last executing test programs: 3.739581858s ago: executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001700)={0x2c, &(0x7f00000011c0)={0x0, 0x0, 0x4, "ba76598c"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, 0x0, 0x0) 2.062943556s ago: executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000095000000006ef88991071355ea956c00000000000038b0347df9f59ba165660722fb75d89789875c5b805fec7328dd7ca6f961dd61f617a312f94abf3598b8e0b72ff69105ed13bd522e9b44e71bf3935c48fe880f4f67f871893a9e169cc4609a3ffdee6149c8edd2327e71"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x2, 0x0, 0x5, 0x2062, 0xffffffffffffffff, 0xde9, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x5, 0xe}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r3}, 0x10) sendmsg(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a000000}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) mlockall(0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB='T\x00\x00', @ANYRES16, @ANYBLOB, @ANYRES32, @ANYBLOB="1e003300a0ffffff0802110000010802"], 0x54}}, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000200), 0x2, 0x0) rmdir(&(0x7f0000000700)='./cgroup/../file0\x00') 1.729408455s ago: executing program 3: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x400c620e, 0x0) 1.710041318s ago: executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() gettid() sendmsg$unix(r1, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=[@cred={{0x1c, 0x1, 0x2, {r2, 0x0, 0xee00}}}], 0x20}, 0x0) recvmsg$unix(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xf0}, 0x2002) 1.700804558s ago: executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000002c0)={0xb, {{0xa, 0x0, 0x0, @mcast2}}, 0x0, 0x2, [{{0xa, 0x0, 0x0, @private0}}, {{0xa, 0x0, 0x0, @remote}}]}, 0x190) syz_emit_ethernet(0x4e, &(0x7f0000000480)={@broadcast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x18, 0x3a, 0x0, @remote, @mcast2, {[], @mld={0x0, 0x0, 0x0, 0x0, 0x0, @private0}}}}}}, 0x0) 1.69060133s ago: executing program 3: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2008002, &(0x7f0000000080), 0x1, 0x53d, &(0x7f0000000a80)="$eJzs3c9vHFcdAPDvjH82TesEeoAKSIBCQFF2400bVb20uYBQVQlRcUAcUmNvLJNdr/GuS20s4f4NIIHECf4EDkgckHriwI0jEgeEVA5IASxQjATSopkdO1t7TZbsepd6Px9pMvPmzcz3vWxm39u3m3kBTKyrEbEXEbMR8VZELBT7k2KJ1zpLdtzD/d3lg/3d5STa7Tf/muT52b7oOifzdHHN+Yj42pcjvpWcjNvc3rm/VKtVN4t0uVXfKDe3d26s1ZdWq6vV9Url9uLtmy/feqkytLpeqf/8wZfWXv/6r375yfd/u/fF72XFuljkdddjmDpVnzmKk5mOiNfPItgYTBXr2TGXgyeTRsRHIuIz+f2/EFP5v04A4DxrtxeivdCdBgDOuzQfA0vSUkSkadEJKHXG8J6LC2mt0Wxdv9fYWl/pjJVdipn03lqtevPy3O+/kx88k2TpxTwvz8/TlWPpWxFxOSJ+OPdUni4tN2or4+nyAMDEe7q7/Y+If8ylaanU16k9vtUDAD405sddAABg5LT/ADB5tP8AMHn6aP+LL/v3zrwsAMBo+PwPAJNH+w8Ak0f7DwAT5atvvJEt7YPi+dcrb29v3W+8fWOl2rxfqm8tl5Ybmxul1UZjNX9mT/1x16s1GhuLL8bWO+VWtdkqN7d37tYbW+utu/lzve9WZ0ZSKwDgv7l85b3fJRGx98pT+RJdczloq+F8S8ddAGBspgY5WQcBPtTM9gWTq68mPO8k/ObMywKMR8+Hec/33PygH/8PQfzOCP6vXPt4/+P/5niG88X4P0yuJxv/f3Xo5QBGz/g/TK52Ozk+5//sURYAcC4N8BO+9veH1QkBxupxk3kP5ft/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOGcuRsS3I0lL+VzgafZnWipFPBMRl2ImubdWq96MiGfjSkTMzGXpxXEXGgAYUPrnpJj/69rCCxeP584m/5zL1xHx3Z+8+aN3llqtzcVs/9+O9s8dTh9WeXTeAPMKAgBDlrfflWLd9UH+4f7u8uEyyvI8uBP/LqYiXj7Y382XTs50ZDsj5vO+xIW/JzFdnDMfEc9HxNQQ4u+9GxEf61X/JB8buVTMfNodP4rYz4w0fvqB+Gme11lnna+PDqEsMGneuxMRr/W6/9K4mq973//z+TvU4B7c6Vzs8L3voCv+dBFpqkf87J6/2m+MF3/9lRM72wudvHcjnp/uFT85ip+cEv+FPuP/4ROf+sGrp+S1fxpxLXrH745VbtU3ys3tnRtr9aXV6mp1vVK5vXj75su3XqqU8zHq8uFI9Ul/eeX6s6eVLav/hVPiz/es/+zRuZ/rs/4/+9db3/z0o+Tc8fhf+Gzv1/+5nvE7sjbx833GX7rwi1On787ir5xS/8e9/tf7jP/+n3ZW+jwUABiB5vbO/aVarbo50Eb2KXQY1zmxkRWxv4MPu4uDBf1jnEUtnnBj5qz+Vs98Y/qorzjcK38ju+KIq5MOvRYDbTwcVazxvScBo/Hoph93SQAAAAAAAAAAAAAAgNOM4r8ujbuOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CQAA//+zi8zo") socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) 1.625519238s ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='ext4_ext_remove_space_done\x00', r1}, 0x10) write$cgroup_subtree(r2, 0x0, 0xda00) syslog(0x0, 0x0, 0x0) 1.52138438s ago: executing program 2: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8991, &(0x7f0000000040)={'bridge_slave_0\x00', @random}) 1.51656622s ago: executing program 2: memfd_create(&(0x7f0000000000)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x95\x8a3\xbc\xe1Ob\xe1Y\xd6\xeb\x91\x83;\xeb\xf1\xd0\xce\xe5\x19T\xff\x01\x00\x00\xe2\x9f\xd9\xae\xcf>/\x05\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbf`\'\xcb\xb6\xaf\xdc\xacD\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\xaa\xe6\x05\xe4\xc3\x90\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4\x84$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xe0\xf4\xc3\xf2\x93\xd2\xa9\xb1\f{a?\xd0\xe1\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0\xb2\xa0Z_\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\x02\xbaq\xb6Pr\x04\xcd\n\xc7\x1b\xb9\xc1\x84l\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T\x826`M\x11\x1c\xb0*K\v\x1e\xcf\x03\xd3\xe8,?\x87\x84\\/y\xed\x01#?\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\xa3\xcc\x9b\a\x00\x00\x00O\xc9\xb9\x14\x02\x00\x00\x00\xb8L\xbd\x1c4\xb59\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xd9\xc5\xe59\xa95\rm\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5', 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="500000000102010400000000000000000a0000003c0002802c000180140003002001000000000000000000000000000014000400fe88000000000000000000000000000104000280"], 0x50}}, 0x0) 1.480739535s ago: executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) r2 = socket$can_raw(0x1d, 0x3, 0x1) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x10000014}) r3 = dup(r0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000180)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000080)={0x3}) 1.168356642s ago: executing program 4: r0 = socket$unix(0x1, 0x5, 0x0) bind$unix(r0, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) listen(r0, 0x0) r1 = dup(r0) fcntl$setstatus(r1, 0x4, 0x42000) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, 0x0, 0x15) r4 = dup(r0) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) 804.560865ms ago: executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file2\x00', 0x10050, &(0x7f0000000800)={[{@jqfmt_vfsv1}, {@nouid32}, {@jqfmt_vfsold}, {@norecovery}, {@block_validity}, {@dioread_lock}]}, 0x3, 0x546, &(0x7f0000000180)="$eJzs3dFrZFcZAPDv3mR2s7upmaoPtWAttrJbdSdJ47bBh6og+lRQKz4Ja0wmIWSSWZJJuwmLTfFVEES04Is++SL4BwjSF99FKNR3UVGkZvVBoe2VO3Onm0xmkhRncpfk94Oz9557Zu73nQlz5tyZu/cGcGE9GRE3ImIsIp6JiKlie1qU2OuU/HH39+8t5iWJLHvp7SSSYlt3X5eL5bXiaRMR8Y2vRnw3ORp3a2d3baHRqG8W9enWevJOlu3eXF1fWKmv1Dfm5mafm39+/tb8zFD6WY2IF77815/88JdfeeG3n33lT7f/fuN7eVr/zbJXo6cfw9TpeqX9WnSNR8TmKIKVZLzdw45bJecCAMDx8vn+hyPik+35/1SMtWdzAAAAwHmSfWEy3kkiMgAAAODcSiNiMpK0VpzvO1mcsXotIj4aV9NGc6v1meXm9sZS3hZRjUq6vNqoz8RE+9yBalSSvD5bnGPbrT/bU5+LiEcj4sdTV9r12mKzsVT2lx8AAABwQVzrOf7/91Sa1mpF417JyQEAAADDUy07AQAAAGDkHP8DAADA+VfN+tyh66h09JkAAAAAI/C1F1/MS9a9//XSyzvba82Xby7Vt9Zq69uLtcXm5p3aSrO50r5m3/pJ+2s0m3c+Fxvbd6db9a3W9NbO7u315vZG6/bqoVtgAwAAAGfo0U+88cckIvY+f6VdcpeKtkpENnbwweNlZAiMygc6p+cvo8sDOHsHP9+vlJgHcPZM6eHiqpSdAFC6k/4D0MCTd34//FwAAIDRuP6xwb//v71camrAiBW//yenugAIcK6MlZ0AUJrO73/vZR1lZwOcpcpxMwAHBXDupcP5/f+EUwkTAwoAAJRssl2StFYcB0xGmtZqEY+0bwtYSZZXG/WZiPhQRLw1Vbmc12fbz0zM5gEAAAAAAAAAAAAAAAAAAAAAAADglLIsiQwAAAA41yLSv3XvzHV96unJ3u8HLiX/mWovI+KVn73007sLrdbmbL79n+9vb71ebH+2jG8wAAAAgF7d4/TucTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNP9/XuL97Msy/bvLZ5l3H98KSKqRfyidFrGY6K9nIhKRFz9VxLjB56XRMTYEOLvvRYRj/WLn+RpRbXI4lD8SxFpRFwZVvz4gPGjE//aEOLDRfZGPv58sd/7L40n28v+77/xovy/Bo9/6fvj39iA8e+RQTutHK4+/uavpwfGfy3i8fH+4083fpLvr0/8p07Zx+98c3d3UFv2i4jr/ca/5HCs6db6nemtnd2bq+sLK/WV+sbc3Oxz88/P35qfmV5ebdSLf/vG+NHHf/Peg9q7R/p/9Zjxt93/Aa//06fs/7tv3t3/SGe15y8Tlfh5lt14qv/f/7F88emj8buffZ8qPgfyev4apq9/q2/8J371hycG5Zb3f2lA/yd6+n+5p/83Ttn/Z77+/T+f8qEAwBnY2tldW2g06ptWDq5E9aFI4+FdyeedpaeRRBL5yluHmhbKT6yz8mrxHltodN9tQ9rz74qDo1EmX9J4BAAAjM6DSX9vS1JOQgAAAAAAAAAAAAAAAAAAAHABnXgZsEFNaUQ82PLtHxxzNbLemHvldBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Fj/CwAA//8GI9aV") readlink(&(0x7f00000000c0)='./file2\x00', &(0x7f0000000880)=""/202, 0xca) syz_mount_image$fuse(&(0x7f0000000100), &(0x7f0000000140)='./file2\x00', 0x0, &(0x7f0000000bc0)={{}, 0x2c, {}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xee01}}, 0x0, 0x0, 0x0) readlink(&(0x7f0000000000)='./file2\x00', &(0x7f0000000980)=""/229, 0xe5) newfstatat(0xffffffffffffff9c, &(0x7f0000003280)='./file2\x00', 0x0, 0x0) lstat(&(0x7f0000003340)='./file2\x00', 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0xfffffffffffffebe, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[], 0x54}}, 0x0) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000040)={@broadcast, @multicast1, @dev={0xac, 0x14, 0x14, 0x17}}, 0xc) 636.707295ms ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='ext4_ext_remove_space_done\x00', r1}, 0x10) write$cgroup_subtree(r2, 0x0, 0xda00) syslog(0x0, 0x0, 0x0) 600.900599ms ago: executing program 2: bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x7, 0x6, 0x5}, 0x48) openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x31}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x70) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x2, 0x2, 0x4}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000580)=@newae={0x360, 0x1e, 0x300, 0x70bd2d, 0x25dfdbfc, {{@in6=@remote, 0x4d2, 0x2, 0x27}, @in=@private=0xa010101, 0x2, 0x3503}, [@replay_val={0x10, 0xa, {0x70bd28, 0x70bd2c, 0x6}}, @tmpl={0x44, 0x5, [{{@in=@broadcast, 0x0, 0x33}, 0x2, @in6=@ipv4={'\x00', '\xff\xff', @loopback}, 0x0, 0x0, 0x3, 0x3f, 0x2e30, 0x9, 0xb13b}]}, @proto={0x5, 0x19, 0x2b}, @sec_ctx={0xe5, 0x8, {0xe1, 0x8, 0x0, 0x7f, 0xd9, "065dc2b2801541b6d0f83fce23f4a2d5f2d15d95763d72f296fe20dc002d19f0f829e059d04d9d4f555af750facdd8153e96b20c8556d9f484ff24075060ae02937937b360a12f9c0d0fce14b7f4f451e5c3d9edbe29c8fcba5163b6b5e18a7fbb6e99268e55d4662ec79e95b327ae7fa841a123f52e12e1763e71ccf8c2961227cf4ebd0cf9ad0a4171be324be1b61352b1181f7e11ac5da9a8c022375e135e9aac9575671000e4c950909f10bcbb774c6a611e51c30ac763d8719ed801ea24bbc15f886d69291d427918dd8576928d349769dfa39111e00a"}}, @algo_auth_trunc={0x132, 0x14, {{'tgr128-generic\x00'}, 0x730, 0x200, "c0bad1496165097ff0a92892e49a350a2a6ffdd06d2ee1a9b38e216ed2308207437a636e64c1711292719e410b1f604e3448db84edcf759d560145b262a6d3bded811c41c680e65b2189263748672ee2b6fb39d7194b282004c07d047d48878e2e672bf5a3f7ba46fe479582d37380e0d1b1c38522a81e08f2556df593c4e59802e46e857e1e1d6ab34fba06ce190222b7e5e435c89b960775cd1729467c1ef7cb3f200eff29d5754e5cafd252f5eddb85dd24dbb78a05103d2e1887527ba56802adfffd1ee7640c5bb6ffceeee5517996825b4e381a1a4ea9c084bca8edf778ecbbbb393fef"}}, @algo_auth={0xa7, 0x1, {{'sha3-256\x00'}, 0x2f8, "07dccf9255622ce2657b8dd95a0cbdf89dcc537a52f302bf5272f597c263a2470c0161cb300021a9456336145a8d7c7ea6d9fc6710e7ea5f73e01c77fa7151aaa5e40683c9bea7190d4652c7e106b394e94451dcce75342b4a95a17ee01851"}}]}, 0x360}, 0x1, 0x0, 0x0, 0x4000810}, 0x20000000) openat$ppp(0xffffffffffffff9c, &(0x7f0000000180), 0x228080, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x2000003, &(0x7f0000000000), 0x1, 0x4e9, &(0x7f0000000240)="$eJzs3VFrHFsdAPD/TLL3pr25bi6K1IJtsZW0aHeTxrZBpFYQfSqo9T3GZBNCNtmQ3dQmFE3xVRBEVPDJJ18EP4Ag/QgiFPRdtCiirT74oB3Z3dm2SXeTlKRZ3fx+cDrnzJmZ/znT7OzMzmEmgBPrQkTcjoihiLgSEcV8fpqnmWZhu73cs6cP5popiSy7+7ckknxeZ1vN8nBEvNdeJUYi4mtfjvhm8nrc+ubW8my1WlnPy+XGylq5vrl1dWlldrGyWFmdmpq8MX1z+vr0RJY7VD/PRsStLz750fd//qVbv/70t/4w85fL324263Mfbbc7IuYOFaCH9rYLrX3R0dxH628jWB8M5f0p9LshAAAcSPMc/2JEfKJ1/l+ModbZHAAAADBIss+Pxr+TiAwAAAAYWGlEjEaSlvKxAKORpqVSewzvR+J0Wq3VG59aqG2szjfrIsaikC4sVSsT+VjhsSgkzfJkK/+yfG1XeSoiPoiIHxZPtcqluVp1vt8/fgAAAMAJ8d75ndf//yymrTwAAAAwYMZ6FgAAAIBB4ZIfAAAABp/rfwAAABhoX7lzp5myznu85+9tbizX7l2dr9SXSysbc6W52vpaabFWW2w9s2+lx2a+18lUa7W1z8Tqxv1yo1JvlOubWzMrtY3VxszSjldgAwAAAMfog/OPfp9ExPZnT7VS5M8BBNjhT/1uAHCUhvrdAKBvhvvdAKBvCvsuMfwGywL/j5J96nsO3vnN0bcFAAB4O8Y/9vr9/3fyOtf7MNiM9QGAk8f9fzi5CkYAwol3qT15t1f94e//Z9kbNwoAADhSo62UpKX8XuBopGmpFPF+67UAhWRhqVqZiIgPRcTvioV3m+XJ1prJvmOGAQAAAAAAAAAAAAAAAAAAAAAAAIC2LEsiAwAAAAZaRPrnpPU0/4jx4qXR3b8PvJP8qxhP8sJP7/74/myjsT7ZnP/3Yqs+Iho/yedfy7wSAAAAAP4HtK/T8+lkv1sDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKB59vTBXCcdZ9y/fiEixrrFH46R1nQkChFx+h9JDL+yXhIRQ0cQf/thRJx5NX72IsLzLMvG8lZ0i3/qrcTv9D9p7pbYFX+ks156BLHhpHvUPP7c7vb5S+NCa9r98z+cp8PqffxLXxz/hnocf94/YIyzj39Z7hn/YcTZ4e7Hn078pEf8iweM/42vb231qst+FjHe9fsn2RGr3FhZK9c3t64urcwuVhYrq1NTkzemb05fn54oLyxVK/m/XWP84OO/er5X/0/3iD+2T/8vHbD//3l8/+mH29lCt/iXL3b//j3TI36af/d9Ms8368c7+e12/lXnfvHbc3v1f75H//f7/798wP5f+ep3/3jARQGAY1Df3FqerVYr63tkRg6wjIzMYTLZd9p/j4fbziFXfy2T9Xu39DHT7yMTAABw1F6e9Pe7JQAAAAAAAAAAAAAAAAAAAHByHcfjxHbH3O5PVwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9vTfAAAA//9Sgd77") syz_read_part_table(0x606, &(0x7f0000000440)="$eJzs2z9InGccB/DfqXeXNLQuWZqlMUOnQEnImBuaoJeEDHJJKEgKSZsSQpwMCBd65CAZyg0J3iAdu0jhFquTfwaHotW9gzi0CA5CKbSL1A6+5bxXW62tCt5Q+vksv+d9eN7f9/3Buz7Bf1pHZNNVkt8uH3zyb8e/SLr/fKjGvUZv380kSZK7EZm4H9no+fadiYjoir1d40JE5P7SaOyr79+OuJFtrNzZeP/BfK1jt2c+muszuUM/PX+MMWmT8cJC98tXQ8XXzYdiZW3ro4hvfuktTd+u1SduZa8/au6/iFhs1s6dH+N0PItyPI+n8bBrf8d3v1uu/EPYTzuLzJ78ajO/XHiyXKysfdlYvbR1rtiYenx18/zsm7nLEcPNiP5978Xh/9fx5k/zh3tGBuqVaxcnz45eKc8sldY7f0ta0sjsyeQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAe44WF7pevhoqvy4Uny8XKx+l2afp2rT5xK3f9UbqxmNautD6LcjyPp/EwBmMwPouho0cOZLbL6QPyf38rYvXS1rliY+rx1c2+2Tdzl9OX+k9i2APsm39tuGdkoF65dnHy7OiV8sxSab2zdW4wH59GtrXOt+lbAAAAAAAAAAAAAAAAAAAA+P/q7bt5vv/D0t2ITNw/FRE/f97R3E/SS+6Z9NyFtP6Qb93cHzsVUf31Rraxcmcj92C+9mN6vhr5qEbEma+n70W8t5vz4m/JmXaPxhH8EQAA///K05MB") write$P9_RXATTRCREATE(0xffffffffffffffff, &(0x7f0000000400)={0x7}, 0x6000000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) ioprio_get$uid(0x0, 0xffffffffffffffff) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0x0, 0x0}, 0x10) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r5 = dup(r4) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x4, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='ext4_allocate_inode\x00'}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.dequeue\x00', 0x26e1, 0x0) 371.977416ms ago: executing program 0: memfd_create(&(0x7f0000000000)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x95\x8a3\xbc\xe1Ob\xe1Y\xd6\xeb\x91\x83;\xeb\xf1\xd0\xce\xe5\x19T\xff\x01\x00\x00\xe2\x9f\xd9\xae\xcf>/\x05\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbf`\'\xcb\xb6\xaf\xdc\xacD\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\xaa\xe6\x05\xe4\xc3\x90\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4\x84$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xe0\xf4\xc3\xf2\x93\xd2\xa9\xb1\f{a?\xd0\xe1\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0\xb2\xa0Z_\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\x02\xbaq\xb6Pr\x04\xcd\n\xc7\x1b\xb9\xc1\x84l\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T\x826`M\x11\x1c\xb0*K\v\x1e\xcf\x03\xd3\xe8,?\x87\x84\\/y\xed\x01#?\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\xa3\xcc\x9b\a\x00\x00\x00O\xc9\xb9\x14\x02\x00\x00\x00\xb8L\xbd\x1c4\xb59\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xd9\xc5\xe59\xa95\rm\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5', 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="500000000102010400000000000000000a0000003c0002802c000180140003002001000000000000000000000000000014000400fe88000000000000000000000000000104000280"], 0x50}}, 0x0) 321.851952ms ago: executing program 0: pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0x0) ioctl$USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f00000001c0)={0xa1, 0x0, 0x0, 0x0, 0x1f00, 0x0, 0x0}) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000009c0)='kfree\x00'}, 0x10) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x4400, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_client}, {@afid}, {@access_user}, {@dfltuid={'dfltuid', 0x3d, 0xffffffffffffffff}}, {@cache_fscache}], [{@smackfstransmute={'smackfstransmute', 0x3d, ':'}}, {@uid_lt={'uid<', 0xee00}}, {@fsuuid={'fsuuid', 0x3d, {[0x39, 0x57, 0x34]}}}]}}) 286.488126ms ago: executing program 4: capset(&(0x7f0000000200)={0x19980330}, &(0x7f0000000040)) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDDELIO(r0, 0x4b35, 0x3c7) 284.582826ms ago: executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in=@multicast1}, {@in=@multicast2, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x2, {{'cbc(serpent)\x00'}}}]}, 0x138}}, 0x0) 260.003789ms ago: executing program 1: unshare(0x400) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={r1, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0}}, 0x10) 251.52895ms ago: executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() gettid() sendmsg$unix(r1, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=[@cred={{0x1c, 0x1, 0x2, {r2, 0x0, 0xee00}}}], 0x20}, 0x0) recvmsg$unix(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xf0}, 0x2002) 213.871505ms ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x13, 0xb, &(0x7f00000000c0)=@framed={{}, [@printk={@ld, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x19}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 209.997365ms ago: executing program 4: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000340)='./file0\x00', 0x0, &(0x7f00000001c0), 0x81, 0x79e, &(0x7f00000018c0)="$eJzs3ctrXGUbAPDnTG5N2u9LPvhA6yogaKB0YmpsFVxUXIhgoaBr2zCZhjaTTMlMShMCbRHBjaDFhaCb7gQvdefWy1b/CxfSUmwajLiQkTOZaSfNTDppbo35/eC07zvnTJ73OZf3vDPnMCeAfWsw/ScTcTgiPkoi+muvJxHRVS11RpxcWW55cSGXTklUKm//nlSXWVpcyEXDe1IHa5WnI+LH9yOOZNbGLc3NT44VCvmZWn24PHVxuDQ3f/T81NhEfiI/fXxkdPTYiZdOHN+6XP/4Zf7Q7Y/feP6bk3+999TND39K4mQcqs1rzGOrDMZgbZ10patwlde3OtguS9aZd2AH28HGpIdmx8pRHoejPzqqpRZ6d7JlAMB2uRIRFQBgn0mc/wFgn6l/D7C0uJCrT+t8XbDOxYG96c5rKxeolmrXNpfv599Zu2Z3oHodtG8pWZV8EhEDWxB/MCI+/+7dr9Iptuk6JEAzV69FxNmBwbX9f7LmnoWNeqGNZQYfqjf0f92bDA88wvfp+OflZuO/zP3xTzQZ//Q0OXYfxzrHf03m1haEaSkd/73acG/bckP+NQMdtdp/qmO+ruTc+UI+7dv+GxFD0dWT1kfWiTF07+97reY1jv/uXr+Q9nm5u9cvfPlgicytzp7V7xkfK49tJudGd65FPNPZLP96/79yD1uz8e/pNmO8+coHn7Wal+af5luf0vir899elRsRzzXd/g/uaEvWvT9xuLo7DNd3iia+/fXTvlbxG7d/OqXx658FdkK6/fvWz38gabxfs7TxGD/f6P+h1bxH5998/+9O3qmW64OEy2Pl8sxIRHfy1trXjz14b71eXz7Nf+jZ7qbHf73/a7b/p58Jz7aZf+fta18/fv7bK81/fEPbf+OFm8uTHa3it7f9R6ulodor7fR/7TZwM+sOAAAAAAAAAAAAAAAAAAAAAAAAANqViYhDkWSy98uZTDa78gzv/0dfplAslY+cK85Oj0f1WdkD0ZWp/9Rlf8PvoY7Ufg+/Xj/2UP3FiPhfRHzS01utZ3PFwvhuJw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANQdbPP8/9VvPbrcOANg2B3a7AQDAjnP+B4D9Z2Pn/95tawcAsHN8/geA/cf5HwD2H+d/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAttnpU6fSqfLn4kIurY9fmpudLF46Op4vTWanZnPZXHHmYnaiWJwo5LO54lTLP3R15b9CsXhxNKZnLw+X86XycGlu/sxUcXa6fOb81NhE/ky+a8cyAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID2lebmJ8cKhfzMnilUKpUrT0Az/g2FjtpO8KS0Z88VMptYdV/sduMfUWjsJXp3p3MCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AP+CQAA//+qiiUU") open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1081000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600016, 0x15) r1 = open(&(0x7f0000000080)='./bus\x00', 0x181102, 0x0) ioctl$BLKDISCARD(r1, 0x1277, &(0x7f00000000c0)) 206.402885ms ago: executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000000080), 0x4) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000280)={0x1, &(0x7f0000528000)=[{0x6}]}, 0x10) connect$unix(r1, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) write$binfmt_misc(r0, 0x0, 0x0) close(r0) 199.737336ms ago: executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=@newlink={0x30, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_VFINFO_LIST={0x8, 0x16, 0x0, 0x1, [{0x4, 0x2}]}, @IFLA_LINKMODE={0x5}]}, 0x30}}, 0x0) 191.100158ms ago: executing program 3: socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x4, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) syz_open_dev$usbfs(0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wlan1\x00'}) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x16, &(0x7f0000000380)={[{@grpjquota}, {@noblock_validity}, {@auto_da_alloc_val}, {@journal_checksum}, {@nogrpid}, {@nombcache}, {@resuid={'resuid', 0x3d, 0xee00}}, {@barrier}, {@grpid}, {@debug}]}, 0x0, 0x50e, &(0x7f0000001340)="$eJzs3c9vW0kdAPDve463aZslWeCwrMQSsYvSFdRONuxuxGF3kRCcKgHlXqLEiaI4cRQ7bRNVKBV/ABJCgMSJExck/gAk1D8BIVWCOwIEQrSlBy5gZPsZEtdO3CSO2/jzkaZv3i9/Z1JlPOOZ+AUwsqYj4uOIyEXEOxExmR1PsxT7rdS47snje0uNlES9fvMfSSTZsfZrJdn2anbbeER8+xsR8ahe74xb3d1bXyyXS9vZfrG2sVWs7u5dX9tYXC2tljbn5+feX/hg4b2F2RPX7faB/FREfPi1v/z4B7/4+oe/+dKdP97627XvNco7kZ0/WI8T+aj74dbPJN/8WbSNRcT2qYK9OHJZffJ9Xj8+4PIAAHC0Rv/0kxHx+Wb/fzJyzd4cAAAAcJHUP5pozt3UAQAAgAsrba6BTdJCtt53ItK0UGit4f10XEnLlWrtiyuVnc3l1lrZqcinK2vl0my2Vngq8kljfy5bY9vef7djfz4iXouIH01ebu4Xlirl5WF/+AEAAAAj4mrH+P/pZJq0/noXAAAAuFCmhl0AAAAAYOCM/wEAAODiM/4HAACAC+2bN240Ur39/Ovl27s765Xb15dL1fXCxs5SYamyvVVYrVRWm9/Zt3Hc65Urla0vx+bO3WKtVK0Vq7t7tzYqO5u1W2se/QwAAADD8trnHvwhiYj9r1xupkgiXsnO5Y+4b+ycygcMTvo8F/95cOUAzl/uQL4+xHIA508/HkbXUWN8YDQkx5zvuXjnt2dfFgAAYDBmPtMx/x/9zf8DL7/nmv8HLpTcsAsADE2X+X9LAmBE5PUAYOQNfv6/bnkxAAAM2UQzJWkhmwuciDQtFCJebT4WIJ+srJVLsxHxiYj4/WT+UmN/rnlncuyYAQAAAAAAAAAAAAAAAAAAAAAAAABoqdeTqJ/A05PcBAAAAAxFRPrXJHv+18zk2xOdnw+8kvxrsrmNiDs/u/mTu4u12vZc4/ij/x2v/TQ7/u4xHzZ42DgAAACci/Y4vT2OBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICz9OTxvaV26vum3Onj/v2rETHVLf5YjDe345GPiCv/TGLswH3J2YSP/fsR8Xq3+EmjWDGVlaIzfhoRl4cc/+oZxIdR9qDR/nzc7fcvjenmtvvv31iWTutg+9doDg7Gb7d/uR7t36t9xnjj4a+KPePfj3hjrHv7046f9Ij/Vs+Ilw7tffc7e3udV7TbzvrPI2a6vv8kh2IVaxtbxeru3vW1jcXV0mppc35+7v2FDxbeW5gtrqyVS9m/XUvzw8/++j9H1f9Kj/hTx9T/7Z71P+zfD+8+/lQrm+8W/9pbh+NPZ+de7xE/zd77vpDlG+dn2vn9Vv6gN3/5uzez7DNvWY34yz3qf9z//7U+6//Ot77/pz4vBQDOQXV3b32xXC5tH59pdC/6vvjZzHT3U+0e0SleWeYlz+Ti8JF21/+sYzW6rS9IlV/8zBAbJQAAYCD+3+nv4+JDE+6XBlcoAAAAAAAAAAAAAAAAAAAAGDHn8XVinTH3h1NVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAj/TcAAP//V2HLQA==") dup(0xffffffffffffffff) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000140)={0x3, &(0x7f0000000180)=[{0x40}, {0x28, 0x0, 0x0, 0xfffbf034}, {0x6}]}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000340)={0xa, 0x0, 0x0, @empty}, 0x1c) 184.763118ms ago: executing program 1: r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x14, 0x4, 0x4, 0x6}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r0, &(0x7f0000000280), &(0x7f0000000a80)=@udp6, 0x600}, 0x20) 136.399894ms ago: executing program 0: memfd_create(&(0x7f0000000000)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x95\x8a3\xbc\xe1Ob\xe1Y\xd6\xeb\x91\x83;\xeb\xf1\xd0\xce\xe5\x19T\xff\x01\x00\x00\xe2\x9f\xd9\xae\xcf>/\x05\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbf`\'\xcb\xb6\xaf\xdc\xacD\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\xaa\xe6\x05\xe4\xc3\x90\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4\x84$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xe0\xf4\xc3\xf2\x93\xd2\xa9\xb1\f{a?\xd0\xe1\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0\xb2\xa0Z_\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\x02\xbaq\xb6Pr\x04\xcd\n\xc7\x1b\xb9\xc1\x84l\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T\x826`M\x11\x1c\xb0*K\v\x1e\xcf\x03\xd3\xe8,?\x87\x84\\/y\xed\x01#?\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\xa3\xcc\x9b\a\x00\x00\x00O\xc9\xb9\x14\x02\x00\x00\x00\xb8L\xbd\x1c4\xb59\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xd9\xc5\xe59\xa95\rm\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5', 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="500000000102010400000000000000000a0000003c0002802c000180140003002001000000000000000000000000000014000400fe88000000000000000000000000000104000280"], 0x50}}, 0x0) 79.521401ms ago: executing program 1: r0 = socket$unix(0x1, 0x5, 0x0) bind$unix(r0, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) listen(r0, 0x0) r1 = dup(r0) fcntl$setstatus(r1, 0x4, 0x42000) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, 0x0, 0x15) r4 = dup(r0) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) 62.408703ms ago: executing program 0: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001700)={0x2c, &(0x7f00000011c0)={0x0, 0x0, 0x4, "ba76598c"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, 0x0, 0x0) 0s ago: executing program 4: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c) socket$netlink(0x10, 0x3, 0x2) socketpair$unix(0x1, 0x5, 0x0, 0x0) r1 = dup(0xffffffffffffffff) getsockname$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xec}}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f00000001c0)="580000001400192340834b80040d8c560a067f0202ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100090308000000010000000000", 0x58}], 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = inotify_init1(0x0) fcntl$setown(r3, 0x8, 0xffffffffffffffff) get_robust_list(0x0, &(0x7f0000001580)=0x0, &(0x7f00000015c0)) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x4a, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) syz_usb_connect$uac1(0x0, 0xa6, &(0x7f0000003c40)=ANY=[@ANYBLOB="12010000000000406b1d01014000010203010902940003010000000904000000010100000a240100003d00020102082404000013bda60c240200000000000000000008240700000000d80904010000010200000904010101010200000905010900000000000725010000000009040200000102000009040201010102000007240100000000122402020000000003f99cf67d5842929e1909058209000200000007"], 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x7ff, 0x1000000, 0x40, 0x1000, r1, 0x6, '\x00', r2, r0, 0x0, 0x4, 0x2, 0x1}, 0x48) sync_file_range(r4, 0x8000000000000001, 0x1, 0x3) kernel console output (not intermixed with test programs): [ 5.075081][ T152] S02sysctl (152) used greatest stack depth: 23064 bytes left [ 5.316368][ T161] udevd[161]: starting version 3.2.11 [ 5.353794][ T162] udevd[162]: starting eudev-3.2.11 [ 6.687502][ T140] rcS (140) used greatest stack depth: 23000 bytes left [ 12.385739][ T23] kauditd_printk_skb: 50 callbacks suppressed [ 12.385747][ T23] audit: type=1400 audit(1718990720.180:61): avc: denied { transition } for pid=283 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.389704][ T23] audit: type=1400 audit(1718990720.180:62): avc: denied { noatsecure } for pid=283 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.392263][ T23] audit: type=1400 audit(1718990720.190:63): avc: denied { write } for pid=283 comm="sh" path="pipe:[9850]" dev="pipefs" ino=9850 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 12.395587][ T23] audit: type=1400 audit(1718990720.190:64): avc: denied { rlimitinh } for pid=283 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.398076][ T23] audit: type=1400 audit(1718990720.190:65): avc: denied { siginh } for pid=283 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.103' (ED25519) to the list of known hosts. 2024/06/21 17:25:27 fuzzer started 2024/06/21 17:25:27 dialing manager at 10.128.0.163:30000 [ 19.804924][ T23] audit: type=1400 audit(1718990727.600:66): avc: denied { node_bind } for pid=343 comm="syz-fuzzer" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 19.808169][ T23] audit: type=1400 audit(1718990727.600:67): avc: denied { name_bind } for pid=343 comm="syz-fuzzer" src=6060 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 19.840368][ T23] audit: type=1400 audit(1718990727.640:68): avc: denied { mounton } for pid=353 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 19.860202][ T352] cgroup1: Unknown subsys name 'net' [ 19.867107][ T23] audit: type=1400 audit(1718990727.640:69): avc: denied { mount } for pid=353 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 19.891587][ T352] cgroup1: Unknown subsys name 'net_prio' [ 19.893793][ T23] audit: type=1400 audit(1718990727.660:70): avc: denied { mounton } for pid=352 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 19.899172][ T352] cgroup1: Unknown subsys name 'devices' [ 19.920953][ T23] audit: type=1400 audit(1718990727.660:71): avc: denied { mount } for pid=352 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.948378][ T23] audit: type=1400 audit(1718990727.680:72): avc: denied { setattr } for pid=360 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=841 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 19.954050][ T357] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 19.980183][ T23] audit: type=1400 audit(1718990727.780:73): avc: denied { relabelto } for pid=357 comm="mkswap" name="swap-file" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.005852][ T23] audit: type=1400 audit(1718990727.780:75): avc: denied { write } for pid=357 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.031324][ T23] audit: type=1400 audit(1718990727.780:74): avc: denied { unmount } for pid=352 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.050886][ T354] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 20.119336][ T352] cgroup1: Unknown subsys name 'hugetlb' [ 20.125198][ T352] cgroup1: Unknown subsys name 'rlimit' 2024/06/21 17:25:28 starting 5 executor processes [ 20.749937][ T370] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.756807][ T370] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.764163][ T370] device bridge_slave_0 entered promiscuous mode [ 20.772677][ T370] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.779540][ T370] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.786664][ T370] device bridge_slave_1 entered promiscuous mode [ 20.810785][ T371] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.817637][ T371] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.824796][ T371] device bridge_slave_0 entered promiscuous mode [ 20.857039][ T371] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.863862][ T371] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.871684][ T371] device bridge_slave_1 entered promiscuous mode [ 20.938351][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.945184][ T372] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.952567][ T372] device bridge_slave_0 entered promiscuous mode [ 20.959352][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.966169][ T372] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.973553][ T372] device bridge_slave_1 entered promiscuous mode [ 20.996361][ T373] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.003239][ T373] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.010562][ T373] device bridge_slave_0 entered promiscuous mode [ 21.037323][ T373] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.044150][ T373] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.051567][ T373] device bridge_slave_1 entered promiscuous mode [ 21.136776][ T374] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.143614][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.151110][ T374] device bridge_slave_0 entered promiscuous mode [ 21.157975][ T374] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.164879][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.172219][ T374] device bridge_slave_1 entered promiscuous mode [ 21.256191][ T370] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.263044][ T370] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.270168][ T370] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.276925][ T370] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.287871][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.294695][ T372] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.301838][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.308593][ T372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.320961][ T374] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.327794][ T374] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.334889][ T374] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.341791][ T374] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.353659][ T371] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.360505][ T371] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.367615][ T371] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.374365][ T371] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.445538][ T373] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.452386][ T373] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.459533][ T373] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.466260][ T373] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.479890][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.486881][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.493785][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.501335][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.508393][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.515710][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.522736][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.529865][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.536848][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.544176][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.551202][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.558347][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 21.565528][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.586742][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.594465][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.602802][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.609642][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.617417][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.625330][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.632163][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.639313][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.647149][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.680688][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.688889][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.696929][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.703762][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.711212][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.719278][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.726081][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.733276][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.741232][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.748069][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.755186][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.763147][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.769976][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.777309][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.785240][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.792071][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.799204][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.807162][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.813964][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.836737][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 21.844638][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.853660][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 21.862020][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.869863][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 21.877759][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.885612][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.893861][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.901889][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.909575][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.928870][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 21.937079][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.944739][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 21.953212][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.988926][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.998520][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.006607][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.015043][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.023229][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.031092][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.038814][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.046902][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.055083][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.063368][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.071598][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.079622][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.093779][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.101989][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.115907][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.123544][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.131144][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.138994][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.160917][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.169724][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.178028][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.185967][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.194590][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 22.202882][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.211081][ T376] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.217998][ T376] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.225233][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.233429][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.248624][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.258377][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.266296][ T376] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.273055][ T376] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.281190][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.289351][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.303537][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.313623][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.337195][ T392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.345534][ T392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.354313][ T392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.356363][ T398] ====================================================== [ 22.356363][ T398] WARNING: the mand mount option is being deprecated and [ 22.356363][ T398] will be removed in v5.15! [ 22.356363][ T398] ====================================================== [ 22.363503][ T392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.409536][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.418012][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.426051][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.430055][ T398] FAT-fs (loop2): Directory bread(block 64) failed [ 22.434228][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.440598][ T398] FAT-fs (loop2): Directory bread(block 65) failed [ 22.448572][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.454591][ T398] FAT-fs (loop2): Directory bread(block 66) failed [ 22.462642][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.468689][ T398] FAT-fs (loop2): Directory bread(block 67) failed [ 22.476753][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.483317][ T398] FAT-fs (loop2): Directory bread(block 68) failed [ 22.491097][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.497081][ T398] FAT-fs (loop2): Directory bread(block 69) failed [ 22.505147][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.511340][ T398] FAT-fs (loop2): Directory bread(block 70) failed [ 22.519480][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.525504][ T398] FAT-fs (loop2): Directory bread(block 71) failed [ 22.539921][ T398] FAT-fs (loop2): Directory bread(block 72) failed [ 22.546998][ T398] FAT-fs (loop2): Directory bread(block 73) failed [ 22.568789][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.577688][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.585840][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.595197][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.628485][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.636227][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.648178][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.656034][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.688910][ T369] udevd (369) used greatest stack depth: 22712 bytes left [ 22.715661][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.725400][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.733608][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.744003][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.838580][ T414] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 22.847711][ T414] ext4 filesystem being mounted at /root/syzkaller-testdir1324440649/syzkaller.eaooh9/3/file0 supports timestamps until 2038 (0x7fffffff) [ 22.865295][ T414] fs-verity: sha512 using implementation "sha512-generic" [ 23.297137][ T414] syz-executor.2 (414) used greatest stack depth: 19768 bytes left [ 23.446806][ T124] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 23.531585][ T435] FAT-fs (loop2): Directory bread(block 64) failed [ 23.538005][ T435] FAT-fs (loop2): Directory bread(block 65) failed [ 23.544321][ T435] FAT-fs (loop2): Directory bread(block 66) failed [ 23.550716][ T435] FAT-fs (loop2): Directory bread(block 67) failed [ 23.557128][ T435] FAT-fs (loop2): Directory bread(block 68) failed [ 23.563384][ T435] FAT-fs (loop2): Directory bread(block 69) failed [ 23.594560][ T435] FAT-fs (loop2): Directory bread(block 70) failed [ 23.603763][ T435] FAT-fs (loop2): Directory bread(block 71) failed [ 23.610153][ T435] FAT-fs (loop2): Directory bread(block 72) failed [ 23.618349][ T435] FAT-fs (loop2): Directory bread(block 73) failed [ 23.876830][ T124] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 23.893928][ T124] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 23.920070][ T124] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 23.930156][ T124] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 23.972155][ T452] F2FS-fs (loop2): Found nat_bits in checkpoint [ 24.007554][ T452] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 24.016846][ T124] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 24.025753][ T124] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 24.033635][ T124] usb 4-1: Manufacturer: syz [ 24.039329][ T124] usb 4-1: config 0 descriptor?? [ 24.047118][ T474] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors [ 24.061528][ T474] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (25054!=20869) [ 24.071009][ T474] EXT4-fs (loop1): filesystem has both journal inode and journal device! [ 24.366851][ T392] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 24.446235][ T479] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 24.489283][ T7] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 24.537709][ T124] appleir 0003:05AC:8243.0001: unknown main item tag 0x0 [ 24.544848][ T124] appleir 0003:05AC:8243.0001: No inputs registered, leaving [ 24.554758][ T124] appleir 0003:05AC:8243.0001: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 24.663059][ T371] attempt to access beyond end of device [ 24.663059][ T371] loop2: rw=2049, want=45104, limit=40427 [ 24.736853][ T392] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 24.747813][ T392] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 24.757552][ T392] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 24.934842][ T392] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 24.944704][ T392] usb 1-1: config 0 descriptor?? [ 25.071578][ T521] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 25.103170][ T23] kauditd_printk_skb: 185 callbacks suppressed [ 25.103179][ T23] audit: type=1326 audit(1718990732.900:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=528 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01cfe630a9 code=0x7ffc0000 [ 25.142078][ T23] audit: type=1326 audit(1718990732.930:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=528 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f01cfe630a9 code=0x7ffc0000 [ 25.166412][ T23] audit: type=1326 audit(1718990732.930:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=528 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01cfe630a9 code=0x7ffc0000 [ 25.190977][ T23] audit: type=1326 audit(1718990732.930:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=528 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f01cfe630a9 code=0x7ffc0000 [ 25.219632][ T23] audit: type=1326 audit(1718990732.930:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=528 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01cfe630a9 code=0x7ffc0000 [ 25.243604][ T23] audit: type=1326 audit(1718990732.930:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=528 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f01cfe60827 code=0x7ffc0000 [ 25.267303][ T23] audit: type=1326 audit(1718990732.930:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=528 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f01cfe264e9 code=0x7ffc0000 [ 25.291123][ T23] audit: type=1326 audit(1718990732.930:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=528 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=281 compat=0 ip=0x7f01cfe630a9 code=0x7ffc0000 [ 25.314726][ T23] audit: type=1326 audit(1718990732.930:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=528 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f01cfe60827 code=0x7ffc0000 [ 25.338308][ T23] audit: type=1326 audit(1718990732.930:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=528 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f01cfe264e9 code=0x7ffc0000 [ 25.351784][ T532] F2FS-fs (loop2): Found nat_bits in checkpoint [ 25.386217][ T532] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 25.478226][ T543] EXT4-fs (loop1): cluster size (2048) smaller than block size (4096) [ 25.846842][ T392] usb 1-1: string descriptor 0 read error: -71 [ 25.866820][ T392] uclogic 0003:256C:006D.0002: failed retrieving string descriptor #200: -71 [ 25.875436][ T392] uclogic 0003:256C:006D.0002: failed retrieving pen parameters: -71 [ 25.883534][ T392] uclogic 0003:256C:006D.0002: failed probing pen v2 parameters: -71 [ 25.891481][ T392] uclogic 0003:256C:006D.0002: failed probing parameters: -71 [ 25.898782][ T392] uclogic: probe of 0003:256C:006D.0002 failed with error -71 [ 25.913941][ T550] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 25.961173][ T550] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6099: Corrupt filesystem [ 25.970973][ T392] usb 1-1: USB disconnect, device number 2 [ 25.971600][ T400] usb 4-1: reset high-speed USB device number 2 using dummy_hcd [ 25.984439][ T550] EXT4-fs error (device loop4): ext4_map_blocks:731: inode #15: block 1803188595: comm syz-executor.4: lblock 0 mapped to illegal pblock 1803188595 (length 1) [ 26.000483][ T550] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 26.018679][ T550] EXT4-fs (loop4): This should not happen!! Data will be lost [ 26.018679][ T550] [ 26.041998][ T370] EXT4-fs error (device loop4): ext4_map_blocks:617: inode #2: block 16: comm syz-executor.4: lblock 0 mapped to illegal pblock 16 (length 1) [ 26.057792][ T370] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6099: Corrupt filesystem [ 26.067441][ T371] attempt to access beyond end of device [ 26.067441][ T371] loop2: rw=2049, want=45104, limit=40427 [ 26.078783][ T9] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:455: comm kworker/u4:1: Invalid block bitmap block 0 in block_group 0 [ 26.092796][ T9] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 1 with error 117 [ 26.105113][ T9] EXT4-fs (loop4): This should not happen!! Data will be lost [ 26.105113][ T9] [ 26.115306][ T370] EXT4-fs (loop4): Inode 15 (ffff8881d6fc4f78): i_reserved_data_blocks (1) not cleared! [ 26.367342][ T556] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.386739][ T556] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.393924][ T556] device bridge_slave_0 entered promiscuous mode [ 26.408109][ T556] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.415008][ T556] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.432982][ T575] FAT-fs (loop1): Directory bread(block 64) failed [ 26.439606][ T556] device bridge_slave_1 entered promiscuous mode [ 26.446783][ T575] FAT-fs (loop1): Directory bread(block 65) failed [ 26.453146][ T575] FAT-fs (loop1): Directory bread(block 66) failed [ 26.459515][ T575] FAT-fs (loop1): Directory bread(block 67) failed [ 26.465924][ T575] FAT-fs (loop1): Directory bread(block 68) failed [ 26.472278][ T575] FAT-fs (loop1): Directory bread(block 69) failed [ 26.479032][ T575] FAT-fs (loop1): Directory bread(block 70) failed [ 26.485350][ T575] FAT-fs (loop1): Directory bread(block 71) failed [ 26.492096][ T575] FAT-fs (loop1): Directory bread(block 72) failed [ 26.498447][ T575] FAT-fs (loop1): Directory bread(block 73) failed [ 26.520401][ T556] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.527267][ T556] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.534332][ T556] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.541123][ T556] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.561938][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.569637][ T376] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.576585][ T376] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.596249][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.607710][ T376] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.614549][ T376] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.621857][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.630417][ T376] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.637251][ T376] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.661102][ T547] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.665500][ T581] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 26.669150][ T547] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.696603][ T547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.704803][ T547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.707480][ T585] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 26.722047][ T585] ext4 filesystem being mounted at /root/syzkaller-testdir357792561/syzkaller.5tDCaC/2/file0 supports timestamps until 2038 (0x7fffffff) [ 26.748539][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.764266][ T392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.772573][ T392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.786462][ T592] EXT4-fs (loop2): cluster size (2048) smaller than block size (4096) [ 26.807552][ T581] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6099: Corrupt filesystem [ 26.817269][ T581] EXT4-fs error (device loop0): ext4_map_blocks:731: inode #15: block 1803188595: comm syz-executor.0: lblock 0 mapped to illegal pblock 1803188595 (length 1) [ 26.833288][ T9] device bridge_slave_1 left promiscuous mode [ 26.833596][ T581] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 26.839604][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.851436][ T581] EXT4-fs (loop0): This should not happen!! Data will be lost [ 26.851436][ T581] [ 26.868001][ T9] device bridge_slave_0 left promiscuous mode [ 26.874210][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.898336][ T362] usb 4-1: USB disconnect, device number 2 [ 26.923027][ T373] EXT4-fs error (device loop0): ext4_map_blocks:617: inode #2: block 16: comm syz-executor.0: lblock 0 mapped to illegal pblock 16 (length 1) [ 26.939445][ T373] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6099: Corrupt filesystem [ 26.952789][ T7] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:455: comm kworker/u4:0: Invalid block bitmap block 0 in block_group 0 [ 26.982348][ T7] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 1 with error 117 [ 27.024602][ T7] EXT4-fs (loop0): This should not happen!! Data will be lost [ 27.024602][ T7] [ 27.041176][ T373] EXT4-fs (loop0): Inode 15 (ffff8881d6f6ee68): i_reserved_data_blocks (1) not cleared! [ 27.179276][ T608] F2FS-fs (loop3): invalid crc value [ 27.199084][ T608] F2FS-fs (loop3): Found nat_bits in checkpoint [ 27.209383][ T621] device syzkaller0 entered promiscuous mode [ 27.245717][ T608] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 27.257631][ T615] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.264517][ T615] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.271936][ T615] device bridge_slave_0 entered promiscuous mode [ 27.279595][ T615] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.286488][ T615] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.293610][ T374] attempt to access beyond end of device [ 27.293610][ T374] loop3: rw=2049, want=45104, limit=40427 [ 27.293975][ T615] device bridge_slave_1 entered promiscuous mode [ 27.377241][ T615] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.384099][ T615] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.391238][ T615] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.397982][ T615] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.422682][ T630] capability: warning: `syz-executor.4' uses deprecated v2 capabilities in a way that may be insecure [ 27.427881][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.443266][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.450784][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.467224][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.475276][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.482120][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.489872][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.498238][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.505054][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.529222][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.538774][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.546589][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.566860][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.579292][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.582727][ T633] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 27.598353][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 27.606579][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 27.703629][ T648] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6099: Corrupt filesystem [ 27.715627][ T648] EXT4-fs error (device loop4): ext4_map_blocks:731: inode #15: block 1803188595: comm syz-executor.4: lblock 0 mapped to illegal pblock 1803188595 (length 1) [ 27.740915][ T648] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 27.753414][ T648] EXT4-fs (loop4): This should not happen!! Data will be lost [ 27.753414][ T648] [ 27.808831][ T556] EXT4-fs error (device loop4): ext4_map_blocks:617: inode #2: block 16: comm syz-executor.4: lblock 0 mapped to illegal pblock 16 (length 1) [ 27.823272][ T556] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6099: Corrupt filesystem [ 27.836400][ T412] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:455: comm kworker/u4:3: Invalid block bitmap block 0 in block_group 0 [ 28.044670][ T412] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 1 with error 117 [ 28.061464][ T641] EXT4-fs (loop0): #blocks per group too big: 24576 [ 28.068019][ T412] EXT4-fs (loop4): This should not happen!! Data will be lost [ 28.068019][ T412] [ 28.078873][ T556] EXT4-fs (loop4): Inode 15 (ffff8881cfd5f8b8): i_reserved_data_blocks (1) not cleared! [ 28.108673][ T644] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv1,bsddf,barrier=0x0000000000000000,norecovery,debug_want_extra_isize=0x0000000000000080,nogrpid,nodelalloc,acl,noinit_itable,,errors=continue [ 28.193577][ T644] EXT4-fs error (device loop2): ext4_map_blocks:617: inode #15: block 1803188595: comm syz-executor.2: lblock 0 mapped to illegal pblock 1803188595 (length 1) [ 28.218591][ T644] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2815: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 28.388336][ T9] device bridge_slave_1 left promiscuous mode [ 28.394329][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.401695][ T9] device bridge_slave_0 left promiscuous mode [ 28.407872][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.410266][ T663] F2FS-fs (loop0): invalid crc value [ 28.421642][ T663] F2FS-fs (loop0): Found nat_bits in checkpoint [ 28.712238][ T663] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 28.742847][ T615] attempt to access beyond end of device [ 28.742847][ T615] loop0: rw=2049, want=45104, limit=40427 [ 28.835924][ T680] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.843127][ T680] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.850898][ T680] device bridge_slave_0 entered promiscuous mode [ 28.857890][ T680] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.864744][ T680] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.872361][ T680] device bridge_slave_1 entered promiscuous mode [ 28.921313][ T680] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.928167][ T680] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.935251][ T680] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.942045][ T680] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.963705][ T392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.969900][ T691] F2FS-fs (loop1): invalid crc value [ 28.975937][ T392] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.978429][ T691] F2FS-fs (loop1): Found nat_bits in checkpoint [ 28.989009][ T392] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.000207][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 29.008527][ T376] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.015353][ T376] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.021473][ T691] F2FS-fs (loop1): Cannot turn on quotas: -2 on 1 [ 29.031708][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 29.040135][ T691] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 29.048825][ T362] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.055750][ T362] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.074058][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.082456][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.107787][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.122981][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.141243][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.167879][ T376] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.185594][ T362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.201882][ T704] kvm: emulating exchange as write [ 29.243919][ T709] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv1,bsddf,barrier=0x0000000000000000,norecovery,debug_want_extra_isize=0x0000000000000080,nogrpid,nodelalloc,acl,noinit_itable,,errors=continue [ 29.277628][ T709] EXT4-fs error (device loop2): ext4_map_blocks:617: inode #15: block 1803188595: comm syz-executor.2: lblock 0 mapped to illegal pblock 1803188595 (length 1) [ 29.316240][ T712] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 29.329325][ T721] overlayfs: unrecognized mount option "fowner<00000000000000000000" or missing value [ 29.443060][ T745] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6099: Corrupt filesystem [ 29.455655][ T745] EXT4-fs error (device loop4): ext4_map_blocks:731: inode #15: block 1803188595: comm syz-executor.4: lblock 0 mapped to illegal pblock 1803188595 (length 1) [ 29.472294][ T745] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 29.487038][ T745] EXT4-fs (loop4): This should not happen!! Data will be lost [ 29.487038][ T745] [ 29.795286][ T680] EXT4-fs error (device loop4): ext4_map_blocks:617: inode #2: block 16: comm syz-executor.4: lblock 0 mapped to illegal pblock 16 (length 1) [ 29.829592][ T680] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6099: Corrupt filesystem [ 29.843433][ T412] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:455: comm kworker/u4:3: Invalid block bitmap block 0 in block_group 0 [ 29.857612][ T412] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 1 with error 117 [ 29.873435][ T412] EXT4-fs (loop4): This should not happen!! Data will be lost [ 29.873435][ T412] [ 29.883581][ T680] EXT4-fs (loop4): Inode 15 (ffff8881cfe84a50): i_reserved_data_blocks (1) not cleared! [ 29.890710][ T740] F2FS-fs (loop3): invalid crc value [ 29.908884][ T740] F2FS-fs (loop3): Found nat_bits in checkpoint [ 29.954338][ T740] F2FS-fs (loop3): Cannot turn on quotas: -2 on 1 [ 29.961911][ T740] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 30.007108][ T9] device bridge_slave_1 left promiscuous mode [ 30.023651][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.046019][ T9] device bridge_slave_0 left promiscuous mode [ 30.052204][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.305890][ T23] kauditd_printk_skb: 36 callbacks suppressed [ 30.305899][ T23] audit: type=1400 audit(1718990738.100:307): avc: denied { write } for pid=777 comm="syz-executor.1" name="dev" dev="proc" ino=4026532455 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 30.428111][ T785] [ 30.430274][ T785] ********************************************************** [ 30.451096][ T774] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.460284][ T785] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 30.469743][ T774] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.480821][ T23] audit: type=1400 audit(1718990738.140:308): avc: denied { nlmsg_read } for pid=777 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 30.481276][ T774] device bridge_slave_0 entered promiscuous mode [ 30.511439][ T785] ** ** [ 30.518721][ T23] audit: type=1400 audit(1718990738.220:309): avc: denied { ioctl } for pid=782 comm="syz-executor.0" path="socket:[14503]" dev="sockfs" ino=14503 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 30.519435][ T785] ** trace_printk() being used. Allocating extra memory. ** [ 30.556808][ T785] ** ** [ 30.567710][ T774] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.574724][ T774] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.574788][ T785] ** This means that this is a DEBUG kernel and it is ** [ 30.587981][ T23] audit: type=1400 audit(1718990738.220:310): avc: denied { setopt } for pid=782 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 30.606886][ T785] ** unsafe for production use. ** [ 30.617526][ T774] device bridge_slave_1 entered promiscuous mode [ 30.625733][ T785] ** ** [ 30.635841][ T23] audit: type=1400 audit(1718990738.220:311): avc: denied { write } for pid=782 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 30.646759][ T785] ** If you see this message and you are not debugging ** [ 30.696766][ T785] ** the kernel, report this immediately to your vendor! ** [ 30.726983][ T785] ** ** [ 30.786722][ T785] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 30.793904][ T785] ********************************************************** [ 30.800774][ T774] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.807995][ T774] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.815108][ T774] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.821894][ T774] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.897741][ T547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.907701][ T547] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.914791][ T547] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.938606][ T547] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.946959][ T547] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.953809][ T547] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.964937][ T547] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.975181][ T547] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.982042][ T547] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.008728][ T547] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 31.023822][ T547] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 31.043262][ T547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 31.047955][ T805] overlayfs: unrecognized mount option "fowner<00000000000000000000" or missing value [ 31.059076][ T547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 31.082848][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 31.101838][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 31.124431][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 31.189241][ T23] audit: type=1400 audit(1718990738.990:312): avc: denied { create } for pid=824 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 31.232305][ T23] audit: type=1400 audit(1718990738.990:313): avc: denied { bind } for pid=824 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 31.255551][ T23] audit: type=1400 audit(1718990738.990:314): avc: denied { ioctl } for pid=824 comm="syz-executor.2" path="socket:[14676]" dev="sockfs" ino=14676 ioctlcmd=0x48e7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 31.257702][ T837] device syzkaller0 entered promiscuous mode [ 31.321518][ T809] F2FS-fs (loop3): Found nat_bits in checkpoint [ 31.360189][ T809] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 31.379394][ T23] audit: type=1400 audit(1718990739.180:315): avc: denied { unmount } for pid=371 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 31.474373][ T846] overlayfs: unrecognized mount option "fowner<00000000000000000000" or missing value [ 31.517189][ T9] device bridge_slave_1 left promiscuous mode [ 31.523243][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.530603][ T9] device bridge_slave_0 left promiscuous mode [ 31.537045][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.869846][ T376] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 31.877477][ T374] attempt to access beyond end of device [ 31.877477][ T374] loop3: rw=2049, want=45104, limit=40427 [ 31.984220][ T866] device syzkaller0 entered promiscuous mode [ 32.055575][ T23] audit: type=1400 audit(1718990739.810:316): avc: denied { write } for pid=869 comm="syz-executor.0" laddr=172.20.20.10 lport=250 faddr=172.20.20.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 32.123060][ T873] overlayfs: unrecognized mount option "fowner<00000000000000000000" or missing value [ 32.266870][ T376] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 32.451809][ T376] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 32.486742][ T376] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 32.506455][ T376] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 32.606876][ T376] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 32.618547][ T376] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 32.651972][ T376] usb 3-1: Manufacturer: syz [ 32.660097][ T376] usb 3-1: config 0 descriptor?? [ 32.665995][ T880] EXT4-fs (loop1): #blocks per group too big: 24576 [ 32.886524][ T907] input: syz0 as /devices/virtual/input/input4 [ 33.137985][ T376] appleir 0003:05AC:8243.0003: unknown main item tag 0x0 [ 33.149953][ T376] appleir 0003:05AC:8243.0003: No inputs registered, leaving [ 33.170752][ T376] appleir 0003:05AC:8243.0003: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 33.203404][ T412] Bluetooth: hci0: Frame reassembly failed (-84) [ 33.248284][ T928] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 33.256663][ T928] EXT4-fs (loop0): Ignoring removed orlov option [ 33.298215][ T928] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,grpid,nomblk_io_submit,stripe=0x000000000004ffff,norecovery,orlov,bsddf,nombcache,noquota,,errors=continue [ 33.475040][ T913] A link change request failed with some changes committed already. Interface veth0_macvtap may have been left with an inconsistent configuration, please check. [ 34.496744][ T376] usb 3-1: reset high-speed USB device number 2 using dummy_hcd [ 34.821132][ T981] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 34.829979][ T981] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 35.276730][ T5] Bluetooth: hci0: command 0x1003 tx timeout [ 35.282613][ T929] Bluetooth: hci0: sending frame failed (-49) [ 35.588190][ T582] usb 3-1: USB disconnect, device number 2 [ 35.867263][ T997] A link change request failed with some changes committed already. Interface veth0_macvtap may have been left with an inconsistent configuration, please check. [ 35.933025][ T23] kauditd_printk_skb: 17 callbacks suppressed [ 35.933034][ T23] audit: type=1400 audit(1718990743.730:334): avc: denied { read } for pid=1010 comm="syz-executor.2" path="socket:[15123]" dev="sockfs" ino=15123 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 36.125412][ T23] audit: type=1400 audit(1718990743.920:335): avc: denied { read } for pid=1026 comm="syz-executor.3" name="rtc0" dev="devtmpfs" ino=846 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 36.165138][ T23] audit: type=1400 audit(1718990743.950:336): avc: denied { open } for pid=1026 comm="syz-executor.3" path="/dev/rtc0" dev="devtmpfs" ino=846 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 36.203787][ T23] audit: type=1400 audit(1718990743.950:337): avc: denied { ioctl } for pid=1026 comm="syz-executor.3" path="/dev/rtc0" dev="devtmpfs" ino=846 ioctlcmd=0x700f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 36.340481][ T1033] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 36.349434][ T1033] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 36.556787][ T582] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 36.916941][ T582] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 36.935303][ T582] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 36.946056][ T582] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 36.955587][ T582] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 37.046916][ T582] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 37.065967][ T582] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 37.073936][ T582] usb 3-1: Manufacturer: syz [ 37.079172][ T582] usb 3-1: config 0 descriptor?? [ 37.279606][ T23] audit: type=1400 audit(1718990745.080:338): avc: denied { create } for pid=1067 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 37.281276][ T1068] l2tp_ppp: tunl 8: set debug=b3 [ 37.316771][ T23] audit: type=1400 audit(1718990745.080:339): avc: denied { connect } for pid=1067 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 37.346769][ T23] audit: type=1400 audit(1718990745.080:340): avc: denied { setopt } for pid=1067 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 37.346772][ T412] l2tp_core: tunl 8: closing all sessions... [ 37.374448][ T376] Bluetooth: hci0: command 0x1001 tx timeout [ 37.380480][ T929] Bluetooth: hci0: sending frame failed (-49) [ 37.386732][ C1] l2tp_core: tunl 8: closing... [ 37.418922][ T1072] request_module fs-ntfs3 succeeded, but still no fs? [ 37.601116][ T582] appleir 0003:05AC:8243.0004: unknown main item tag 0x0 [ 37.615196][ T582] appleir 0003:05AC:8243.0004: No inputs registered, leaving [ 37.649296][ T582] appleir 0003:05AC:8243.0004: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 38.047903][ T1110] erofs: (device loop3): mounted with opts: , root inode @ nid 36. [ 38.063900][ T1075] A link change request failed with some changes committed already. Interface veth0_macvtap may have been left with an inconsistent configuration, please check. [ 38.294311][ T1135] netlink: 'syz-executor.3': attribute type 5 has an invalid length. [ 38.387775][ T1139] erofs: (device loop3): mounted with opts: , root inode @ nid 36. [ 38.457827][ T23] audit: type=1400 audit(1718990746.260:341): avc: denied { create } for pid=1149 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 38.477408][ T23] audit: type=1400 audit(1718990746.260:342): avc: denied { connect } for pid=1149 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 38.601715][ T1153] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 38.610502][ T1153] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 38.662991][ T23] audit: type=1400 audit(1718990746.260:343): avc: denied { write } for pid=1149 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 38.844031][ T1164] netlink: 'syz-executor.4': attribute type 5 has an invalid length. [ 39.046772][ T582] usb 3-1: reset high-speed USB device number 3 using dummy_hcd [ 39.274538][ T1170] A link change request failed with some changes committed already. Interface veth0_macvtap may have been left with an inconsistent configuration, please check. [ 39.436931][ T400] Bluetooth: hci0: command 0x1009 tx timeout [ 39.595382][ T1193] l2tp_ppp: tunl 8: set debug=b3 [ 39.611587][ T412] l2tp_core: tunl 8: closing all sessions... [ 39.636789][ C1] l2tp_core: tunl 8: closing... [ 39.816232][ T1208] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 39.825055][ T1208] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 40.177083][ T5] usb 3-1: USB disconnect, device number 3 [ 40.188049][ T1217] erofs: (device loop4): mounted with opts: , root inode @ nid 36. [ 40.252870][ T1224] l2tp_ppp: tunl 8: set debug=b3 [ 40.257923][ T412] l2tp_core: tunl 8: closing all sessions... [ 40.288075][ T1221] EXT4-fs: Warning: mounting with data=journal disables delayed allocation and O_DIRECT support! [ 40.298784][ T1221] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 40.303346][ C1] l2tp_core: tunl 8: closing... [ 40.308403][ T1221] EXT4-fs (loop4): group descriptors corrupted! [ 40.566761][ T392] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 40.638677][ T1236] EXT4-fs (loop2): Unsupported blocksize for fs encryption [ 40.706739][ T547] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 40.926793][ T392] usb 4-1: config 1 has an invalid descriptor of length 7, skipping remainder of the config [ 40.941631][ T392] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 40.952249][ T547] usb 5-1: Using ep0 maxpacket: 8 [ 40.966792][ T392] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 40.976254][ T392] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 41.053825][ T1249] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.1'. [ 41.086774][ T547] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 41.094831][ T547] usb 5-1: config 179 has no interface number 0 [ 41.116927][ T547] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 41.136772][ T547] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 41.156812][ T392] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 41.165643][ T392] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 41.173635][ T547] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 41.196871][ T392] usb 4-1: Product: syz [ 41.200838][ T392] usb 4-1: Manufacturer: syz [ 41.205262][ T392] usb 4-1: SerialNumber: syz [ 41.209734][ T547] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 41.221851][ T1247] A link change request failed with some changes committed already. Interface veth0_macvtap may have been left with an inconsistent configuration, please check. [ 41.226756][ T547] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 41.266791][ T547] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 41.275621][ T547] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 41.316802][ T1221] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 41.557674][ T74] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input5 [ 41.586856][ T392] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor [ 41.599124][ T392] usb 4-1: 2:1 : unknown format tag 0x0 is detected. processed as MPEG. [ 41.607389][ T392] usb 4-1: found format II with max.bitrate = 0, frame size=0 [ 41.614773][ T392] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor [ 41.622501][ T392] usb 4-1: 2:1 : unknown format tag 0x0 is detected. processed as MPEG. [ 41.630721][ T392] usb 4-1: found format II with max.bitrate = 0, frame size=0 [ 41.640869][ T1254] F2FS-fs (loop1): Test dummy encryption mode enabled [ 41.649009][ T1254] F2FS-fs (loop1): invalid crc value [ 41.655716][ T1254] F2FS-fs (loop1): Found nat_bits in checkpoint [ 41.680498][ T392] usb 4-1: USB disconnect, device number 3 [ 41.695305][ T1254] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 41.706914][ T1254] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 41.715208][ T23] kauditd_printk_skb: 3 callbacks suppressed [ 41.715220][ T23] audit: type=1400 audit(1718990749.510:347): avc: denied { remove_name } for pid=1253 comm="syz-executor.1" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop1" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 41.765982][ T23] audit: type=1400 audit(1718990749.560:348): avc: denied { rename } for pid=1253 comm="syz-executor.1" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop1" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 41.847539][ T23] audit: type=1400 audit(1718990749.630:349): avc: denied { setattr } for pid=1265 comm="syz-executor.2" name="/" dev="configfs" ino=9261 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 41.941800][ T582] usb 5-1: USB disconnect, device number 2 [ 41.946769][ C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 41.966647][ T1272] EXT4-fs (loop2): Unsupported blocksize for fs encryption [ 42.098277][ T1275] EXT4-fs (loop3): mounted filesystem without journal. Opts: noinit_itable,usrquota,dioread_lock,norecovery,debug_want_extra_isize=0x0000000000000032,lazytime,nodelalloc,usrquota,nombcache,,errors=continue [ 42.122852][ T1275] SELinux: Context : is not valid (left unmapped). [ 42.129514][ T23] audit: type=1400 audit(1718990749.930:350): avc: denied { relabelto } for pid=1274 comm="syz-executor.3" name="rdma.current" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon=":" [ 42.159275][ T23] audit: type=1400 audit(1718990749.940:351): avc: denied { append } for pid=1274 comm="syz-executor.3" path="/root/syzkaller-testdir357792561/syzkaller.5tDCaC/79/file1/rdma.current" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon=":" [ 42.226184][ T1292] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.3'. [ 42.245761][ T23] audit: type=1400 audit(1718990750.040:352): avc: denied { write } for pid=1293 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 42.274573][ T23] audit: type=1400 audit(1718990750.070:353): avc: denied { nlmsg_write } for pid=1293 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 42.413322][ T1310] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100) [ 42.421077][ T1310] FAT-fs (loop1): Filesystem has been set read-only [ 42.427559][ T1310] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100) [ 42.435224][ T1310] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100) [ 42.446284][ T1308] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 42.539642][ T1308] EXT4-fs error (device loop3): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 42.566155][ T1322] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.4'. [ 42.823523][ T1340] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 42.831317][ T1340] FAT-fs (loop4): Filesystem has been set read-only [ 42.837873][ T1340] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 42.845569][ T1340] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 42.979998][ T1343] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 42.991427][ T1343] EXT4-fs (loop4): orphan cleanup on readonly fs [ 42.999240][ T1343] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3002: comm syz-executor.4: Allocating blocks 41-42 which overlap fs metadata [ 43.013266][ T1343] EXT4-fs (loop4): Remounting filesystem read-only [ 43.019980][ T1343] Quota error (device loop4): write_blk: dquota write failed [ 43.022734][ T1352] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.2'. [ 43.027610][ T1343] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 43.036384][ T400] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 43.046154][ T1343] EXT4-fs (loop4): 1 truncate cleaned up [ 43.058990][ T1343] EXT4-fs (loop4): pa ffff8881d6e4bb28: logic 1, phys. 41, len 23 [ 43.066917][ T1343] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:3899: group 0, free 22, pa_free 23 [ 43.077305][ T1343] EXT4-fs (loop4): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000005,noblock_validity,usrquota,resgid=0x0000000000000000,nogrpid,errors=remount-ro,noinit_itable,inode_readahead_blks=0x0000000000000001,resuid=0x00000000000000002 [ 43.131111][ T23] audit: type=1400 audit(1718990750.930:354): avc: denied { write } for pid=1361 comm="syz-executor.2" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 43.155772][ T1362] mmap: syz-executor.2 (1362) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 43.182353][ T1362] binder_alloc: binder_alloc_mmap_handler: 1361 20ffc000-20ffd000 already mapped failed -16 [ 43.306810][ T400] usb 2-1: Using ep0 maxpacket: 8 [ 43.348004][ T1372] EXT4-fs (loop4): Unsupported blocksize for fs encryption [ 43.380033][ T1380] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.2'. [ 43.466822][ T400] usb 2-1: unable to get BOS descriptor or descriptor too short [ 43.511369][ T1385] EXT4-fs (loop4): Unsupported blocksize for fs encryption [ 43.518477][ T392] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 43.526758][ T400] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 43.534237][ T400] usb 2-1: can't read configurations, error -71 [ 43.790112][ T392] usb 4-1: Using ep0 maxpacket: 16 [ 43.907636][ T392] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 43.919782][ T1398] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 43.936743][ T392] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 43.950780][ T1398] EXT4-fs error (device loop0): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 43.956446][ T392] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 43.990885][ T392] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 32 [ 44.000487][ T392] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 44.086894][ T392] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 44.096027][ T392] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 44.103950][ T392] usb 4-1: SerialNumber: syz [ 44.126829][ T1368] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 44.147290][ T392] cdc_acm 4-1:1.0: Control and data interfaces are not separated! [ 44.155804][ T392] cdc_acm: probe of 4-1:1.0 failed with error -12 [ 44.163805][ T1416] EXT4-fs (loop4): Unsupported blocksize for fs encryption [ 44.309071][ T1431] EXT4-fs (loop1): Unsupported blocksize for fs encryption [ 44.354636][ T582] usb 4-1: USB disconnect, device number 4 [ 44.502127][ T1444] EXT4-fs (loop2): Unsupported blocksize for fs encryption [ 44.726751][ T547] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 44.748716][ T1470] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 44.768890][ T1468] EXT4-fs (loop2): orphan cleanup on readonly fs [ 44.775395][ T1468] EXT4-fs error (device loop2): ext4_ext_check_inode:540: inode #4: comm syz-executor.2: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 2048(2048) [ 44.799165][ T1468] EXT4-fs error (device loop2): ext4_quota_enable:6059: comm syz-executor.2: Bad quota inode: 4, type: 1 [ 44.811216][ T1468] EXT4-fs warning (device loop2): ext4_enable_quotas:6100: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 44.816781][ T1481] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.4'. [ 44.828296][ T1468] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 44.843730][ T1468] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 44.859026][ T1476] EXT4-fs (loop1): Unsupported blocksize for fs encryption [ 44.896404][ T1485] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 44.976768][ T547] usb 1-1: Using ep0 maxpacket: 8 [ 45.092870][ T1492] EXT4-fs (loop4): Unsupported blocksize for fs encryption [ 45.136821][ T547] usb 1-1: unable to get BOS descriptor or descriptor too short [ 45.196775][ T547] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 45.204150][ T547] usb 1-1: can't read configurations, error -71 [ 45.219843][ T1500] FAT-fs (loop2): Directory bread(block 64) failed [ 45.226214][ T1500] FAT-fs (loop2): Directory bread(block 65) failed [ 45.232758][ T1500] FAT-fs (loop2): Directory bread(block 66) failed [ 45.239139][ T1500] FAT-fs (loop2): Directory bread(block 67) failed [ 45.245441][ T1500] FAT-fs (loop2): Directory bread(block 68) failed [ 45.251800][ T1500] FAT-fs (loop2): Directory bread(block 69) failed [ 45.258146][ T1500] FAT-fs (loop2): Directory bread(block 70) failed [ 45.264449][ T1500] FAT-fs (loop2): Directory bread(block 71) failed [ 45.270840][ T1500] FAT-fs (loop2): Directory bread(block 72) failed [ 45.277137][ T1500] FAT-fs (loop2): Directory bread(block 73) failed [ 45.347593][ T1511] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 45.486829][ T400] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 45.613610][ T1520] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 45.711256][ T1547] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 45.723243][ T1542] FAT-fs (loop0): Directory bread(block 64) failed [ 45.726732][ T400] usb 4-1: Using ep0 maxpacket: 32 [ 45.737818][ T1542] FAT-fs (loop0): Directory bread(block 65) failed [ 45.747499][ T1542] FAT-fs (loop0): Directory bread(block 66) failed [ 45.754051][ T1542] FAT-fs (loop0): Directory bread(block 67) failed [ 45.761301][ T1542] FAT-fs (loop0): Directory bread(block 68) failed [ 45.767652][ T1542] FAT-fs (loop0): Directory bread(block 69) failed [ 45.774036][ T1542] FAT-fs (loop0): Directory bread(block 70) failed [ 45.780317][ T1542] FAT-fs (loop0): Directory bread(block 71) failed [ 45.786660][ T1542] FAT-fs (loop0): Directory bread(block 72) failed [ 45.793018][ T1542] FAT-fs (loop0): Directory bread(block 73) failed [ 45.827431][ T1554] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 45.856871][ T400] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 45.870204][ T400] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 45.882347][ T400] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 45.891352][ T400] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 45.899931][ T400] usb 4-1: config 0 descriptor?? [ 45.947300][ T400] hub 4-1:0.0: USB hub found [ 46.030487][ T1582] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 46.078995][ T1583] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue [ 46.093101][ T1583] ext4 filesystem being mounted at /root/syzkaller-testdir2670682474/syzkaller.RdjfDx/81/bus supports timestamps until 2038 (0x7fffffff) [ 46.166867][ T400] hub 4-1:0.0: 1 port detected [ 46.210785][ T1591] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 46.338584][ T1605] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 46.347558][ T1605] ext4 filesystem being mounted at /root/syzkaller-testdir1700487652/syzkaller.gp3cO4/34/file0 supports timestamps until 2038 (0x7fffffff) [ 46.363170][ T1596] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 46.562698][ T1611] EXT4-fs error (device loop0) in ext4_do_update_inode:5534: error 27 [ 46.571499][ T1611] EXT4-fs error (device loop0) in ext4_do_update_inode:5534: error 27 [ 46.853536][ T1613] FAT-fs (loop4): Directory bread(block 64) failed [ 46.860048][ T1613] FAT-fs (loop4): Directory bread(block 65) failed [ 46.866406][ T1613] FAT-fs (loop4): Directory bread(block 66) failed [ 46.872712][ T1613] FAT-fs (loop4): Directory bread(block 67) failed [ 46.879066][ T1613] FAT-fs (loop4): Directory bread(block 68) failed [ 46.885369][ T1613] FAT-fs (loop4): Directory bread(block 69) failed [ 46.891746][ T1613] FAT-fs (loop4): Directory bread(block 70) failed [ 46.898104][ T376] hub 4-1:0.0: activate --> -90 [ 46.902765][ T1613] FAT-fs (loop4): Directory bread(block 71) failed [ 46.909116][ T1613] FAT-fs (loop4): Directory bread(block 72) failed [ 46.915394][ T1613] FAT-fs (loop4): Directory bread(block 73) failed [ 47.066962][ T1627] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 47.392194][ T1646] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'. [ 47.438306][ T1644] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 47.448476][ T1644] EXT4-fs (loop4): group descriptors corrupted! [ 47.537267][ T1649] FAT-fs (loop0): Directory bread(block 64) failed [ 47.543655][ T1649] FAT-fs (loop0): Directory bread(block 65) failed [ 47.549989][ T1649] FAT-fs (loop0): Directory bread(block 66) failed [ 47.556281][ T1649] FAT-fs (loop0): Directory bread(block 67) failed [ 47.562785][ T1649] FAT-fs (loop0): Directory bread(block 68) failed [ 47.569496][ T1649] FAT-fs (loop0): Directory bread(block 69) failed [ 47.575969][ T1649] FAT-fs (loop0): Directory bread(block 70) failed [ 47.582296][ T1649] FAT-fs (loop0): Directory bread(block 71) failed [ 47.588827][ T1649] FAT-fs (loop0): Directory bread(block 72) failed [ 47.595179][ T1649] FAT-fs (loop0): Directory bread(block 73) failed [ 47.904879][ T1662] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (18103!=33349) [ 47.914630][ T1662] EXT4-fs (loop1): Unsupported blocksize for fs encryption [ 47.922150][ T392] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 48.040551][ T1667] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 48.049563][ T1667] ext4 filesystem being mounted at /root/syzkaller-testdir1700487652/syzkaller.gp3cO4/41/file0 supports timestamps until 2038 (0x7fffffff) [ 48.122311][ T23] kauditd_printk_skb: 10 callbacks suppressed [ 48.122319][ T23] audit: type=1400 audit(1718990755.920:365): avc: denied { create } for pid=1674 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 48.148270][ T23] audit: type=1400 audit(1718990755.920:366): avc: denied { connect } for pid=1674 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 48.151457][ T5] usb 4-1: USB disconnect, device number 5 [ 48.173726][ T376] hub 4-1:0.0: hub_ext_port_status failed (err = -71) [ 48.186768][ T392] usb 5-1: Using ep0 maxpacket: 8 [ 48.234798][ T1679] EXT4-fs error (device loop0) in ext4_do_update_inode:5534: error 27 [ 48.243981][ T1679] EXT4-fs error (device loop0) in ext4_do_update_inode:5534: error 27 [ 48.376795][ T392] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 48.384882][ T392] usb 5-1: config 179 has no interface number 0 [ 48.391044][ T392] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 48.401890][ T392] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 48.412933][ T392] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 48.447203][ T392] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 48.458941][ T392] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 48.472357][ T392] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 48.481288][ T392] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 48.496773][ T376] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 48.506832][ T1644] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 48.674194][ T1698] binder: 1697:1698 ioctl 400c620e 0 returned -14 [ 48.747720][ T547] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input6 [ 48.811478][ T1707] capability: warning: `syz-executor.1' uses 32-bit capabilities (legacy support in use) [ 48.826381][ T23] audit: type=1400 audit(1718990756.620:367): avc: denied { mounton } for pid=1709 comm="syz-executor.3" path="/root/syzkaller-testdir357792561/syzkaller.5tDCaC/88/file0" dev="sda1" ino=1964 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=sock_file permissive=1 [ 48.896790][ T376] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 48.907797][ T376] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 48.918793][ T376] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 48.931648][ T376] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 48.940518][ T376] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 48.949828][ T376] usb 3-1: config 0 descriptor?? [ 48.966779][ T1677] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 48.973088][ T1724] binder: 1723:1724 ioctl 400c620e 0 returned -14 [ 48.989020][ T1710] loop0: p1 p3 < p5 p6 > [ 49.137211][ T400] usb 5-1: USB disconnect, device number 3 [ 49.156734][ C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 49.266736][ T5] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 49.276765][ T582] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 49.427598][ T376] plantronics 0003:047F:FFFF.0005: unknown main item tag 0xd [ 49.435461][ T376] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 49.444322][ T376] plantronics 0003:047F:FFFF.0005: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 49.506756][ T5] usb 2-1: Using ep0 maxpacket: 32 [ 49.626857][ T5] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 49.637655][ T582] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 49.647557][ T5] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 49.657135][ T582] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 49.667205][ T5] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 49.676032][ T5] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 49.684418][ T5] usb 2-1: config 0 descriptor?? [ 49.699730][ T547] usb 3-1: USB disconnect, device number 4 [ 49.708634][ T1732] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 49.717442][ T1732] ext4 filesystem being mounted at /root/syzkaller-testdir2670682474/syzkaller.RdjfDx/86/file0 supports timestamps until 2038 (0x7fffffff) [ 49.731963][ T5] hub 2-1:0.0: USB hub found [ 49.742288][ T1743] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 49.793566][ T582] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 49.802622][ T582] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 49.810439][ T582] usb 1-1: SerialNumber: syz [ 49.837908][ T1749] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 49.847143][ T1749] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 49.867777][ T1749] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 49.875532][ T1749] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e118, mo2=0002] [ 49.883718][ T1749] System zones: 0-1, 15-15, 18-18, 34-34 [ 49.891617][ T1749] EXT4-fs (loop3): orphan cleanup on readonly fs [ 49.898123][ T1749] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 49.907338][ T1749] EXT4-fs warning (device loop3): ext4_enable_quotas:6100: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 49.931372][ T1754] EXT4-fs error (device loop4) in ext4_do_update_inode:5534: error 27 [ 49.940650][ T1754] EXT4-fs error (device loop4) in ext4_do_update_inode:5534: error 27 [ 49.993548][ T1749] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 50.010151][ T1749] EXT4-fs error (device loop3): ext4_validate_block_bitmap:418: comm syz-executor.3: bg 0: block 40: padding at end of block bitmap is not set [ 50.024811][ T1749] EXT4-fs error (device loop3) in ext4_free_blocks:5019: Corrupt filesystem [ 50.033440][ T5] hub 2-1:0.0: 1 port detected [ 50.038348][ T1749] EXT4-fs (loop3): 1 truncate cleaned up [ 50.043809][ T1749] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv1,nouid32,jqfmt=vfsold,norecovery,block_validity,dioread_lock,,errors=continue [ 50.060103][ T23] audit: type=1400 audit(1718990757.860:368): avc: denied { read } for pid=1748 comm="syz-executor.3" name="file2" dev="loop3" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 50.060149][ T1749] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 50.090702][ T582] usb 1-1: 0:2 : does not exist [ 50.094534][ T1749] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 50.097177][ T582] usb 1-1: USB disconnect, device number 5 [ 50.103570][ T1749] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 50.117720][ T1749] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 50.125494][ T1749] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 50.198737][ T1758] binder: 1757:1758 ioctl 400c620e 0 returned -14 [ 50.361689][ T1762] F2FS-fs (loop3): Found nat_bits in checkpoint [ 50.386402][ T1762] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 50.403580][ T23] audit: type=1400 audit(1718990758.200:369): avc: denied { ioctl } for pid=1761 comm="syz-executor.3" path="/root/syzkaller-testdir357792561/syzkaller.5tDCaC/99/file2/file0" dev="loop3" ino=10 ioctlcmd=0xf50d scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 50.443081][ T1762] attempt to access beyond end of device [ 50.443081][ T1762] loop3: rw=524288, want=86024, limit=40427 [ 50.455164][ T1762] attempt to access beyond end of device [ 50.455164][ T1762] loop3: rw=524288, want=86032, limit=40427 [ 50.466407][ T1762] attempt to access beyond end of device [ 50.466407][ T1762] loop3: rw=524288, want=86040, limit=40427 [ 50.477984][ T1762] attempt to access beyond end of device [ 50.477984][ T1762] loop3: rw=524288, want=86048, limit=40427 [ 50.489246][ T1762] attempt to access beyond end of device [ 50.489246][ T1762] loop3: rw=524288, want=86056, limit=40427 [ 50.500553][ T1762] attempt to access beyond end of device [ 50.500553][ T1762] loop3: rw=524288, want=86064, limit=40427 [ 50.516228][ T1762] attempt to access beyond end of device [ 50.516228][ T1762] loop3: rw=524288, want=86072, limit=40427 [ 50.527634][ T1762] attempt to access beyond end of device [ 50.527634][ T1762] loop3: rw=524288, want=86080, limit=40427 [ 50.539222][ T1762] attempt to access beyond end of device [ 50.539222][ T1762] loop3: rw=524288, want=86088, limit=40427 [ 50.550848][ T1762] attempt to access beyond end of device [ 50.550848][ T1762] loop3: rw=524288, want=86096, limit=40427 [ 50.646429][ T1774] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 50.676837][ T5] hub 2-1:0.0: activate --> -90 [ 50.965869][ T1782] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled [ 50.975161][ T1782] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled [ 50.989422][ T1782] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 50.997359][ T1782] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e118, mo2=0002] [ 51.005693][ T1782] System zones: 0-1, 15-15, 18-18, 34-34 [ 51.012744][ T1793] binder: 1792:1793 ioctl 400c620e 0 returned -14 [ 51.013096][ T1782] EXT4-fs (loop0): orphan cleanup on readonly fs [ 51.025187][ T1782] Quota error (device loop0): v2_read_header: Failed header read: expected=8 got=0 [ 51.034338][ T1782] EXT4-fs warning (device loop0): ext4_enable_quotas:6100: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 51.049479][ T1782] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 51.056272][ T1782] EXT4-fs error (device loop0): ext4_validate_block_bitmap:418: comm syz-executor.0: bg 0: block 40: padding at end of block bitmap is not set [ 51.070820][ T1782] EXT4-fs error (device loop0) in ext4_free_blocks:5019: Corrupt filesystem [ 51.079604][ T1782] EXT4-fs (loop0): 1 truncate cleaned up [ 51.085178][ T1782] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv1,nouid32,jqfmt=vfsold,norecovery,block_validity,dioread_lock,,errors=continue [ 51.088442][ T1799] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 51.110010][ T1799] ext4 filesystem being mounted at /root/syzkaller-testdir357792561/syzkaller.5tDCaC/105/file0 supports timestamps until 2038 (0x7fffffff) [ 51.120556][ T1782] fscrypt (loop0, inode 16): Error -61 getting encryption context [ 51.141451][ T1782] fscrypt (loop0, inode 16): Error -61 getting encryption context [ 51.149500][ T1782] fscrypt (loop0, inode 16): Error -61 getting encryption context [ 51.157428][ T1782] fscrypt (loop0, inode 16): Error -61 getting encryption context [ 51.165247][ T1782] fscrypt (loop0, inode 16): Error -61 getting encryption context [ 51.242418][ T1808] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 51.415411][ T1819] EXT4-fs error (device loop3) in ext4_do_update_inode:5534: error 27 [ 51.424665][ T1819] EXT4-fs error (device loop3) in ext4_do_update_inode:5534: error 27 [ 51.532211][ T1827] binder: 1826:1827 ioctl 400c620e 0 returned -14 [ 51.917261][ T1494] usb 2-1: USB disconnect, device number 4 [ 51.936762][ T5] hub 2-1:0.0: hub_ext_port_status failed (err = -71) [ 52.096221][ T1831] EXT4-fs (loop0): filesystem is read-only [ 52.102505][ T1831] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 52.113322][ T1831] EXT4-fs (loop0): can't mount with journal_checksum, fs mounted w/o journal [ 52.308929][ T1838] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 52.318249][ T1838] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 52.337696][ T1838] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 52.345467][ T1838] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e118, mo2=0002] [ 52.353294][ T1838] System zones: 0-1, 15-15, 18-18, 34-34 [ 52.359377][ T1838] EXT4-fs (loop3): orphan cleanup on readonly fs [ 52.365948][ T1838] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 52.369258][ T1850] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 52.375219][ T1838] EXT4-fs warning (device loop3): ext4_enable_quotas:6100: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 52.384737][ T1841] EXT4-fs (loop2): orphan cleanup on readonly fs [ 52.399027][ T1838] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 52.414796][ T1838] EXT4-fs error (device loop3): ext4_validate_block_bitmap:418: comm syz-executor.3: bg 0: block 40: padding at end of block bitmap is not set [ 52.416164][ T1841] EXT4-fs error (device loop2): ext4_ext_check_inode:540: inode #4: comm syz-executor.2: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 2048(2048) [ 52.449681][ T1838] EXT4-fs error (device loop3) in ext4_free_blocks:5019: Corrupt filesystem [ 52.463430][ T1841] EXT4-fs error (device loop2): ext4_quota_enable:6059: comm syz-executor.2: Bad quota inode: 4, type: 1 [ 52.484938][ T1838] EXT4-fs (loop3): 1 truncate cleaned up [ 52.490441][ T1838] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsv1,nouid32,jqfmt=vfsold,norecovery,block_validity,dioread_lock,,errors=continue [ 52.505660][ T1841] EXT4-fs warning (device loop2): ext4_enable_quotas:6100: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 52.544798][ T1841] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 52.551795][ T1841] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 52.659693][ T1876] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 52.676200][ T1867] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 52.695479][ T1878] EXT4-fs (loop3): filesystem is read-only [ 52.702087][ T1878] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 52.712848][ T23] audit: type=1400 audit(1718990760.500:370): avc: denied { map } for pid=1866 comm="syz-executor.4" path="/root/syzkaller-testdir2670682474/syzkaller.RdjfDx/94/file0/bus" dev="devtmpfs" ino=9193 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 52.737210][ T774] EXT4-fs error (device loop4): ext4_mb_generate_buddy:748: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 52.741502][ T1878] EXT4-fs (loop3): can't mount with journal_checksum, fs mounted w/o journal [ 52.764521][ T23] audit: type=1400 audit(1718990760.510:371): avc: denied { rmdir } for pid=774 comm="syz-executor.4" name="lost+found" dev="loop4" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 52.790483][ T774] EXT4-fs error (device loop4): __ext4_iget:5217: inode #13: block 127754: comm syz-executor.4: invalid block [ 52.802493][ T774] EXT4-fs error (device loop4): __ext4_iget:5217: inode #13: block 127754: comm syz-executor.4: invalid block [ 52.825161][ T1879] ------------[ cut here ]------------ [ 52.830411][ T1879] kernel BUG at fs/buffer.c:3027! [ 52.835444][ T1879] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 52.841298][ T1879] CPU: 0 PID: 1879 Comm: kmmpd-loop4 Not tainted 5.4.274-syzkaller-00002-g6f97bd951d82 #0 2024/06/21 17:26:00 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 52.851014][ T1879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 52.860933][ T1879] RIP: 0010:submit_bh_wbc+0x831/0x850 [ 52.866126][ T1879] Code: 10 80 e1 07 80 c1 03 38 c1 0f 8c 14 fe ff ff 48 8b 7c 24 10 e8 00 8d ea ff e9 05 fe ff ff e8 f6 a7 ba ff 0f 0b e8 ef a7 ba ff <0f> 0b e8 e8 a7 ba ff 0f 0b e8 e1 a7 ba ff 0f 0b e8 da a7 ba ff 0f [ 52.885571][ T1879] RSP: 0018:ffff8881ecf07bf0 EFLAGS: 00010293 [ 52.891466][ T1879] RAX: ffffffff81a99431 RBX: 0000000000000000 RCX: ffff8881ecc3bf00 [ 52.899276][ T1879] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 52.907090][ T1879] RBP: 0000000000003800 R08: ffffffff81a98ca4 R09: ffffed103adcb82b [ 52.914902][ T1879] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 52.922712][ T1879] R13: ffff8881d6e5c150 R14: 0000000000000001 R15: 0000000000000000 [ 52.930525][ T1879] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 52.939291][ T1879] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.945712][ T1879] CR2: 00007faa22128fe0 CR3: 00000001ef56a000 CR4: 00000000003426b0 [ 52.953525][ T1879] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 52.961332][ T1879] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 52.966731][ T1494] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 52.969144][ T1879] Call Trace: [ 52.979654][ T1879] ? __die+0xb4/0x100 [ 52.983464][ T1879] ? die+0x26/0x50 [ 52.987026][ T1879] ? do_trap+0x1e7/0x340 [ 52.991105][ T1879] ? submit_bh_wbc+0x831/0x850 [ 52.995703][ T1879] ? submit_bh_wbc+0x831/0x850 [ 53.000306][ T1879] ? do_invalid_op+0xfb/0x110 [ 53.004816][ T1879] ? submit_bh_wbc+0x831/0x850 [ 53.009420][ T1879] ? invalid_op+0x1e/0x30 [ 53.013583][ T1879] ? submit_bh_wbc+0xa4/0x850 [ 53.018100][ T1879] ? submit_bh_wbc+0x831/0x850 [ 53.022702][ T1879] ? submit_bh_wbc+0x831/0x850 [ 53.027303][ T1879] ? debug_smp_processor_id+0x20/0x20 [ 53.032507][ T1879] ? bit_waitqueue+0x30/0x30 [ 53.036932][ T1879] submit_bh+0x21/0x30 [ 53.040839][ T1879] write_mmp_block+0x3ff/0x5b0 [ 53.045437][ T1879] ? console_conditional_schedule+0x10/0x10 [ 53.051163][ T1879] ? check_preemption_disabled+0x9f/0x320 [ 53.056721][ T1879] ? read_mmp_block+0x8a0/0x8a0 [