxBnJZTJHXcgZ+CMLC3CwUn13fMqfrkJpvn5RxDRGYO7am9PZ4ZAQCAcRpc/yejMZ36P9lb/4v8pP5/GY7KvB1Y/wcJkWHqf0Oi+r/ktur/mtdQ55FTjNf/OJJ9bWD9f4Tk75kMfkWiGWtc70p5Xm6m/03U/wAAAAAAAAAAAAAAAAAAAAAA/A32g2A+CIL5g2tSRIKwbYqIEWv3uZU3xCdAfP+D2I8ZbvAR+48JEHtxLy3ypVm363aidW3nl2/mlxa1Jfbi3169bhtR/mI7r935aZkN89m++ZScP9fOH+Ru3M7H81t1e0bWe+ZqdLWaJ/kxAAAAAAAw0SyNLESdaYnO95alpvTmW+f3VjAlIp3/D/Sc76fk/6kRLgQAAAAAAAzkN56XnHLZ9UYTGCP8XUMHIsPdfjkwT2QahojEesxwq+JjCisiJ7fklAy75J7AFLcz29Fu3Mfc+B+b0QRXjjv4Q+bwY9MVBAmRds90uGc9fwUAAAAAJsuP88C4ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOk1iq8uG/caAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD/F9wAAAP//SmOyhw==") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x40, 0x6, 0x8}, 0x48) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) 238.441202ms ago: executing program 4: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 117.265226ms ago: executing program 0: mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x90) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800004e9d00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 0s ago: executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x96c}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = getpid() sched_setscheduler(r4, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='ext4_es_lookup_extent_enter\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x6, 0x8, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) kernel console output (not intermixed with test programs): c: Started in network mode [ 727.714667][T22912] tipc: Node identity ac1414aa, cluster identity 4711 [ 727.721723][T22912] tipc: New replicast peer: 100.1.1.1 [ 727.727268][T22912] tipc: Enabled bearer , priority 10 [ 727.812870][T22472] attempt to access beyond end of device [ 727.812870][T22472] loop1: rw=2049, want=45104, limit=40427 [ 727.836309][ T6] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 727.845165][ T6] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 727.853185][ T6] usb 5-1: Product: syz [ 727.857399][ T6] usb 5-1: Manufacturer: syz [ 727.861796][ T6] usb 5-1: SerialNumber: syz [ 728.316390][ T6] usb 5-1: 2:1: invalid format type 0x1001 is detected, processed as PCM [ 728.324748][ T6] usb 5-1: 2:1 : invalid channels 0 [ 728.347954][ T6] usb 5-1: USB disconnect, device number 60 [ 728.653944][T22948] loop2: detected capacity change from 0 to 40427 [ 728.705801][T22948] F2FS-fs (loop2): invalid crc value [ 728.712840][T22948] F2FS-fs (loop2): Found nat_bits in checkpoint [ 728.739504][T22948] F2FS-fs (loop2): Cannot turn on quotas: -2 on 0 [ 728.753321][T22948] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 728.856367][T17301] tipc: Node number set to 2886997162 [ 728.925816][T22962] attempt to access beyond end of device [ 728.925816][T22962] loop2: rw=2049, want=45112, limit=40427 [ 729.024827][T22966] loop3: detected capacity change from 0 to 16 [ 729.084755][T22966] erofs: (device loop3): mounted with root inode @ nid 36. [ 729.176252][T22969] SELinux: Context system_u:object_r: is not valid (left unmapped). [ 729.184591][ T30] audit: type=1400 audit(1718567423.100:43748): avc: denied { relabelto } for pid=22968 comm="syz-executor.4" name="" dev="pipefs" ino=120839 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1 trawcon="system_u:object_r:" [ 729.284100][T22971] loop1: detected capacity change from 0 to 512 [ 729.326382][T22971] EXT4-fs (loop1): error: could not find journal device path: error -2 [ 729.392726][T22975] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 730.425302][T22993] overlayfs: statfs failed on './file0' [ 731.261868][T23026] tipc: Enabling of bearer rejected, failed to enable media [ 731.382840][T18762] kernel write not supported for file 23028/task/23030/clear_refs (pid: 18762 comm: kworker/1:2) [ 731.623192][T23038] loop3: detected capacity change from 0 to 256 [ 732.168554][T23050] loop4: detected capacity change from 0 to 512 [ 732.196624][T23050] EXT4-fs (loop4): error: could not find journal device path: error -2 [ 732.342464][T23055] tipc: Started in network mode [ 732.347215][T23055] tipc: Node identity ff010000000000000000000000000001, cluster identity 4711 [ 732.355902][T23055] tipc: Enabling of bearer rejected, failed to enable media [ 732.492988][ T6] kernel write not supported for file 23058/task/23059/clear_refs (pid: 6 comm: kworker/0:0) [ 732.551509][ T30] audit: type=1400 audit(1718567426.470:43749): avc: denied { ioctl } for pid=23061 comm="syz-executor.3" path="socket:[120238]" dev="sockfs" ino=120238 ioctlcmd=0x8907 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 732.636649][T23066] loop1: detected capacity change from 0 to 256 [ 732.674848][T23066] exfat: Deprecated parameter 'utf8' [ 732.682624][T23066] exFAT-fs (loop1): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 733.236236][T18762] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 733.348622][T23095] device syzkaller0 entered promiscuous mode [ 733.393185][ T30] audit: type=1400 audit(1718567427.310:43750): avc: denied { relabelfrom } for pid=23096 comm="syz-executor.2" name="NETLINK" dev="sockfs" ino=120304 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 733.418731][ T30] audit: type=1400 audit(1718567427.310:43751): avc: denied { relabelto } for pid=23096 comm="syz-executor.2" name="NETLINK" dev="sockfs" ino=120304 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=netlink_netfilter_socket permissive=1 [ 733.496222][T18762] usb 4-1: Using ep0 maxpacket: 16 [ 733.626489][T18762] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 733.677068][ T30] audit: type=1326 audit(1718567427.600:43752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23106 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2797f43ea9 code=0x7ffc0000 [ 733.701280][ T30] audit: type=1326 audit(1718567427.600:43753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23106 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2797f43ea9 code=0x7ffc0000 [ 733.725326][ T30] audit: type=1326 audit(1718567427.600:43754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23106 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f2797f43ea9 code=0x7ffc0000 [ 733.725392][T18762] usb 4-1: New USB device found, idVendor=04e6, idProduct=0007, bcdDevice= 1.75 [ 733.749530][ T30] audit: type=1326 audit(1718567427.600:43755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23106 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2797f43ea9 code=0x7ffc0000 [ 733.758669][T18762] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=5 [ 733.782357][ T30] audit: type=1326 audit(1718567427.600:43756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23106 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2797f43ea9 code=0x7ffc0000 [ 733.790672][T18762] usb 4-1: SerialNumber: syz [ 733.818543][ T30] audit: type=1326 audit(1718567427.600:43757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23106 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2797f43ea9 code=0x7ffc0000 [ 733.876534][T18762] usb-storage 4-1:1.0: USB Mass Storage device detected [ 733.884233][T18762] usb-storage 4-1:1.0: Quirks match for vid 04e6 pid 0007: 1 [ 734.078522][ T6] usb 4-1: USB disconnect, device number 58 [ 734.343703][T23130] incfs: Can't find or create .index dir in ./file0 [ 734.350282][T23130] incfs: mount failed -5 [ 735.096224][ T1292] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 735.336886][ T1292] usb 3-1: Using ep0 maxpacket: 8 [ 735.399923][T23163] EXT4-fs (sda1): re-mounted. Opts: (null). Quota mode: journalled. [ 735.456306][ T1292] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 735.466950][ T1292] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 735.476452][ T1292] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 735.487285][ T1292] usb 3-1: config 1 interface 1 has no altsetting 0 [ 735.646272][ T1292] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 735.655237][ T1292] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 735.663528][ T1292] usb 3-1: Product: syz [ 735.667670][ T1292] usb 3-1: Manufacturer: syz [ 735.672167][ T1292] usb 3-1: SerialNumber: syz [ 735.692321][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 735.692336][ T30] audit: type=1326 audit(1718567429.610:43767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23169 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe576d06ea9 code=0x7ffc0000 [ 735.722439][ T30] audit: type=1326 audit(1718567429.610:43768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23169 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe576d06ea9 code=0x7ffc0000 [ 735.746389][ T30] audit: type=1326 audit(1718567429.610:43769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23169 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fe576d06ea9 code=0x7ffc0000 [ 735.770432][ T30] audit: type=1326 audit(1718567429.610:43770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23169 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe576d06ea9 code=0x7ffc0000 [ 735.794415][ T30] audit: type=1326 audit(1718567429.610:43771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23169 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe576d06ea9 code=0x7ffc0000 [ 735.818370][ T30] audit: type=1326 audit(1718567429.610:43772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23169 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe576d06ea9 code=0x7ffc0000 [ 735.842153][ T30] audit: type=1326 audit(1718567429.610:43773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23169 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe576d06ea9 code=0x7ffc0000 [ 735.866086][ T30] audit: type=1326 audit(1718567429.610:43774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23169 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe576d06ea9 code=0x7ffc0000 [ 735.889957][ T30] audit: type=1326 audit(1718567429.610:43775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23169 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7fe576d06ea9 code=0x7ffc0000 [ 735.913862][ T30] audit: type=1326 audit(1718567429.610:43776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23169 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe576d06ea9 code=0x7ffc0000 [ 736.016301][ T1292] usb 3-1: 2:1: invalid format type 0x1001 is detected, processed as PCM [ 736.024529][ T1292] usb 3-1: 2:1 : invalid channels 0 [ 736.048235][ T1292] usb 3-1: USB disconnect, device number 52 [ 736.090637][T23177] loop1: detected capacity change from 0 to 256 [ 736.586194][ T1292] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 736.804958][T23198] syz-executor.1[23198] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 736.805286][T23198] syz-executor.1[23198] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 736.985879][ T1292] usb 4-1: Using ep0 maxpacket: 32 [ 737.157480][ T1292] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 737.169911][ T1292] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 737.181340][ T1292] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 737.190482][ T1292] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 737.200286][ T1292] usb 4-1: config 0 descriptor?? [ 737.216273][T23186] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 737.241489][ T1292] hub 4-1:0.0: USB hub found [ 737.347586][T23207] loop1: detected capacity change from 0 to 128 [ 737.359220][T23202] bridge0: port 1(bridge_slave_0) entered blocking state [ 737.366368][T23202] bridge0: port 1(bridge_slave_0) entered disabled state [ 737.373761][T23202] device bridge_slave_0 entered promiscuous mode [ 737.381542][ T347] device bridge_slave_1 left promiscuous mode [ 737.387566][ T347] bridge0: port 2(bridge_slave_1) entered disabled state [ 737.394930][ T347] device bridge_slave_0 left promiscuous mode [ 737.400975][ T347] bridge0: port 1(bridge_slave_0) entered disabled state [ 737.409047][ T347] device veth1_macvtap left promiscuous mode [ 737.414887][ T347] device veth0_vlan left promiscuous mode [ 737.419626][T23209] EXT4-fs (sda1): re-mounted. Opts: (null). Quota mode: journalled. [ 737.520389][T23202] bridge0: port 2(bridge_slave_1) entered blocking state [ 737.527438][T23202] bridge0: port 2(bridge_slave_1) entered disabled state [ 737.535000][T23202] device bridge_slave_1 entered promiscuous mode [ 737.894984][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 737.903793][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 737.927859][T17301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 737.936632][T17301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 737.944833][T17301] bridge0: port 1(bridge_slave_0) entered blocking state [ 737.951705][T17301] bridge0: port 1(bridge_slave_0) entered forwarding state [ 737.960275][T17301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 737.968884][T17301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 737.977239][T17301] bridge0: port 2(bridge_slave_1) entered blocking state [ 737.984086][T17301] bridge0: port 2(bridge_slave_1) entered forwarding state [ 737.991978][T17301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 738.005542][T17301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 738.013623][T17301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 738.034178][T23202] device veth0_vlan entered promiscuous mode [ 738.041923][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 738.051033][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 738.059846][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 738.068011][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 738.075757][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 738.093685][T23202] device veth1_macvtap entered promiscuous mode [ 738.102401][T17301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 738.157657][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 738.165892][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 738.186622][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 738.195049][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 739.346319][ T1292] hub 4-1:0.0: config failed, can't read hub descriptor (err -22) [ 739.456269][ T1292] usbhid 4-1:0.0: can't add hid device: -71 [ 739.462195][ T1292] usbhid: probe of 4-1:0.0 failed with error -71 [ 739.497191][ T1292] usb 4-1: USB disconnect, device number 59 [ 740.409526][T23273] syz-executor.3[23273] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 740.409590][T23273] syz-executor.3[23273] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 740.591640][T23277] loop3: detected capacity change from 0 to 128 [ 740.675999][T23279] incfs: Can't find or create .index dir in ./file0 [ 740.682597][T23279] incfs: mount failed -5 [ 742.002572][T23309] loop2: detected capacity change from 0 to 128 [ 742.293460][T23317] incfs: Can't find or create .index dir in ./file0 [ 742.300542][T23317] incfs: mount failed -5 [ 742.444352][T23322] loop1: detected capacity change from 0 to 512 [ 742.476661][T23325] syz-executor.3[23325] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 742.476741][T23325] syz-executor.3[23325] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 742.493675][T23322] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz-executor.1: casefold flag without casefold feature [ 742.518577][T23322] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.1: casefold flag without casefold feature [ 742.532316][T23322] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.1: ea_inode with extended attributes [ 742.545368][T23322] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor.1: error while reading EA inode 12 err=-117 [ 742.559617][T23322] EXT4-fs (loop1): 1 orphan inode deleted [ 742.565529][T23322] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 742.822217][T23337] cgroup: No subsys list or none specified [ 743.026259][ T26] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 743.096516][T23341] loop2: detected capacity change from 0 to 128 [ 743.266275][ T26] usb 4-1: Using ep0 maxpacket: 32 [ 743.386328][ T26] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 743.403407][T23352] incfs: Can't find or create .index dir in ./file0 [ 743.409994][T23352] incfs: mount failed -5 [ 743.556311][ T26] usb 4-1: New USB device found, idVendor=041e, idProduct=3f19, bcdDevice=a4.72 [ 743.565311][ T26] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 743.573263][ T26] usb 4-1: Product: syz [ 743.577330][ T26] usb 4-1: Manufacturer: syz [ 743.581696][ T26] usb 4-1: SerialNumber: syz [ 743.586970][ T26] usb 4-1: config 0 descriptor?? [ 743.740389][T23365] loop1: detected capacity change from 0 to 512 [ 743.853283][ T30] kauditd_printk_skb: 24 callbacks suppressed [ 743.853308][ T30] audit: type=1400 audit(1718567437.770:43801): avc: denied { mounton } for pid=23333 comm="syz-executor.3" path="/root/syzkaller-testdir521349125/syzkaller.brndQM/356/file0" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 743.950929][T23365] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz-executor.1: casefold flag without casefold feature [ 743.964469][T23365] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.1: casefold flag without casefold feature [ 743.979080][T23365] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.1: ea_inode with extended attributes [ 743.992766][T23365] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor.1: error while reading EA inode 12 err=-117 [ 744.006170][ T30] audit: type=1400 audit(1718567437.920:43802): avc: denied { mounton } for pid=23333 comm="syz-executor.3" path="/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 744.006522][T23365] EXT4-fs (loop1): 1 orphan inode deleted [ 744.033972][T23365] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 744.054420][T23335] loop3: detected capacity change from 0 to 512 [ 744.119102][T23335] EXT4-fs (loop3): Ignoring removed oldalloc option [ 744.126761][T23335] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 744.142523][T23335] EXT4-fs (loop3): 1 truncate cleaned up [ 744.148135][T23335] EXT4-fs (loop3): mounted filesystem without journal. Opts: quota,oldalloc,barrier=0x0000000000000003,debug_want_extra_isize=0x0000000000000080,block_validity,jqfmt=vfsv1,,errors=continue. Quota mode: writeback. [ 744.326054][ T30] audit: type=1326 audit(1718567438.240:43803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23379 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000 [ 744.326344][ T26] usb 4-1: unknown interface protocol 0xf, assuming v1 [ 744.350984][ T30] audit: type=1326 audit(1718567438.270:43804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23379 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000 [ 744.359114][ T26] usb 4-1: USB disconnect, device number 60 [ 744.403215][ T30] audit: type=1326 audit(1718567438.270:43805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23379 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000 [ 744.427129][ T30] audit: type=1326 audit(1718567438.310:43806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23379 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000 [ 744.451426][ T30] audit: type=1326 audit(1718567438.310:43807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23379 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000 [ 744.475376][ T30] audit: type=1326 audit(1718567438.310:43808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23379 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=253 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000 [ 744.499712][ T30] audit: type=1326 audit(1718567438.310:43809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23379 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000 [ 744.526234][ T30] audit: type=1326 audit(1718567438.310:43810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23379 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000 [ 744.838121][T23390] incfs: Can't find or create .index dir in ./file0 [ 744.844995][T23390] incfs: mount failed -5 [ 745.029767][T23399] syz-executor.2[23399] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 745.029833][T23399] syz-executor.2[23399] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 745.054940][T23400] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 745.078231][T23400] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 745.225849][T23410] loop1: detected capacity change from 0 to 128 [ 745.525317][T23417] loop2: detected capacity change from 0 to 256 [ 745.816636][T23420] netlink: 'syz-executor.3': attribute type 12 has an invalid length. [ 746.307857][T23438] syz-executor.3[23438] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 746.307953][T23438] syz-executor.3[23438] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 747.279570][T23461] loop1: detected capacity change from 0 to 40427 [ 747.341569][T23461] F2FS-fs (loop1): invalid crc value [ 747.349219][T23461] F2FS-fs (loop1): Found nat_bits in checkpoint [ 747.414113][T23461] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 747.432608][T23461] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=23461 comm=syz-executor.1 [ 747.758698][T23469] loop2: detected capacity change from 0 to 256 [ 748.163387][T23475] loop1: detected capacity change from 0 to 2048 [ 748.238285][T23475] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 748.269639][T23475] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 748.284412][T23475] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 748.296776][T23475] EXT4-fs (loop1): This should not happen!! Data will be lost [ 748.296776][T23475] [ 748.306632][T23475] EXT4-fs (loop1): Total free blocks count 0 [ 748.312444][T23475] EXT4-fs (loop1): Free/Dirty block details [ 748.318599][T23475] EXT4-fs (loop1): free_blocks=2415919104 [ 748.324239][T23475] EXT4-fs (loop1): dirty_blocks=16 [ 748.329528][T23475] EXT4-fs (loop1): Block reservation details [ 748.335627][T23475] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 748.341800][T23481] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 748.354420][T23481] EXT4-fs (loop1): This should not happen!! Data will be lost [ 748.354420][T23481] [ 749.174803][T23511] syz-executor.2[23511] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 749.174900][T23511] syz-executor.2[23511] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 749.403351][T23517] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 749.490737][T23519] loop2: detected capacity change from 0 to 1024 [ 749.555073][T23519] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 749.567469][T23519] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a003c018, mo2=0002] [ 749.575578][T23519] System zones: 0-1, 3-12 [ 749.580445][T23519] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodiscard,bsddf,auto_da_alloc=0x0000000000000000,nomblk_io_submit,debug_want_extra_isize=0x0000000000000080,lazytime,nodelalloc,acl,debug,,errors=continue. Quota mode: none. [ 749.604643][ T30] kauditd_printk_skb: 26 callbacks suppressed [ 749.604658][ T30] audit: type=1400 audit(1718567443.520:43837): avc: denied { setattr } for pid=23518 comm="syz-executor.2" name="file1" dev="loop2" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 749.615095][T23519] EXT4-fs error (device loop2): ext4_expand_extra_isize_ea:2739: inode #14: comm syz-executor.2: corrupted in-inode xattr [ 749.646640][ T30] audit: type=1400 audit(1718567443.530:43838): avc: denied { read } for pid=23518 comm="syz-executor.2" name="file1" dev="loop2" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 749.669890][T23519] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: none. [ 749.881338][T23525] loop1: detected capacity change from 0 to 512 [ 749.938497][T23525] EXT4-fs (loop1): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,nobarrier,nolazytime,,errors=continue. Quota mode: writeback. [ 749.955162][T23525] ext4 filesystem being mounted at /root/syzkaller-testdir3581808218/syzkaller.QkaCIW/92/file0 supports timestamps until 2038 (0x7fffffff) [ 750.034354][T23533] loop2: detected capacity change from 0 to 1024 [ 750.065820][T23533] EXT4-fs (loop2): Test dummy encryption mode enabled [ 750.072565][T23533] EXT4-fs (loop2): Ignoring removed orlov option [ 750.080905][T23533] EXT4-fs (loop2): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback. [ 750.444140][T23548] loop1: detected capacity change from 0 to 2048 [ 750.517959][T23548] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 750.551920][T23548] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 750.566673][T23548] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 750.578749][T23548] EXT4-fs (loop1): This should not happen!! Data will be lost [ 750.578749][T23548] [ 750.588197][T23548] EXT4-fs (loop1): Total free blocks count 0 [ 750.593935][T23548] EXT4-fs (loop1): Free/Dirty block details [ 750.599813][T23548] EXT4-fs (loop1): free_blocks=2415919104 [ 750.605338][T23548] EXT4-fs (loop1): dirty_blocks=16 [ 750.610329][T23548] EXT4-fs (loop1): Block reservation details [ 750.616096][T23548] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 750.622193][T23555] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 750.634458][T23555] EXT4-fs (loop1): This should not happen!! Data will be lost [ 750.634458][T23555] [ 750.818990][T23563] loop2: detected capacity change from 0 to 512 [ 750.875384][T23563] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz-executor.2: invalid indirect mapped block 256 (level 2) [ 750.889599][T23563] EXT4-fs (loop2): 2 truncates cleaned up [ 750.895202][T23563] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 751.027334][T21562] EXT4-fs error (device loop2): ext4_map_blocks:602: inode #2: block 13: comm syz-executor.2: lblock 0 mapped to illegal pblock 13 (length 1) [ 751.042160][T21562] EXT4-fs warning (device loop2): htree_dirblock_to_tree:1082: inode #2: lblock 0: comm syz-executor.2: error -117 reading directory block [ 751.056244][T21562] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5820: Corrupt filesystem [ 751.066182][T21562] EXT4-fs error (device loop2): ext4_dirty_inode:6024: inode #2: comm syz-executor.2: mark_inode_dirty error [ 751.096259][ T6] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 751.136405][T23574] loop1: detected capacity change from 0 to 1024 [ 751.194542][T23574] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 751.217541][T23574] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a003c018, mo2=0002] [ 751.225679][T23574] System zones: 0-1, 3-12 [ 751.230448][T23574] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodiscard,bsddf,auto_da_alloc=0x0000000000000000,nomblk_io_submit,debug_want_extra_isize=0x0000000000000080,lazytime,nodelalloc,acl,debug,,errors=continue. Quota mode: none. [ 751.256832][T23574] EXT4-fs error (device loop1): ext4_expand_extra_isize_ea:2739: inode #14: comm syz-executor.1: corrupted in-inode xattr [ 751.270120][T23574] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: none. [ 751.315562][T23578] bridge0: port 1(bridge_slave_0) entered blocking state [ 751.322467][T23578] bridge0: port 1(bridge_slave_0) entered disabled state [ 751.329701][T23578] device bridge_slave_0 entered promiscuous mode [ 751.336653][T23578] bridge0: port 2(bridge_slave_1) entered blocking state [ 751.343540][T23578] bridge0: port 2(bridge_slave_1) entered disabled state [ 751.351109][T23578] device bridge_slave_1 entered promiscuous mode [ 751.400190][T23578] bridge0: port 2(bridge_slave_1) entered blocking state [ 751.407102][T23578] bridge0: port 2(bridge_slave_1) entered forwarding state [ 751.414199][T23578] bridge0: port 1(bridge_slave_0) entered blocking state [ 751.421113][T23578] bridge0: port 1(bridge_slave_0) entered forwarding state [ 751.445401][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 751.452998][ T6551] bridge0: port 1(bridge_slave_0) entered disabled state [ 751.460475][ T6551] bridge0: port 2(bridge_slave_1) entered disabled state [ 751.470857][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 751.479281][ T1292] bridge0: port 1(bridge_slave_0) entered blocking state [ 751.486118][ T1292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 751.497130][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 751.505182][ T6551] bridge0: port 2(bridge_slave_1) entered blocking state [ 751.512139][ T6551] bridge0: port 2(bridge_slave_1) entered forwarding state [ 751.528074][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 751.538233][T17301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 751.557180][T23578] device veth0_vlan entered promiscuous mode [ 751.563711][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 751.572438][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 751.580476][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 751.587765][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 751.600849][T23578] device veth1_macvtap entered promiscuous mode [ 751.608547][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 751.624463][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 751.633086][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 751.647706][ T6] usb 4-1: New USB device found, idVendor=5e5b, idProduct=9318, bcdDevice=bd.92 [ 751.657080][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 751.664909][ T6] usb 4-1: Product: syz [ 751.668994][ T6] usb 4-1: Manufacturer: syz [ 751.673505][ T6] usb 4-1: SerialNumber: syz [ 751.679590][ T45] tipc: Left network mode [ 751.681415][ T6] usb 4-1: config 0 descriptor?? [ 751.726981][ T6] usb-storage 4-1:0.0: USB Mass Storage device detected [ 751.931057][ T26] usb 4-1: USB disconnect, device number 61 [ 752.278663][ T45] device bridge_slave_1 left promiscuous mode [ 752.284707][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 752.292485][ T45] device bridge_slave_0 left promiscuous mode [ 752.298726][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 752.306658][ T45] device veth1_macvtap left promiscuous mode [ 752.312466][ T45] device veth0_vlan left promiscuous mode [ 752.506496][T23611] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 752.517591][T23611] FAT-fs (loop1): unable to read boot sector [ 752.920989][T23627] loop2: detected capacity change from 0 to 512 [ 752.964599][T23627] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e02d, mo2=0002] [ 752.972509][T23627] System zones: 1-12 [ 752.976876][T23627] EXT4-fs error (device loop2): __ext4_iget:4892: inode #11: block 393240: comm syz-executor.2: invalid block [ 752.988600][T23627] EXT4-fs (loop2): Remounting filesystem read-only [ 752.995072][T23627] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz-executor.2: couldn't read orphan inode 11 (err -117) [ 753.007618][T23627] EXT4-fs (loop2): mounted filesystem without journal. Opts: init_itable,nombcache,commit=0x0000000000000000,errors=remount-ro,resgid=0x0000000000000000. Quota mode: none. [ 753.027189][T23627] EXT4-fs error (device loop2): ext4_map_blocks:602: inode #2: block 5: comm syz-executor.2: lblock 0 mapped to illegal pblock 5 (length 1) [ 753.041541][T23627] EXT4-fs (loop2): Remounting filesystem read-only [ 753.095645][T23633] binder: 23632:23633 ioctl c0306201 20000000 returned -14 [ 753.106882][ T328] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 753.265494][T23638] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 753.276339][T23638] FAT-fs (loop3): unable to read boot sector [ 753.366267][ T328] usb 4-1: Using ep0 maxpacket: 8 [ 753.546334][ T328] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 753.669709][T23645] loop2: detected capacity change from 0 to 8192 [ 753.746527][ T328] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 753.755461][ T328] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 753.763368][ T328] usb 4-1: Product: syz [ 753.767341][ T328] usb 4-1: Manufacturer: syz [ 753.772073][ T328] usb 4-1: SerialNumber: syz [ 753.826880][ T328] cdc_ether: probe of 4-1:1.0 failed with error -22 [ 754.032582][ T6] usb 4-1: USB disconnect, device number 62 [ 754.254769][T23660] device pim6reg1 entered promiscuous mode [ 754.439406][T23667] syz-executor.1[23667] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 754.439467][T23667] syz-executor.1[23667] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 754.508899][T23669] loop2: detected capacity change from 0 to 128 [ 754.553417][T23669] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 754.564112][T23669] ext4 filesystem being mounted at /root/syzkaller-testdir2640406469/syzkaller.3VoIIQ/13/mnt supports timestamps until 2038 (0x7fffffff) [ 754.625848][T23672] loop1: detected capacity change from 0 to 512 [ 754.698434][T23672] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000008000,minixdf,,errors=continue. Quota mode: writeback. [ 754.714550][T23672] ext4 filesystem being mounted at /root/syzkaller-testdir3581808218/syzkaller.QkaCIW/115/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 754.766671][T23676] loop3: detected capacity change from 0 to 2048 [ 754.806924][T23676] loop3: p3 < > p4 < > [ 754.811745][T23676] loop3: partition table partially beyond EOD, truncated [ 754.819038][T23676] loop3: p3 start 4284289 is beyond EOD, truncated [ 755.075207][ T30] audit: type=1326 audit(1718567448.990:43839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23685 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc15a7fea9 code=0x7ffc0000 [ 755.116300][ T30] audit: type=1326 audit(1718567448.990:43840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23685 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdc15a7fea9 code=0x7ffc0000 [ 755.147711][ T30] audit: type=1326 audit(1718567449.020:43841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23685 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc15a7fea9 code=0x7ffc0000 [ 755.172235][ T30] audit: type=1326 audit(1718567449.030:43842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23685 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc15a7fea9 code=0x7ffc0000 [ 755.196788][ T30] audit: type=1326 audit(1718567449.030:43843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23685 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdc15a7fea9 code=0x7ffc0000 [ 755.221020][ T30] audit: type=1326 audit(1718567449.030:43844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23685 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc15a7fea9 code=0x7ffc0000 [ 755.248785][ T30] audit: type=1326 audit(1718567449.030:43845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23685 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdc15a7d627 code=0x7ffc0000 [ 755.272949][ T30] audit: type=1326 audit(1718567449.030:43846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23685 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdc15a43309 code=0x7ffc0000 [ 755.297518][ T30] audit: type=1326 audit(1718567449.030:43847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23685 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc15a7fea9 code=0x7ffc0000 [ 755.321922][ T30] audit: type=1326 audit(1718567449.030:43848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23685 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdc15a7d627 code=0x7ffc0000 [ 755.750552][T23702] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=23702 comm=syz-executor.1 [ 755.750715][T23703] FAT-fs (loop7): invalid media value (0x1c) [ 755.769251][T23703] FAT-fs (loop7): Can't find a valid FAT filesystem [ 755.906194][T17301] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 755.946023][T23710] loop3: detected capacity change from 0 to 512 [ 755.999840][T23710] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000008000,minixdf,,errors=continue. Quota mode: writeback. [ 756.016327][T23710] ext4 filesystem being mounted at /root/syzkaller-testdir521349125/syzkaller.brndQM/380/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 756.286305][T17301] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 756.295782][T17301] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0 [ 756.305572][T17301] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 756.391475][T23725] loop3: detected capacity change from 0 to 256 [ 756.520602][T17301] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 756.866319][T17301] usb 3-1: New USB device found, idVendor=04b4, idProduct=009b, bcdDevice=16.89 [ 756.875252][T17301] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 756.883064][T17301] usb 3-1: Product: syz [ 756.887055][T17301] usb 3-1: Manufacturer: syz [ 756.891492][T17301] usb 3-1: SerialNumber: syz [ 756.896685][T17301] usb 3-1: config 0 descriptor?? [ 756.909368][T23732] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 756.936969][T17301] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 756.944594][T17301] usb 3-1: Detected FT-X [ 756.948919][T17301] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 4 [ 756.956099][T17301] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 2 [ 757.156278][T17301] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 757.176426][T17301] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 757.196273][T17301] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71 [ 757.203200][T17301] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 757.211888][T17301] usb 3-1: USB disconnect, device number 53 [ 757.218294][T17301] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 757.227867][T17301] ftdi_sio 3-1:0.0: device disconnected [ 757.237865][T23738] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 757.248672][T23738] FAT-fs (loop1): unable to read boot sector [ 757.523192][T23748] loop3: detected capacity change from 0 to 512 [ 757.617014][T23750] loop1: detected capacity change from 0 to 40427 [ 757.629999][T23748] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000008000,minixdf,,errors=continue. Quota mode: writeback. [ 757.646570][T23748] ext4 filesystem being mounted at /root/syzkaller-testdir521349125/syzkaller.brndQM/384/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 757.688336][T23750] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 757.695950][T23750] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 757.705543][T23750] F2FS-fs (loop1): invalid crc value [ 757.712133][T23750] F2FS-fs (loop1): Found nat_bits in checkpoint [ 757.735565][T23750] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 757.742693][T23750] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 757.774544][T23750] overlayfs: invalid redirect (./file1) [ 757.807363][ T45] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 757.816207][ T45] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 758.196212][T17301] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 758.556241][T17301] usb 4-1: Using ep0 maxpacket: 8 [ 758.897039][T17301] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 759.076282][T17301] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 759.085233][T17301] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 759.093206][T17301] usb 4-1: Product: syz [ 759.098048][T17301] usb 4-1: Manufacturer: syz [ 759.102503][T17301] usb 4-1: SerialNumber: syz [ 759.146594][T17301] cdc_ether: probe of 4-1:1.0 failed with error -22 [ 759.349200][ T6] usb 4-1: USB disconnect, device number 63 [ 760.236409][ T30] kauditd_printk_skb: 18 callbacks suppressed [ 760.236424][ T30] audit: type=1400 audit(1718567454.160:43867): avc: denied { ioctl } for pid=23816 comm="syz-executor.3" path="/dev/fuse" dev="devtmpfs" ino=91 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 760.553662][T23831] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 760.688830][T23839] tap0: tun_chr_ioctl cmd 1074025698 [ 761.159531][T23858] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. [ 761.579938][T23866] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 761.726299][T23872] tap0: tun_chr_ioctl cmd 1074025698 [ 761.746444][ T6] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 761.996210][ T6] usb 4-1: Using ep0 maxpacket: 16 [ 762.316329][ T6] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 762.326498][ T6] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 762.335343][ T6] usb 4-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 762.344321][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 762.396576][ T6] ums-sddr09 4-1:1.0: USB Mass Storage device detected [ 762.599035][T23863] UDC core: couldn't find an available UDC or it's busy: -16 [ 762.606400][T23863] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 762.617520][ T6] usb 4-1: USB disconnect, device number 64 [ 763.334737][T23909] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'. [ 763.755376][T23916] syz-executor.1[23916] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 763.755436][T23916] syz-executor.1[23916] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 763.821747][T23917] bridge0: port 1(bridge_slave_0) entered blocking state [ 763.840672][T23917] bridge0: port 1(bridge_slave_0) entered disabled state [ 763.848391][T23917] device bridge_slave_0 entered promiscuous mode [ 763.855306][T23917] bridge0: port 2(bridge_slave_1) entered blocking state [ 763.862401][T23917] bridge0: port 2(bridge_slave_1) entered disabled state [ 763.870392][T23917] device bridge_slave_1 entered promiscuous mode [ 763.929925][T23917] bridge0: port 2(bridge_slave_1) entered blocking state [ 763.936817][T23917] bridge0: port 2(bridge_slave_1) entered forwarding state [ 763.943920][T23917] bridge0: port 1(bridge_slave_0) entered blocking state [ 763.950694][T23917] bridge0: port 1(bridge_slave_0) entered forwarding state [ 763.989450][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 763.998751][ T26] bridge0: port 1(bridge_slave_0) entered disabled state [ 764.006232][ T26] bridge0: port 2(bridge_slave_1) entered disabled state [ 764.031908][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 764.063468][ T6551] bridge0: port 1(bridge_slave_0) entered blocking state [ 764.070367][ T6551] bridge0: port 1(bridge_slave_0) entered forwarding state [ 764.087865][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 764.096730][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 764.103573][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 764.110873][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 764.118758][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 764.127409][ T45] device veth1_macvtap left promiscuous mode [ 764.133461][ T45] device veth0_vlan left promiscuous mode [ 764.189322][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 764.201423][T23917] device veth0_vlan entered promiscuous mode [ 764.209238][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 764.217244][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 764.224557][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 764.239592][T23917] device veth1_macvtap entered promiscuous mode [ 764.247787][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 764.265798][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 764.274474][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 764.524063][T23945] loop2: detected capacity change from 0 to 1024 [ 764.578632][T23945] EXT4-fs (loop2): mounted filesystem without journal. Opts: user_xattr,init_itable=0x0000000000000003,discard,stripe=0x0000000000000009,block_validity,max_dir_size_kb=0x00000000200007b1,bsddf,min_batch_time=0x0000000000000008,delalloc,noquota,stripe=0x00000000000000ff,discard,sb=0x00,errors=continue. Quota mode: none. [ 764.966970][T23961] bridge0: port 1(bridge_slave_0) entered blocking state [ 764.973941][T23961] bridge0: port 1(bridge_slave_0) entered disabled state [ 764.981605][T23961] device bridge_slave_0 entered promiscuous mode [ 764.988788][T23961] bridge0: port 2(bridge_slave_1) entered blocking state [ 764.995720][T23961] bridge0: port 2(bridge_slave_1) entered disabled state [ 765.003102][T23961] device bridge_slave_1 entered promiscuous mode [ 765.060453][T23961] bridge0: port 2(bridge_slave_1) entered blocking state [ 765.067347][T23961] bridge0: port 2(bridge_slave_1) entered forwarding state [ 765.074433][T23961] bridge0: port 1(bridge_slave_0) entered blocking state [ 765.081202][T23961] bridge0: port 1(bridge_slave_0) entered forwarding state [ 765.202028][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 765.210819][ T26] bridge0: port 1(bridge_slave_0) entered disabled state [ 765.218521][ T26] bridge0: port 2(bridge_slave_1) entered disabled state [ 765.237980][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 765.246536][ T1292] bridge0: port 1(bridge_slave_0) entered blocking state [ 765.253404][ T1292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 765.260746][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 765.269108][ T1292] bridge0: port 2(bridge_slave_1) entered blocking state [ 765.276041][ T1292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 765.283722][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 765.310186][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 765.329267][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 765.342397][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 765.351257][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 765.358688][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 765.368497][ T45] device bridge_slave_1 left promiscuous mode [ 765.374771][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 765.382294][ T45] device bridge_slave_0 left promiscuous mode [ 765.388301][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 765.396414][ T45] device veth1_macvtap left promiscuous mode [ 765.402388][ T45] device veth0_vlan left promiscuous mode [ 765.520331][T23961] device veth0_vlan entered promiscuous mode [ 765.530998][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 765.540411][T23961] device veth1_macvtap entered promiscuous mode [ 765.551303][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 765.562471][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 765.671265][T23984] loop1: detected capacity change from 0 to 256 [ 765.778491][T23990] loop2: detected capacity change from 0 to 256 [ 766.084575][T24005] loop1: detected capacity change from 0 to 1024 [ 766.119885][T24005] EXT4-fs (loop1): Ignoring removed orlov option [ 766.142010][T24005] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=8802c118, mo2=0002] [ 766.151790][T24005] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,nodiscard,debug,max_batch_time=0x0000000000000009,debug_want_extra_isize=0x0000000000000080,max_dir_size_kb=0x0000000000006dfe,norecovery,orlov,lazytime,,errors=continue. Quota mode: none. [ 766.182206][ T30] audit: type=1400 audit(1718567460.100:43868): avc: denied { create } for pid=24001 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1 [ 766.194130][T24005] EXT4-fs warning (device loop1): ext4_read_block_bitmap_nowait:485: Cannot get buffer for block bitmap - block_group = 0, block_bitmap = 1768304430 [ 766.294881][T22472] EXT4-fs warning (device loop1): ext4_read_block_bitmap_nowait:485: Cannot get buffer for block bitmap - block_group = 0, block_bitmap = 1768304430 [ 766.310133][T22472] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6153: Out of memory [ 766.319158][T22472] EXT4-fs warning (device loop1): ext4_read_inode_bitmap:149: Cannot read inode bitmap - block_group = 0, inode_bitmap = 3171692 [ 766.332659][T22472] EXT4-fs error (device loop1) in ext4_free_inode:362: Out of memory [ 766.343243][T22472] EXT4-fs warning (device loop1): ext4_read_block_bitmap_nowait:485: Cannot get buffer for block bitmap - block_group = 0, block_bitmap = 1768304430 [ 766.358875][T22472] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6153: Out of memory [ 766.367667][T22472] EXT4-fs warning (device loop1): ext4_read_inode_bitmap:149: Cannot read inode bitmap - block_group = 0, inode_bitmap = 3171692 [ 766.383749][T22472] EXT4-fs error (device loop1) in ext4_free_inode:362: Out of memory [ 766.393268][T22472] EXT4-fs warning (device loop1): ext4_read_inode_bitmap:149: Cannot read inode bitmap - block_group = 0, inode_bitmap = 3171692 [ 766.406617][T22472] EXT4-fs error (device loop1) in ext4_free_inode:362: Out of memory [ 766.415876][T22472] EXT4-fs warning (device loop1): ext4_read_inode_bitmap:149: Cannot read inode bitmap - block_group = 0, inode_bitmap = 3171692 [ 766.429256][T22472] EXT4-fs error (device loop1) in ext4_free_inode:362: Out of memory [ 766.439469][T22472] EXT4-fs warning (device loop1): ext4_read_block_bitmap_nowait:485: Cannot get buffer for block bitmap - block_group = 0, block_bitmap = 1768304430 [ 766.454557][T22472] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6153: Out of memory [ 766.463321][T22472] EXT4-fs warning (device loop1): ext4_read_inode_bitmap:149: Cannot read inode bitmap - block_group = 0, inode_bitmap = 3171692 [ 766.476662][T22472] EXT4-fs error (device loop1) in ext4_free_inode:362: Out of memory [ 766.486705][T22472] EXT4-fs warning (device loop1): ext4_read_inode_bitmap:149: Cannot read inode bitmap - block_group = 0, inode_bitmap = 3171692 [ 766.500062][T22472] EXT4-fs error (device loop1) in ext4_free_inode:362: Out of memory [ 766.509948][T22472] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6153: Out of memory [ 766.682315][T24012] syz-executor.1[24012] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 766.682478][T24012] syz-executor.1[24012] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 767.409472][T24029] device pim6reg1 entered promiscuous mode [ 768.415855][T24061] loop2: detected capacity change from 0 to 1024 [ 768.468038][T24061] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 768.478539][T24061] ext4 filesystem being mounted at /root/syzkaller-testdir3031531686/syzkaller.VJ39m4/7/file1 supports timestamps until 2038 (0x7fffffff) [ 768.502612][T24066] loop3: detected capacity change from 0 to 2048 [ 768.557855][T24066] EXT4-fs error (device loop3): ext4_orphan_get:1423: comm syz-executor.3: bad orphan inode 8192 [ 768.568551][T24066] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 768.891729][T24076] overlayfs: failed to resolve './file1': -2 [ 769.260986][T24085] loop1: detected capacity change from 0 to 512 [ 769.313792][T24085] EXT4-fs (loop1): error: journal path ./file0 is not a block device [ 769.459570][T24090] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 769.928617][T24096] loop2: detected capacity change from 0 to 512 [ 769.985208][T24096] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 770.008471][T24096] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsold,norecovery,journal_ioprio=0x0000000000000004,,errors=continue. Quota mode: writeback. [ 770.024570][T24096] ext4 filesystem being mounted at /root/syzkaller-testdir3031531686/syzkaller.VJ39m4/10/file0 supports timestamps until 2038 (0x7fffffff) [ 770.810862][ T4015] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 771.096250][ T4015] usb 3-1: Using ep0 maxpacket: 16 [ 771.246290][ T4015] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 771.256253][ T4015] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 771.265029][ T4015] usb 3-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 771.274084][ T4015] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 771.313176][T24129] loop3: detected capacity change from 0 to 512 [ 771.326614][ T4015] ums-sddr09 3-1:1.0: USB Mass Storage device detected [ 771.373916][T24129] EXT4-fs (loop3): error: journal path ./file0 is not a block device [ 771.529090][T24119] UDC core: couldn't find an available UDC or it's busy: -16 [ 771.536479][T24119] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 771.547330][ T4015] usb 3-1: USB disconnect, device number 54 [ 771.834725][T24141] loop3: detected capacity change from 0 to 2048 [ 771.912706][T24141] loop3: unable to read partition table [ 771.918283][T24141] loop3: partition table beyond EOD, truncated [ 771.924297][T24141] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) [ 772.038440][T24147] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.0'. [ 772.244764][T24152] loop2: detected capacity change from 0 to 2048 [ 772.312517][T24155] overlayfs: failed to resolve './file1': -2 [ 772.418237][T24152] EXT4-fs error (device loop2): ext4_orphan_get:1423: comm syz-executor.2: bad orphan inode 8192 [ 772.428828][T24152] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 773.115098][T24170] fuse: Unknown parameter 'grou00000000000000000000' [ 773.464952][T24182] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.3'. [ 773.743116][ T30] audit: type=1400 audit(1718567467.660:43869): avc: denied { execute } for pid=24184 comm="syz-executor.0" name="file1" dev="ramfs" ino=126131 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 773.765847][ T30] audit: type=1400 audit(1718567467.660:43870): avc: denied { execute_no_trans } for pid=24184 comm="syz-executor.0" path="/root/syzkaller-testdir3285488486/syzkaller.5vCIlA/91/file0/file1" dev="ramfs" ino=126131 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 773.818561][T24191] loop2: detected capacity change from 0 to 1024 [ 773.876788][T24191] EXT4-fs (loop2): Ignoring removed nobh option [ 773.882884][T24191] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled [ 773.894169][T24191] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,lazytime,errors=continue,noinit_itable,nobh,jqfmt=vfsold,usrquota,errors=continue,,errors=continue. Quota mode: writeback. [ 774.495925][T24208] fuse: Unknown parameter 'grou00000000000000000000' [ 774.553737][T24210] loop3: detected capacity change from 0 to 128 [ 774.606024][T24210] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 774.616583][T24210] ext4 filesystem being mounted at /root/syzkaller-testdir521349125/syzkaller.brndQM/427/mnt supports timestamps until 2038 (0x7fffffff) [ 775.211292][T24230] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.2'. [ 775.220542][T24230] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.2'. [ 775.229941][T24230] netlink: 'syz-executor.2': attribute type 5 has an invalid length. [ 775.238531][T24230] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.2'. [ 775.468471][ T30] audit: type=1400 audit(1718567469.390:43871): avc: denied { nlmsg_write } for pid=24239 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 776.558167][T24266] netlink: 68 bytes leftover after parsing attributes in process `syz-executor.0'. [ 777.650782][ T30] audit: type=1326 audit(1718567471.570:43872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24291 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x0 [ 777.751627][T24296] loop2: detected capacity change from 0 to 256 [ 777.816664][T24296] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 778.195130][T24305] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 778.206241][T24305] FAT-fs (loop3): unable to read boot sector [ 778.497108][T24314] loop3: detected capacity change from 0 to 1024 [ 778.531215][T24314] EXT4-fs (loop3): Ignoring removed oldalloc option [ 778.540316][T24314] EXT4-fs (loop3): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000080000,lazytime,resuid=0x0000000000000000,noblock_validity,bsddf,oldalloc,nodiscard,data_err=abort,,errors=continue. Quota mode: writeback. [ 778.565563][T24314] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback. [ 778.574661][T24314] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback. [ 779.000232][T24336] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 779.387376][T24340] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 779.703893][T24350] loop2: detected capacity change from 0 to 2048 [ 779.747851][T24350] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 779.768066][T24354] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 779.812645][T24355] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 234: padding at end of block bitmap is not set [ 779.827802][T24355] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6153: Corrupt filesystem [ 779.837938][ T347] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2048 with error 28 [ 779.850234][ T347] EXT4-fs (loop2): This should not happen!! Data will be lost [ 779.850234][ T347] [ 779.859673][ T347] EXT4-fs (loop2): Total free blocks count 0 [ 779.865641][ T347] EXT4-fs (loop2): Free/Dirty block details [ 779.871730][ T347] EXT4-fs (loop2): free_blocks=0 [ 779.876528][ T347] EXT4-fs (loop2): dirty_blocks=3024 [ 779.881610][ T347] EXT4-fs (loop2): Block reservation details [ 779.887521][ T347] EXT4-fs (loop2): i_reserved_data_blocks=189 [ 779.899008][ T30] audit: type=1107 audit(1718567473.820:43873): pid=24356 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='¢' [ 779.918508][ T347] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 969 with error 28 [ 779.931436][ T347] EXT4-fs (loop2): This should not happen!! Data will be lost [ 779.931436][ T347] [ 780.586909][ T30] audit: type=1107 audit(1718567474.510:43874): pid=24383 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='¢' [ 780.799734][T24393] loop3: detected capacity change from 0 to 1024 [ 780.837057][T24393] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 780.848651][T24393] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,resgid=0x0000000000000000,norecovery,commit=0x0000000000000005,nombcache,,errors=continue. Quota mode: writeback. [ 780.951270][ T30] audit: type=1326 audit(1718567474.870:43875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24392 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff48a40aea9 code=0x0 [ 781.911090][T24412] loop2: detected capacity change from 0 to 128 [ 781.956529][T24412] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 781.967188][T24412] ext4 filesystem being mounted at /root/syzkaller-testdir3031531686/syzkaller.VJ39m4/58/mnt supports timestamps until 2038 (0x7fffffff) [ 782.167826][T24420] overlayfs: failed to resolve './file0': -2 [ 782.241539][T24423] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 784.666596][T24478] overlayfs: failed to resolve './file0': -2 [ 784.864439][T24487] SELinux: security_context_str_to_sid(root) failed for (dev ?, type ?) errno=-22 [ 784.873776][T24487] SELinux: security_context_str_to_sid(root) failed for (dev tmpfs, type tmpfs) errno=-22 [ 785.308222][T24496] loop2: detected capacity change from 0 to 128 [ 785.362433][T24496] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 785.373317][T24496] ext4 filesystem being mounted at /root/syzkaller-testdir3031531686/syzkaller.VJ39m4/69/mnt supports timestamps until 2038 (0x7fffffff) [ 785.729200][T24511] loop2: detected capacity change from 0 to 2048 [ 785.798001][T24511] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 785.879534][T24511] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 234: padding at end of block bitmap is not set [ 785.894408][T24511] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6153: Corrupt filesystem [ 785.907957][T20961] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2048 with error 28 [ 785.920389][T20961] EXT4-fs (loop2): This should not happen!! Data will be lost [ 785.920389][T20961] [ 785.929833][T20961] EXT4-fs (loop2): Total free blocks count 0 [ 785.935613][T20961] EXT4-fs (loop2): Free/Dirty block details [ 785.941438][T20961] EXT4-fs (loop2): free_blocks=0 [ 785.946200][T20961] EXT4-fs (loop2): dirty_blocks=2944 [ 785.951549][T20961] EXT4-fs (loop2): Block reservation details [ 785.957367][T20961] EXT4-fs (loop2): i_reserved_data_blocks=184 [ 785.969116][T20961] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2050 with max blocks 879 with error 28 [ 785.981825][T20961] EXT4-fs (loop2): This should not happen!! Data will be lost [ 785.981825][T20961] [ 786.495323][T24534] syz-executor.2[24534] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 786.495405][T24534] syz-executor.2[24534] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 787.511698][T24562] syz-executor.3[24562] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 787.523457][T24562] syz-executor.3[24562] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 788.841595][T24602] syz-executor.0[24602] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 788.853344][T24602] syz-executor.0[24602] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 789.215277][T24612] loop3: detected capacity change from 0 to 256 [ 789.280666][ T30] audit: type=1400 audit(1718567483.200:43876): avc: denied { lock } for pid=24611 comm="syz-executor.3" path="/root/syzkaller-testdir521349125/syzkaller.brndQM/478/file0/file0" dev="loop3" ino=1048988 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 789.602930][T24622] bridge0: port 1(bridge_slave_0) entered blocking state [ 789.610122][T24622] bridge0: port 1(bridge_slave_0) entered disabled state [ 789.618055][T24622] device bridge_slave_0 entered promiscuous mode [ 789.627145][T24622] bridge0: port 2(bridge_slave_1) entered blocking state [ 789.634055][T24622] bridge0: port 2(bridge_slave_1) entered disabled state [ 789.641387][T24622] device bridge_slave_1 entered promiscuous mode [ 789.694087][T24622] bridge0: port 2(bridge_slave_1) entered blocking state [ 789.700980][T24622] bridge0: port 2(bridge_slave_1) entered forwarding state [ 789.708073][T24622] bridge0: port 1(bridge_slave_0) entered blocking state [ 789.714839][T24622] bridge0: port 1(bridge_slave_0) entered forwarding state [ 789.740607][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 789.749238][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 789.756317][T24633] syz-executor.0[24633] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 789.756396][T24633] syz-executor.0[24633] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 789.768656][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 789.794539][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 789.803284][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 789.810179][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 789.825822][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 789.833917][ T6551] bridge0: port 2(bridge_slave_1) entered blocking state [ 789.840777][ T6551] bridge0: port 2(bridge_slave_1) entered forwarding state [ 789.857644][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 789.865449][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 789.882010][T24622] device veth0_vlan entered promiscuous mode [ 789.888926][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 789.897534][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 789.905353][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 789.912807][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 789.921492][T20961] device bridge_slave_1 left promiscuous mode [ 789.927618][T20961] bridge0: port 2(bridge_slave_1) entered disabled state [ 789.935124][T20961] device bridge_slave_0 left promiscuous mode [ 789.941276][T20961] bridge0: port 1(bridge_slave_0) entered disabled state [ 789.950285][T20961] device veth1_macvtap left promiscuous mode [ 789.956336][T20961] device veth0_vlan left promiscuous mode [ 790.042977][T24622] device veth1_macvtap entered promiscuous mode [ 790.053908][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 790.291095][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 790.305629][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 790.704515][T24653] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 791.081929][T24659] loop2: detected capacity change from 0 to 128 [ 791.137706][T24659] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 791.148277][T24659] ext4 filesystem being mounted at /root/syzkaller-testdir3031531686/syzkaller.VJ39m4/90/mnt supports timestamps until 2038 (0x7fffffff) [ 791.290705][ T30] audit: type=1326 audit(1718567485.210:43877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24665 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000 [ 791.314733][ T30] audit: type=1326 audit(1718567485.210:43878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24665 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000 [ 791.348284][ T30] audit: type=1326 audit(1718567485.210:43879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24665 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000 [ 791.372553][ T30] audit: type=1326 audit(1718567485.260:43880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24665 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000 [ 791.511663][ T30] audit: type=1326 audit(1718567485.270:43881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24665 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000 [ 791.546294][ T30] audit: type=1400 audit(1718567485.350:43882): avc: denied { getopt } for pid=24664 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 791.567636][ T30] audit: type=1326 audit(1718567485.470:43883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24665 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000 [ 791.610351][ T30] audit: type=1326 audit(1718567485.530:43884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24665 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000 [ 791.634804][ T30] audit: type=1326 audit(1718567485.530:43885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24665 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000 [ 791.652839][T24667] loop4: detected capacity change from 0 to 2048 [ 791.696396][T24667] EXT4-fs (loop4): error: journal path ./file0 is not a block device [ 792.586344][ T26] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 792.737882][T24700] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 793.006230][ T26] usb 4-1: Using ep0 maxpacket: 32 [ 793.166295][ T26] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 793.177446][ T26] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 793.351085][ T26] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 793.371416][ T26] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 793.379651][ T26] usb 4-1: Product: syz [ 793.383688][ T26] usb 4-1: Manufacturer: syz [ 793.426560][ T26] hub 4-1:4.0: USB hub found [ 793.716282][ T26] hub 4-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 794.036340][ T6551] usb 4-1: USB disconnect, device number 65 [ 794.332043][T24734] loop4: detected capacity change from 0 to 512 [ 794.355629][T24735] loop2: detected capacity change from 0 to 128 [ 794.386978][T24734] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.4: corrupted in-inode xattr [ 794.399965][T24734] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz-executor.4: couldn't read orphan inode 15 (err -117) [ 794.401022][T24735] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 794.416684][T24734] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 794.427328][T24735] ext4 filesystem being mounted at /root/syzkaller-testdir3031531686/syzkaller.VJ39m4/97/mnt supports timestamps until 2038 (0x7fffffff) [ 795.069760][T24770] loop4: detected capacity change from 0 to 512 [ 795.131703][T24770] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.4: corrupted in-inode xattr [ 795.144521][T24770] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz-executor.4: couldn't read orphan inode 15 (err -117) [ 795.157484][T24770] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 795.189342][T24765] kvm [24764]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x187 data 0x5ce00000000 [ 795.371600][T20961] tipc: Disabling bearer [ 795.377169][T20961] tipc: Left network mode [ 795.627138][T24789] bridge0: port 1(bridge_slave_0) entered blocking state [ 795.634312][T24789] bridge0: port 1(bridge_slave_0) entered disabled state [ 795.642036][T24789] device bridge_slave_0 entered promiscuous mode [ 795.651788][T24789] bridge0: port 2(bridge_slave_1) entered blocking state [ 795.658886][T24789] bridge0: port 2(bridge_slave_1) entered disabled state [ 795.676610][T24789] device bridge_slave_1 entered promiscuous mode [ 795.778569][T24789] bridge0: port 2(bridge_slave_1) entered blocking state [ 795.785459][T24789] bridge0: port 2(bridge_slave_1) entered forwarding state [ 795.792608][T24789] bridge0: port 1(bridge_slave_0) entered blocking state [ 795.799464][T24789] bridge0: port 1(bridge_slave_0) entered forwarding state [ 795.840983][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 795.849635][ T26] bridge0: port 1(bridge_slave_0) entered disabled state [ 795.857304][ T26] bridge0: port 2(bridge_slave_1) entered disabled state [ 795.880046][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 795.896835][ T328] bridge0: port 1(bridge_slave_0) entered blocking state [ 795.903701][ T328] bridge0: port 1(bridge_slave_0) entered forwarding state [ 795.912309][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 795.920462][ T328] bridge0: port 2(bridge_slave_1) entered blocking state [ 795.927324][ T328] bridge0: port 2(bridge_slave_1) entered forwarding state [ 795.935610][T20961] device bridge_slave_1 left promiscuous mode [ 795.942468][T20961] bridge0: port 2(bridge_slave_1) entered disabled state [ 795.950062][T20961] device bridge_slave_0 left promiscuous mode [ 795.956588][T20961] bridge0: port 1(bridge_slave_0) entered disabled state [ 795.965013][T20961] device veth1_macvtap left promiscuous mode [ 795.970904][T20961] device veth0_vlan left promiscuous mode [ 795.991975][ T30] kauditd_printk_skb: 18 callbacks suppressed [ 795.991991][ T30] audit: type=1400 audit(1718567489.910:43904): avc: denied { ioctl } for pid=24804 comm="syz-executor.4" path="socket:[129487]" dev="sockfs" ino=129487 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 796.120189][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 796.134135][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 796.151414][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 796.163872][T24789] device veth0_vlan entered promiscuous mode [ 796.176554][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 796.184391][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 796.191984][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 796.204491][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 796.214124][T24789] device veth1_macvtap entered promiscuous mode [ 796.224389][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 796.232996][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 796.308761][T24812] loop3: detected capacity change from 0 to 8192 [ 796.338474][T24812] loop3: p1 p4 [ 796.341834][T24812] loop3: p1 size 8388608 extends beyond EOD, truncated [ 796.349679][T24812] loop3: p4 start 4278190080 is beyond EOD, truncated [ 796.671594][T24831] loop1: detected capacity change from 0 to 512 [ 796.731475][T24831] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.1: corrupted in-inode xattr [ 796.744122][T24831] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz-executor.1: couldn't read orphan inode 15 (err -117) [ 796.756502][T24831] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 797.009090][T24846] loop4: detected capacity change from 0 to 8192 [ 797.046840][T24846] loop4: p1 p4 [ 797.050219][T24846] loop4: p1 size 8388608 extends beyond EOD, truncated [ 797.057453][T24846] loop4: p4 start 4278190080 is beyond EOD, truncated [ 797.261303][T24853] loop1: detected capacity change from 0 to 40427 [ 797.301140][T24853] F2FS-fs (loop1): Found nat_bits in checkpoint [ 797.327066][T24853] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 797.380704][T24789] attempt to access beyond end of device [ 797.380704][T24789] loop1: rw=2049, want=45104, limit=40427 [ 797.549745][T24867] kvm [24866]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x187 data 0x5ce00000000 [ 797.681633][T24878] loop4: detected capacity change from 0 to 1024 [ 797.967663][T24878] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled [ 797.979619][T24878] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsddf,debug_want_extra_isize=0x0000000000000084,resuid=0x0000000000000000,grpid,lazytime,jqfmt=vfsold,usrquota,data_err=abort,,errors=continue. Quota mode: writeback. [ 798.228717][T24885] loop1: detected capacity change from 0 to 8192 [ 798.255633][ T30] audit: type=1326 audit(1718567492.170:43905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24884 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000 [ 798.290754][T24885] loop1: p1 p4 [ 798.296672][T24885] loop1: p1 size 8388608 extends beyond EOD, truncated [ 798.312233][T24885] loop1: p4 start 4278190080 is beyond EOD, truncated [ 798.316239][ T30] audit: type=1326 audit(1718567492.200:43906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24884 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000 [ 798.343169][ T30] audit: type=1326 audit(1718567492.200:43907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24884 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000 [ 798.367584][ T30] audit: type=1326 audit(1718567492.200:43908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24884 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000 [ 798.392222][ T30] audit: type=1326 audit(1718567492.200:43909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24884 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000 [ 798.416307][ T30] audit: type=1326 audit(1718567492.200:43910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24884 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000 [ 798.440978][ T30] audit: type=1326 audit(1718567492.200:43911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24884 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000 [ 798.474868][ T30] audit: type=1326 audit(1718567492.200:43912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24884 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000 [ 798.499592][ T30] audit: type=1326 audit(1718567492.200:43913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24884 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x7ffc0000 [ 799.176020][T24909] syz-executor.1[24909] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 799.176077][T24909] syz-executor.1[24909] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 799.189484][T24909] syz-executor.1[24909] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 799.201549][T24909] syz-executor.1[24909] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 799.394631][T24918] loop3: detected capacity change from 0 to 8192 [ 799.446662][T24918] loop3: p1 p4 [ 799.450005][T24918] loop3: p1 size 8388608 extends beyond EOD, truncated [ 799.457171][T24918] loop3: p4 start 4278190080 is beyond EOD, truncated [ 800.753231][T24951] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 801.185968][T24953] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 801.255854][ T30] kauditd_printk_skb: 5237 callbacks suppressed [ 801.255871][ T30] audit: type=1326 audit(1718567495.170:49151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24955 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000 [ 801.286431][ T30] audit: type=1326 audit(1718567495.170:49152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24955 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000 [ 801.310514][ T30] audit: type=1326 audit(1718567495.180:49153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24955 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000 [ 801.334391][ T30] audit: type=1326 audit(1718567495.180:49154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24955 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000 [ 801.360225][ T30] audit: type=1326 audit(1718567495.180:49155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24955 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000 [ 801.384251][ T30] audit: type=1326 audit(1718567495.180:49156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24955 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=225 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000 [ 801.408746][ T30] audit: type=1326 audit(1718567495.180:49157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24955 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000 [ 801.432879][ T30] audit: type=1326 audit(1718567495.180:49158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24955 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff96fe87ea9 code=0x7ffc0000 [ 801.551892][T24959] loop4: detected capacity change from 0 to 8192 [ 801.596622][T24959] loop4: p1 p4 [ 801.600067][T24959] loop4: p1 size 8388608 extends beyond EOD, truncated [ 801.607358][T24959] loop4: p4 start 4278190080 is beyond EOD, truncated [ 802.108633][T24978] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 803.161073][T24988] kvm [24986]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x187 data 0x5ce00000000 [ 803.905816][T25009] loop1: detected capacity change from 0 to 40427 [ 803.959523][T25009] F2FS-fs (loop1): Found nat_bits in checkpoint [ 803.984832][T25009] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 804.051464][T24789] attempt to access beyond end of device [ 804.051464][T24789] loop1: rw=2049, want=45104, limit=40427 [ 804.457452][T25024] loop4: detected capacity change from 0 to 256 [ 804.489097][T25024] exFAT-fs (loop4): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 805.965899][T25052] loop1: detected capacity change from 0 to 256 [ 805.996272][T25052] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 806.220942][T25064] loop1: detected capacity change from 0 to 256 [ 806.259533][T25064] exFAT-fs (loop1): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 806.640552][T25067] loop3: detected capacity change from 0 to 40427 [ 806.678118][T25067] F2FS-fs (loop3): invalid crc value [ 806.687136][T25067] F2FS-fs (loop3): Found nat_bits in checkpoint [ 806.706596][T25079] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=25079 comm=syz-executor.0 [ 806.719853][T25067] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 806.779865][T25067] attempt to access beyond end of device [ 806.779865][T25067] loop3: rw=1, want=53448, limit=40427 [ 806.810743][T25082] loop1: detected capacity change from 0 to 512 [ 807.089013][T25086] kvm [25085]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x187 data 0x5ce00000000 [ 807.202210][T25092] input: syz0 as /devices/virtual/input/input75 [ 807.317906][T19473] attempt to access beyond end of device [ 807.317906][T19473] loop3: rw=2049, want=45104, limit=40427 [ 807.770040][T25103] loop3: detected capacity change from 0 to 40427 [ 807.816344][T25103] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 807.823920][T25103] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 807.840864][T25103] F2FS-fs (loop3): invalid crc value [ 807.850794][T25103] F2FS-fs (loop3): Found nat_bits in checkpoint [ 807.874148][T25103] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 807.881083][T25103] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 808.221500][ T30] audit: type=1326 audit(1718567502.140:49159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25112 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x0 [ 808.362231][ T6] kernel write not supported for file /vcs (pid: 6 comm: kworker/0:0) [ 808.372770][T25125] IPv4: Oversized IP packet from 127.202.26.0 [ 808.379490][ T1292] kernel write not supported for file /vcs (pid: 1292 comm: kworker/1:6) [ 808.581628][T25129] loop1: detected capacity change from 0 to 256 [ 808.645622][T25129] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 808.805759][T25138] loop1: detected capacity change from 0 to 256 [ 808.876989][T25138] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 809.123908][T25142] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=25142 comm=syz-executor.1 [ 809.393151][T25147] input: syz0 as /devices/virtual/input/input76 [ 809.522457][T25149] fscrypt: AES-128-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 809.534269][T25149] fscrypt: AES-128-CBC-ESSIV using implementation "essiv(cbc-aes-aesni,sha256-avx2)" [ 809.697576][T25158] IPv4: Oversized IP packet from 127.202.26.0 [ 810.514914][T25175] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=25175 comm=syz-executor.1 [ 810.580263][T25172] loop4: detected capacity change from 0 to 40427 [ 810.625905][T25172] F2FS-fs (loop4): invalid crc value [ 810.646950][T25172] F2FS-fs (loop4): Found nat_bits in checkpoint [ 810.736291][T25172] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 810.840819][T25187] attempt to access beyond end of device [ 810.840819][T25187] loop4: rw=1, want=53360, limit=40427 [ 811.105111][T25196] tipc: Enabling of bearer rejected, failed to enable media [ 811.222586][T25198] SELinux: security_context_str_to_sid(root) failed for (dev ?, type ?) errno=-22 [ 811.259125][T25198] SELinux: security_context_str_to_sid(root) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 811.330098][T24622] attempt to access beyond end of device [ 811.330098][T24622] loop4: rw=2049, want=45104, limit=40427 [ 811.550097][ T328] kernel write not supported for file /vcs (pid: 328 comm: kworker/1:3) [ 811.559339][ T328] kernel write not supported for file /vcs (pid: 328 comm: kworker/1:3) [ 812.635945][T25225] loop3: detected capacity change from 0 to 512 [ 812.678917][T25225] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 812.690718][T25225] EXT4-fs (loop3): 1 truncate cleaned up [ 812.696284][T25225] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 812.710447][T25225] EXT4-fs error (device loop3): empty_inline_dir:1824: inode #12: comm syz-executor.3: error -117 getting inode 12 block [ 812.768929][T25231] netlink: 'syz-executor.0': attribute type 27 has an invalid length. [ 812.789362][T25231] bridge0: port 2(bridge_slave_1) entered disabled state [ 812.796690][T25231] bridge0: port 1(bridge_slave_0) entered disabled state [ 812.816800][T19473] EXT4-fs error (device loop3): ext4_map_blocks:602: inode #2: block 13: comm syz-executor.3: lblock 0 mapped to illegal pblock 13 (length 1) [ 812.834171][T19473] EXT4-fs warning (device loop3): htree_dirblock_to_tree:1082: inode #2: lblock 0: comm syz-executor.3: error -117 reading directory block [ 812.856262][T19473] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5820: Corrupt filesystem [ 812.867707][T19473] EXT4-fs error (device loop3): ext4_dirty_inode:6024: inode #2: comm syz-executor.3: mark_inode_dirty error [ 813.010166][T25239] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 813.022099][T25236] loop1: detected capacity change from 0 to 40427 [ 813.072529][T25241] tipc: Enabling of bearer rejected, failed to enable media [ 813.087731][T25236] F2FS-fs (loop1): invalid crc value [ 813.096581][T25236] F2FS-fs (loop1): Found nat_bits in checkpoint [ 813.147413][T25236] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 813.233583][T25236] attempt to access beyond end of device [ 813.233583][T25236] loop1: rw=1, want=53424, limit=40427 [ 813.277135][T25250] bridge0: port 1(bridge_slave_0) entered blocking state [ 813.284346][T25250] bridge0: port 1(bridge_slave_0) entered disabled state [ 813.292132][T25250] device bridge_slave_0 entered promiscuous mode [ 813.299357][T25250] bridge0: port 2(bridge_slave_1) entered blocking state [ 813.306775][T25250] bridge0: port 2(bridge_slave_1) entered disabled state [ 813.314039][T25250] device bridge_slave_1 entered promiscuous mode [ 813.390172][T25250] bridge0: port 2(bridge_slave_1) entered blocking state [ 813.397071][T25250] bridge0: port 2(bridge_slave_1) entered forwarding state [ 813.404182][T25250] bridge0: port 1(bridge_slave_0) entered blocking state [ 813.411039][T25250] bridge0: port 1(bridge_slave_0) entered forwarding state [ 813.448938][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 813.457399][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 813.464870][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 813.479064][T25257] syz-executor.0[25257] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 813.479146][T25257] syz-executor.0[25257] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 813.497533][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 813.526629][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 813.533608][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 813.545348][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 813.553590][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 813.560587][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 813.576653][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 813.584701][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 813.603502][T25250] device veth0_vlan entered promiscuous mode [ 813.611283][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 813.620224][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 813.628935][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 813.637276][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 813.652026][T25250] device veth1_macvtap entered promiscuous mode [ 813.661094][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 813.674901][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 813.685427][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 813.712396][T24789] attempt to access beyond end of device [ 813.712396][T24789] loop1: rw=2049, want=45104, limit=40427 [ 814.492360][T25277] bridge0: port 1(bridge_slave_0) entered blocking state [ 814.499482][T25277] bridge0: port 1(bridge_slave_0) entered disabled state [ 814.507767][T25277] device bridge_slave_0 entered promiscuous mode [ 814.514687][T25277] bridge0: port 2(bridge_slave_1) entered blocking state [ 814.521812][T25277] bridge0: port 2(bridge_slave_1) entered disabled state [ 814.528981][T25277] device bridge_slave_1 entered promiscuous mode [ 814.583936][T25277] bridge0: port 2(bridge_slave_1) entered blocking state [ 814.590958][T25277] bridge0: port 2(bridge_slave_1) entered forwarding state [ 814.598079][T25277] bridge0: port 1(bridge_slave_0) entered blocking state [ 814.604922][T25277] bridge0: port 1(bridge_slave_0) entered forwarding state [ 814.634227][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 814.642640][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 814.650303][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 814.662857][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 814.671336][ T1292] bridge0: port 1(bridge_slave_0) entered blocking state [ 814.678191][ T1292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 814.685533][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 814.693799][ T1292] bridge0: port 2(bridge_slave_1) entered blocking state [ 814.700741][ T1292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 814.721863][T25277] device veth0_vlan entered promiscuous mode [ 814.729875][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 814.738143][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 814.746109][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 814.753600][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 814.761530][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 814.769543][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 814.782663][T25277] device veth1_macvtap entered promiscuous mode [ 814.790121][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 814.803334][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 814.814342][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 815.601454][T25304] loop1: detected capacity change from 0 to 40427 [ 815.645894][T25304] F2FS-fs (loop1): invalid crc value [ 815.656280][T25304] F2FS-fs (loop1): Found nat_bits in checkpoint [ 815.702595][T25304] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 815.768842][T25304] attempt to access beyond end of device [ 815.768842][T25304] loop1: rw=1, want=53560, limit=40427 [ 815.818420][T25310] loop3: detected capacity change from 0 to 256 [ 815.875237][T25310] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 816.178966][T24789] attempt to access beyond end of device [ 816.178966][T24789] loop1: rw=2049, want=45104, limit=40427 [ 816.290046][T25321] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 816.440886][T25319] loop3: detected capacity change from 0 to 40427 [ 816.489476][T25319] F2FS-fs (loop3): invalid crc value [ 816.495390][T25319] F2FS-fs (loop3): invalid crc value [ 816.500589][T25319] F2FS-fs (loop3): Failed to get valid F2FS checkpoint [ 816.995005][T25351] loop4: detected capacity change from 0 to 512 [ 817.046061][T25351] EXT4-fs (loop4): Unrecognized mount option "sync" or missing value [ 817.373222][T25356] overlayfs: './file0' not a directory [ 817.558843][T25368] loop1: detected capacity change from 0 to 40427 [ 817.610565][T25368] F2FS-fs (loop1): invalid crc value [ 817.615881][T25368] F2FS-fs (loop1): invalid crc value [ 817.621436][T25368] F2FS-fs (loop1): Failed to get valid F2FS checkpoint [ 817.766366][T25379] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 817.775972][T25379] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 818.096087][T25389] loop1: detected capacity change from 0 to 512 [ 818.315655][T25389] EXT4-fs (loop1): Unrecognized mount option "sync" or missing value [ 819.347892][T25417] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 819.357417][T25417] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 819.507896][ T30] audit: type=1400 audit(1718567513.430:49160): avc: denied { watch watch_reads } for pid=25422 comm="syz-executor.3" path="/root/syzkaller-testdir334232170/syzkaller.Ebv3jE/14/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1 [ 819.621854][T25427] syz-executor.0[25427] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 819.621939][T25427] syz-executor.0[25427] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 819.755632][T25426] overlayfs: overlapping lowerdir path [ 819.934536][T25436] loop1: detected capacity change from 0 to 512 [ 820.008875][T25436] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 820.018537][T25436] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 820.028152][T25436] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 820.038328][T25436] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 820.046220][T25436] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e118, mo2=0000] [ 820.054911][T25436] EXT4-fs (loop1): orphan cleanup on readonly fs [ 820.062022][T25436] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 34: padding at end of block bitmap is not set [ 820.076793][T25436] Quota error (device loop1): write_blk: dquota write failed [ 820.080687][T25439] FAT-fs (loop7): invalid media value (0x1c) [ 820.085171][T25436] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 820.091289][T25439] FAT-fs (loop7): Can't find a valid FAT filesystem [ 820.107539][T25436] EXT4-fs (loop1): 1 truncate cleaned up [ 820.116493][T25436] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,discard,nogrpid,noblock_validity,,errors=continue. Quota mode: writeback. [ 821.117310][T25466] overlayfs: failed to resolve './file0': -2 [ 821.246087][T25471] loop3: detected capacity change from 0 to 2048 [ 821.294902][T25471] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 821.310904][T25471] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,max_batch_time=0x0000000000000005,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none. [ 821.338032][T25471] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor.3: bg 0: block 234: padding at end of block bitmap is not set [ 821.352701][T25471] EXT4-fs (loop3): Remounting filesystem read-only [ 821.444496][T25478] bridge0: port 1(bridge_slave_0) entered blocking state [ 821.451495][T25478] bridge0: port 1(bridge_slave_0) entered disabled state [ 821.459112][T25478] device bridge_slave_0 entered promiscuous mode [ 821.469287][T25478] bridge0: port 2(bridge_slave_1) entered blocking state [ 821.476382][T25478] bridge0: port 2(bridge_slave_1) entered disabled state [ 821.483758][T25478] device bridge_slave_1 entered promiscuous mode [ 821.553750][T25478] bridge0: port 2(bridge_slave_1) entered blocking state [ 821.557131][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 821.560788][T25478] bridge0: port 2(bridge_slave_1) entered forwarding state [ 821.578195][T25478] bridge0: port 1(bridge_slave_0) entered blocking state [ 821.584959][T25478] bridge0: port 1(bridge_slave_0) entered forwarding state [ 821.609528][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 821.618087][ T328] bridge0: port 1(bridge_slave_0) entered disabled state [ 821.625282][ T328] bridge0: port 2(bridge_slave_1) entered disabled state [ 821.644390][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 821.652832][ T328] bridge0: port 1(bridge_slave_0) entered blocking state [ 821.659694][ T328] bridge0: port 1(bridge_slave_0) entered forwarding state [ 821.667097][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 821.675108][ T328] bridge0: port 2(bridge_slave_1) entered blocking state [ 821.681958][ T328] bridge0: port 2(bridge_slave_1) entered forwarding state [ 821.689747][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 821.697753][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 821.707107][ T45] device bridge_slave_1 left promiscuous mode [ 821.713485][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 821.720981][ T45] device bridge_slave_0 left promiscuous mode [ 821.727041][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 821.734905][ T45] device veth1_macvtap left promiscuous mode [ 821.741115][ T45] device veth0_vlan left promiscuous mode [ 821.833493][T25491] syz-executor.1[25491] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 821.833575][T25491] syz-executor.1[25491] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 821.847079][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 821.867529][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 821.875311][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 821.876235][T18762] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 821.882741][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 821.898808][T25478] device veth0_vlan entered promiscuous mode [ 821.913498][ T328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 821.922832][T25478] device veth1_macvtap entered promiscuous mode [ 821.933200][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 821.945293][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 822.001659][T25494] blk_update_request: I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 822.012725][T25494] FAT-fs (loop9): unable to read boot sector [ 822.018754][T25495] loop2: detected capacity change from 0 to 512 [ 822.075885][T25495] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 822.085529][T25495] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 822.095016][T25495] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 822.105138][T25495] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 822.113082][T25495] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e118, mo2=0000] [ 822.121270][T25495] EXT4-fs (loop2): orphan cleanup on readonly fs [ 822.128580][T25495] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 34: padding at end of block bitmap is not set [ 822.143170][T25495] Quota error (device loop2): write_blk: dquota write failed [ 822.150840][T25495] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 822.161265][T25495] EXT4-fs (loop2): 1 truncate cleaned up [ 822.167568][T25495] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,discard,nogrpid,noblock_validity,,errors=continue. Quota mode: writeback. [ 822.276303][T18762] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 822.287321][T18762] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 822.300608][T18762] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 822.309914][T18762] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 822.318456][T18762] usb 4-1: config 0 descriptor?? [ 822.857638][T18762] plantronics 0003:047F:FFFF.007C: No inputs registered, leaving [ 822.866218][T18762] plantronics 0003:047F:FFFF.007C: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 822.988305][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 823.214984][T25521] loop3: detected capacity change from 0 to 8192 [ 823.308960][T18762] usb 4-1: USB disconnect, device number 66 [ 823.390235][T25529] loop4: detected capacity change from 0 to 256 [ 824.474513][T25558] loop3: detected capacity change from 0 to 40427 [ 824.478817][T25556] loop1: detected capacity change from 0 to 40427 [ 824.538334][T25558] F2FS-fs (loop3): Found nat_bits in checkpoint [ 824.548100][T25556] F2FS-fs (loop1): invalid crc value [ 824.577219][T25556] F2FS-fs (loop1): Found nat_bits in checkpoint [ 824.593587][T25558] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 824.640061][T25556] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 824.699073][T25250] attempt to access beyond end of device [ 824.699073][T25250] loop3: rw=2049, want=45104, limit=40427 [ 824.702043][T25556] attempt to access beyond end of device [ 824.702043][T25556] loop1: rw=1, want=53448, limit=40427 [ 825.136301][T24789] attempt to access beyond end of device [ 825.136301][T24789] loop1: rw=2049, want=45104, limit=40427 [ 825.596431][T25599] loop1: detected capacity change from 0 to 2048 [ 825.658351][T25599] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 825.695016][ T30] audit: type=1326 audit(1718567519.610:49161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25600 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe90f09dea9 code=0x0 [ 825.725055][T25598] loop4: detected capacity change from 0 to 40427 [ 825.788751][T25598] F2FS-fs (loop4): invalid crc value [ 825.798499][T25598] F2FS-fs (loop4): Found nat_bits in checkpoint [ 825.818355][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 825.829881][T25598] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 825.842387][ T30] audit: type=1400 audit(1718567519.760:49162): avc: denied { watch } for pid=25597 comm="syz-executor.4" path="/root/syzkaller-testdir1792312327/syzkaller.LTarbX/106/file0" dev="loop4" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 825.870878][T25598] input: syz1 as /devices/virtual/input/input77 [ 825.910759][T25612] SELinux: security_context_str_to_sid(user_u) failed for (dev ?, type ?) errno=-22 [ 825.920440][T25612] SELinux: security_context_str_to_sid(user_u) failed for (dev bpf, type bpf) errno=-22 [ 825.957291][T24622] attempt to access beyond end of device [ 825.957291][T24622] loop4: rw=2049, want=45112, limit=40427 [ 826.629412][T25625] loop1: detected capacity change from 0 to 131072 [ 826.666695][T25625] F2FS-fs (loop1): Test dummy encryption mode enabled [ 826.676953][T25625] F2FS-fs (loop1): Found nat_bits in checkpoint [ 826.711064][T25625] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 826.839663][T25644] bridge0: port 1(bridge_slave_0) entered blocking state [ 826.847045][T25644] bridge0: port 1(bridge_slave_0) entered disabled state [ 826.854721][T25644] device bridge_slave_0 entered promiscuous mode [ 826.865344][T25644] bridge0: port 2(bridge_slave_1) entered blocking state [ 826.873153][T25644] bridge0: port 2(bridge_slave_1) entered disabled state [ 826.880693][T25644] device bridge_slave_1 entered promiscuous mode [ 826.944941][T25644] bridge0: port 2(bridge_slave_1) entered blocking state [ 826.951810][T25644] bridge0: port 2(bridge_slave_1) entered forwarding state [ 826.956210][ T339] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 826.958975][T25644] bridge0: port 1(bridge_slave_0) entered blocking state [ 826.973046][T25644] bridge0: port 1(bridge_slave_0) entered forwarding state [ 827.000040][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 827.007727][ T1292] bridge0: port 1(bridge_slave_0) entered disabled state [ 827.015374][ T1292] bridge0: port 2(bridge_slave_1) entered disabled state [ 827.025566][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 827.034376][ T4015] bridge0: port 1(bridge_slave_0) entered blocking state [ 827.041252][ T4015] bridge0: port 1(bridge_slave_0) entered forwarding state [ 827.060657][T25651] loop1: detected capacity change from 0 to 512 [ 827.067811][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 827.075828][ T1292] bridge0: port 2(bridge_slave_1) entered blocking state [ 827.082669][ T1292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 827.089904][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 827.106859][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 827.115529][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 827.121062][T25651] EXT4-fs (loop1): Ignoring removed bh option [ 827.127531][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 827.129890][T25651] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 827.137932][T25644] device veth0_vlan entered promiscuous mode [ 827.152982][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 827.160859][T25651] EXT4-fs error (device loop1): ext4_orphan_get:1423: comm syz-executor.1: bad orphan inode 17 [ 827.171276][T25651] EXT4-fs (loop1): Remounting filesystem read-only [ 827.171350][ T4015] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 827.177906][T25651] ext4_test_bit(bit=16, block=4) = 1 [ 827.190031][T25651] is_bad_inode(inode)=0 [ 827.193981][T25651] NEXT_ORPHAN(inode)=1048336 [ 827.198586][T25651] max_ino=32 [ 827.201642][T25651] i_nlink=0 [ 827.204605][T25651] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,nodelalloc,bh,inode_readahead_blks=0x0000000000010000,block_validity,block_validity,. Quota mode: none. [ 827.230276][T25644] device veth1_macvtap entered promiscuous mode [ 827.233366][T25651] EXT4-fs error (device loop1): ext4_remount:5845: comm syz-executor.1: Abort forced by user [ 827.237817][ T1292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 827.247042][T25651] EXT4-fs (loop1): Remounting filesystem read-only [ 827.262183][ T45] device bridge_slave_1 left promiscuous mode [ 827.269052][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 827.277089][ T45] device bridge_slave_0 left promiscuous mode [ 827.283137][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 827.290987][ T45] device veth1_macvtap left promiscuous mode [ 827.297077][ T45] device veth0_vlan left promiscuous mode [ 827.326293][ T339] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 827.337494][ T339] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 827.347213][ T339] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 827.356117][ T339] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 827.365169][ T339] usb 5-1: config 0 descriptor?? [ 827.429921][T18762] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 827.438662][T18762] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 827.527958][T25658] SELinux: security_context_str_to_sid(user_u) failed for (dev ?, type ?) errno=-22 [ 827.537692][T25658] SELinux: security_context_str_to_sid(user_u) failed for (dev bpf, type bpf) errno=-22 [ 827.646573][ T30] audit: type=1400 audit(1718567521.570:49163): avc: denied { ioctl } for pid=25660 comm="syz-executor.1" path="socket:[133579]" dev="sockfs" ino=133579 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 827.859514][ T30] audit: type=1326 audit(1718567521.780:49164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25668 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8d492b3ea9 code=0x0 [ 827.965861][T25671] loop3: detected capacity change from 0 to 40427 [ 828.006018][T25671] F2FS-fs (loop3): invalid crc value [ 828.012698][T25671] F2FS-fs (loop3): Found nat_bits in checkpoint [ 828.046840][T25671] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 828.070093][T25671] input: syz1 as /devices/virtual/input/input78 [ 828.116047][T25677] bridge0: port 1(bridge_slave_0) entered blocking state [ 828.123050][T25677] bridge0: port 1(bridge_slave_0) entered disabled state [ 828.130552][T25250] attempt to access beyond end of device [ 828.130552][T25250] loop3: rw=2049, want=45112, limit=40427 [ 828.133494][T25677] device bridge_slave_0 entered promiscuous mode [ 828.152034][T25677] bridge0: port 2(bridge_slave_1) entered blocking state [ 828.159004][T25677] bridge0: port 2(bridge_slave_1) entered disabled state [ 828.166434][T25677] device bridge_slave_1 entered promiscuous mode [ 828.218120][T25677] bridge0: port 2(bridge_slave_1) entered blocking state [ 828.225014][T25677] bridge0: port 2(bridge_slave_1) entered forwarding state [ 828.232137][T25677] bridge0: port 1(bridge_slave_0) entered blocking state [ 828.238996][T25677] bridge0: port 1(bridge_slave_0) entered forwarding state [ 828.269064][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 828.276950][ T6551] bridge0: port 1(bridge_slave_0) entered disabled state [ 828.284147][ T6551] bridge0: port 2(bridge_slave_1) entered disabled state [ 828.299595][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 828.307691][ T6551] bridge0: port 1(bridge_slave_0) entered blocking state [ 828.314520][ T6551] bridge0: port 1(bridge_slave_0) entered forwarding state [ 828.321861][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 828.330018][ T6551] bridge0: port 2(bridge_slave_1) entered blocking state [ 828.336886][ T6551] bridge0: port 2(bridge_slave_1) entered forwarding state [ 828.357577][T17301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 828.365652][T17301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 828.380202][T25677] device veth0_vlan entered promiscuous mode [ 828.387795][ T45] device bridge_slave_1 left promiscuous mode [ 828.393747][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 828.401252][ T45] device bridge_slave_0 left promiscuous mode [ 828.408403][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 828.416619][ T45] device veth1_macvtap left promiscuous mode [ 828.422575][ T45] device veth0_vlan left promiscuous mode [ 828.487976][ T339] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.007D/input/input79 [ 828.500647][ T339] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.007D/input/input80 [ 828.512949][ T339] uclogic 0003:256C:006D.007D: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.4-1/input0 [ 828.528651][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 828.537072][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 828.545017][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 828.552382][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 828.564901][T18762] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 828.573066][T18762] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 828.584759][T25677] device veth1_macvtap entered promiscuous mode [ 828.598362][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 828.605893][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 828.614098][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 828.625910][T18762] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 828.634124][T18762] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 828.693396][ T6551] usb 5-1: USB disconnect, device number 61 [ 828.884341][T25697] syz-executor.3[25697] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 828.884401][T25697] syz-executor.3[25697] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 829.305480][T25718] loop3: detected capacity change from 0 to 2048 [ 829.325889][ T30] audit: type=1326 audit(1718567523.240:49165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25715 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x0 [ 829.407672][T25718] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 829.548342][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 829.758629][T25730] loop3: detected capacity change from 0 to 40427 [ 829.806232][T25730] F2FS-fs (loop3): invalid crc value [ 829.813572][T25730] F2FS-fs (loop3): Found nat_bits in checkpoint [ 829.847506][T25730] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 829.934655][T25730] attempt to access beyond end of device [ 829.934655][T25730] loop3: rw=1, want=53536, limit=40427 [ 830.457065][T25250] attempt to access beyond end of device [ 830.457065][T25250] loop3: rw=2049, want=45104, limit=40427 [ 830.493576][ T30] audit: type=1107 audit(1718567524.410:49166): pid=25749 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 831.030425][T25758] loop3: detected capacity change from 0 to 40427 [ 831.077856][T25758] F2FS-fs (loop3): Found nat_bits in checkpoint [ 831.111167][T25758] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 831.312097][T25777] loop3: detected capacity change from 0 to 16 [ 831.363589][T25777] erofs: (device loop3): mounted with root inode @ nid 36. [ 831.372907][T25777] erofs: (device loop3): z_erofs_map_blocks_iter: invalid logical cluster 0 at nid 36 [ 831.382407][T25777] attempt to access beyond end of device [ 831.382407][T25777] loop3: rw=0, want=304, limit=16 [ 831.392849][T25777] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117] [ 831.594884][ T30] audit: type=1326 audit(1718567525.510:49167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25781 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f89ec2dcea9 code=0x0 [ 832.248159][T25795] loop3: detected capacity change from 0 to 131072 [ 832.292108][T25795] F2FS-fs (loop3): Test dummy encryption mode enabled [ 832.301848][T25795] F2FS-fs (loop3): Found nat_bits in checkpoint [ 832.328026][T25795] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 832.968737][T25824] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.4'. [ 833.041360][T25826] loop1: detected capacity change from 0 to 512 [ 833.093906][T25826] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 833.116253][T25826] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #17: comm syz-executor.1: iget: bad i_size value: -6917529027641081756 [ 833.146492][T25826] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz-executor.1: couldn't read orphan inode 17 (err -117) [ 833.159087][T25826] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 834.136063][T25864] loop4: detected capacity change from 0 to 512 [ 834.180694][T25864] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 834.198754][T25864] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #17: comm syz-executor.4: iget: bad i_size value: -6917529027641081756 [ 834.212577][T25864] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz-executor.4: couldn't read orphan inode 17 (err -117) [ 834.225651][T25864] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 834.306400][T25873] loop1: detected capacity change from 0 to 1024 [ 834.346637][ T30] audit: type=1400 audit(1718567528.270:49168): avc: denied { mounton } for pid=25872 comm="syz-executor.1" path="/root/syzkaller-testdir1927821285/syzkaller.t1tSo4/18/file1" dev="configfs" ino=11619 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 834.357974][T25873] EXT4-fs (loop1): mounted filesystem without journal. Opts: data_err=abort,stripe=0x0000000000000002,noblock_validity,errors=remount-ro,noblock_validity,bsddf,sysvgroups,nojournal_checksum,nodelalloc,. Quota mode: none. [ 835.402213][T25900] loop4: detected capacity change from 0 to 1024 [ 835.412042][T25902] loop3: detected capacity change from 0 to 128 [ 835.434993][T25900] EXT4-fs (loop4): Ignoring removed orlov option [ 835.441291][T25900] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 835.458231][T25900] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 835.490058][T25900] EXT4-fs error (device loop4): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.4: corrupt xattr in inline inode [ 835.503664][T25900] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.4: corrupted in-inode xattr [ 835.570500][T24622] ================================================================== [ 835.578380][T24622] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 835.586196][T24622] Read of size 4 at addr ffff888139d30000 by task syz-executor.4/24622 [ 835.594259][T24622] [ 835.596431][T24622] CPU: 0 PID: 24622 Comm: syz-executor.4 Tainted: G W 5.15.149-syzkaller-00165-g85445b5a2107 #0 [ 835.608408][T24622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 2024/06/16 19:52:09 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 835.618305][T24622] Call Trace: [ 835.621427][T24622] [ 835.624208][T24622] dump_stack_lvl+0x151/0x1b7 [ 835.628720][T24622] ? io_uring_drop_tctx_refs+0x190/0x190 [ 835.634193][T24622] ? panic+0x751/0x751 [ 835.638098][T24622] print_address_description+0x87/0x3b0 [ 835.643477][T24622] kasan_report+0x179/0x1c0 [ 835.647815][T24622] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 835.653279][T24622] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 835.658836][T24622] __asan_report_load4_noabort+0x14/0x20 [ 835.664303][T24622] ext4_xattr_delete_inode+0xcd0/0xce0 [ 835.669603][T24622] ? sb_end_intwrite+0x120/0x120 [ 835.674369][T24622] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 835.680368][T24622] ? ext4_journal_check_start+0x16c/0x230 [ 835.685919][T24622] ? __kasan_check_read+0x11/0x20 [ 835.690786][T24622] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 835.696502][T24622] ? ext4_evict_inode+0xb8d/0x14e0 [ 835.701449][T24622] ext4_evict_inode+0xea1/0x14e0 [ 835.706222][T24622] ? _raw_spin_unlock+0x4d/0x70 [ 835.710912][T24622] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 835.716649][T24622] ? _raw_spin_unlock+0x4d/0x70 [ 835.721325][T24622] ? inode_io_list_del+0x18b/0x1a0 [ 835.726271][T24622] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 835.732054][T24622] evict+0x2a3/0x630 [ 835.735732][T24622] iput+0x63b/0x7e0 [ 835.739378][T24622] vfs_rmdir+0x359/0x470 [ 835.743459][T24622] do_rmdir+0x3ab/0x630 [ 835.747450][T24622] ? d_delete_notify+0x160/0x160 [ 835.752226][T24622] __x64_sys_unlinkat+0xdf/0xf0 [ 835.756908][T24622] do_syscall_64+0x3d/0xb0 [ 835.761172][T24622] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 835.767241][T24622] RIP: 0033:0x7f89ec2dc687 [ 835.771495][T24622] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 835.790935][T24622] RSP: 002b:00007ffcff3efd08 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 835.799177][T24622] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f89ec2dc687 [ 835.807081][T24622] RDX: 0000000000000200 RSI: 00007ffcff3f0eb0 RDI: 00000000ffffff9c [ 835.814884][T24622] RBP: 00007f89ec339636 R08: 0000000000000000 R09: 0000000000000000 [ 835.822695][T24622] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffcff3f0eb0 [ 835.830508][T24622] R13: 00007f89ec339636 R14: 00000000000cbf17 R15: 0000000000000007 [ 835.838325][T24622] [ 835.841183][T24622] [ 835.843353][T24622] The buggy address belongs to the page: [ 835.848842][T24622] page:ffffea0004e74c00 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x100 pfn:0x139d30 [ 835.859409][T24622] flags: 0x4000000000000000(zone=1) [ 835.864452][T24622] raw: 4000000000000000 ffffea0004aa3188 ffffea0004af2f88 0000000000000000 [ 835.872875][T24622] raw: 0000000000000100 0000000000000000 00000000ffffff7f 0000000000000000 [ 835.881282][T24622] page dumped because: kasan: bad access detected [ 835.887540][T24622] page_owner tracks the page as freed [ 835.892736][T24622] page last allocated via order 0, migratetype Movable, gfp_mask 0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 25632, ts 826559205802, free_ts 826563238527 [ 835.908302][T24622] post_alloc_hook+0x1a3/0x1b0 [ 835.912873][T24622] prep_new_page+0x1b/0x110 [ 835.917213][T24622] get_page_from_freelist+0x3550/0x35d0 [ 835.922592][T24622] __alloc_pages+0x27e/0x8f0 [ 835.927019][T24622] wp_page_copy+0x1d4/0x1b00 [ 835.931445][T24622] do_wp_page+0x6fa/0xb60 [ 835.935612][T24622] handle_pte_fault+0x7c0/0x24d0 [ 835.940386][T24622] do_handle_mm_fault+0x1ea9/0x23a0 [ 835.945420][T24622] exc_page_fault+0x26f/0x830 [ 835.949931][T24622] asm_exc_page_fault+0x27/0x30 [ 835.954620][T24622] page last free stack trace: [ 835.959131][T24622] free_unref_page_prepare+0x7c8/0x7d0 [ 835.964428][T24622] free_unref_page_list+0x14b/0xa60 [ 835.969461][T24622] release_pages+0x1310/0x1370 [ 835.974062][T24622] free_pages_and_swap_cache+0x8a/0xa0 [ 835.979352][T24622] tlb_finish_mmu+0x177/0x320 [ 835.983867][T24622] exit_mmap+0x40d/0x940 [ 835.987945][T24622] __mmput+0x95/0x310 [ 835.991764][T24622] mmput+0x5b/0x170 [ 835.995409][T24622] do_exit+0xb9c/0x2ca0 [ 835.999403][T24622] do_group_exit+0x141/0x310 [ 836.003830][T24622] get_signal+0x7a3/0x1630 [ 836.008083][T24622] arch_do_signal_or_restart+0xbd/0x1680 [ 836.013549][T24622] exit_to_user_mode_loop+0xa0/0xe0 [ 836.018585][T24622] exit_to_user_mode_prepare+0x5a/0xa0 [ 836.023878][T24622] syscall_exit_to_user_mode+0x26/0x160 [ 836.029259][T24622] do_syscall_64+0x49/0xb0 [ 836.033526][T24622] [ 836.035681][T24622] Memory state around the buggy address: [ 836.041162][T24622] ffff888139d2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 836.049140][T24622] ffff888139d2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 836.057036][T24622] >ffff888139d30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 836.064930][T24622] ^ [ 836.068842][T24622] ffff888139d30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 836.076738][T24622] ffff888139d30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 836.084632][T24622] ================================================================== [ 836.092532][T24622] Disabling lock debugging due to kernel taint