last executing test programs: 2.393685589s ago: executing program 4: syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c696f636861727365743d69736f383835392d312c666d61736b3d30303030303030303030303030303030303030303036362c6e6f6e756d7461696c3d302c756e695f786c6174653d302c666d61736b3d30303030303030303030303030303030303030303030332c73686f72746e616d653d6c6f7765722c756e695f786c6174653d302c757466383d312c636865636b3d7374726963742c757466383d302c756e695f786c6174653d312c756e695f786c6174653d302c666c7573682c757466383d302c726f6469722c747a3d5554432c00e696e27e745267d0e7f7d60cf64c4d116172285e0a94b37c3f04b4e454913b1615b6c103a4be033c3f79c81a7a0dc9f3282eb2b984b8df829f11f7b15ceaa2ddb341548691e92d41d923144fa5f6aa8b37c7698e74a04d87cb16f3c338160646d1719f9aa1097cb78032fa4c9c60c14840662537510c0ac9f95a646f5231c0c9eb096b898803099b3050797137354ed2fb2a3dd97ad790f0758b4561eb7180b4b366c9ac840ca3d57727827ab961af0bb24ac6b14796d3bedfa4addb1c2f59217a563ca0a3729d45669905a6f0f3dbf3fd22ab36dfe7cf80913ecb4656ca"], 0x6, 0x2c8, &(0x7f0000002500)="$eJzs3b+LHHUUAPA3d7O74w/YLaxEcEALq5BLa7NBEhCvMmyhFnqYBOR2ERI48AeOqcTOxtK/QBD8H2xt7CwF/wA7IwRGZnbmdtZM9u7k9sTc59PkZb7vzffN7HA3V9y7D15aHN7O4+6Dz3+LLEtiZxrTeJjEJHai9WWsmX4TAMD/2cOyjD/KpZ7lX79+Ql0SEdmWewMAtuOE7/+NdBX+eCFtAQBbdOudd9+6vr9/4+08z+Lm4qujWfWTffXvcv363fgo5nEnrsY4HkXULwqDqN8WqvBmWZZFmlcm8eqiOJpVlYv3f27O/9PzTbAX45jU0fHbRl3/5v6NvXypU19UfTzb7D+t9r8W43jhuHit/lpPfcyG8dornf6vxDh++TA+jnncrptY1X+xl+dvlN/++dl7VXtVfVIczUZ13kq5225eXODnAwAAAAAAAAAAAAAAAAAAAADA0+lKMztnFPX8nupQM39n91H1n0Hkrcn6fJ5lfdKeqDsfqCzLoozv2vk6V/M8L5vEVX0aL6bdwYIAAAAAAAAAAAAAAAAAAABwed3/5NPDg/n8zr1zCdppAGlE/HUr4t+eZ9o58nJsTh41ex7M5ztNuJ6Tdo/EbpuTRGxso7qIc7otJwXPPNZzE3z/Q29VuvbBpdFZyk7edNC/13kG7dN1eJD038PRcc/Z8iGpB0GscoZxyr2GT1oq4yyP37B3aXzmax8+VwfFhpxINjX2+u/LO9ccSf55FcP6rvaWD5qgU76ek53qeY5sWf7414rEtA4AAAAAAAAAAAAAAAAAANiq1W//9iw+2Fi6U4621hYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXKjV3/8/Q1A0xadIHsa9+//xJQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAJ/B0AAP//eWdglQ==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0) ftruncate(r0, 0xde34) open(&(0x7f0000000140)='./bus\x00', 0x143142, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, "ee289f413bb90152f7d6d1ce5ca93c0f7c41499dc28ac63a01000000000000004faa2ad9c084a003ea00", "03bdbcef549ba19704007ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c20c62df7a8d5da5c00000000ff030000fff2ff008900"}) write$cgroup_int(r0, &(0x7f0000000000), 0x12) 1.970550635s ago: executing program 4: syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c696f636861727365743d69736f383835392d312c666d61736b3d30303030303030303030303030303030303030303036362c6e6f6e756d7461696c3d302c756e695f786c6174653d302c666d61736b3d30303030303030303030303030303030303030303030332c73686f72746e616d653d6c6f7765722c756e695f786c6174653d302c757466383d312c636865636b3d7374726963742c757466383d302c756e695f786c6174653d312c756e695f786c6174653d302c666c7573682c757466383d302c726f6469722c747a3d5554432c00e696e27e745267d0e7f7d60cf64c4d116172285e0a94b37c3f04b4e454913b1615b6c103a4be033c3f79c81a7a0dc9f3282eb2b984b8df829f11f7b15ceaa2ddb341548691e92d41d923144fa5f6aa8b37c7698e74a04d87cb16f3c338160646d1719f9aa1097cb78032fa4c9c60c14840662537510c0ac9f95a646f5231c0c9eb096b898803099b3050797137354ed2fb2a3dd97ad790f0758b4561eb7180b4b366c9ac840ca3d57727827ab961af0bb24ac6b14796d3bedfa4addb1c2f59217a563ca0a3729d45669905a6f0f3dbf3fd22ab36dfe7cf80913ecb4656ca"], 0x6, 0x2c8, &(0x7f0000002500)="$eJzs3b+LHHUUAPA3d7O74w/YLaxEcEALq5BLa7NBEhCvMmyhFnqYBOR2ERI48AeOqcTOxtK/QBD8H2xt7CwF/wA7IwRGZnbmdtZM9u7k9sTc59PkZb7vzffN7HA3V9y7D15aHN7O4+6Dz3+LLEtiZxrTeJjEJHai9WWsmX4TAMD/2cOyjD/KpZ7lX79+Ql0SEdmWewMAtuOE7/+NdBX+eCFtAQBbdOudd9+6vr9/4+08z+Lm4qujWfWTffXvcv363fgo5nEnrsY4HkXULwqDqN8WqvBmWZZFmlcm8eqiOJpVlYv3f27O/9PzTbAX45jU0fHbRl3/5v6NvXypU19UfTzb7D+t9r8W43jhuHit/lpPfcyG8dornf6vxDh++TA+jnncrptY1X+xl+dvlN/++dl7VXtVfVIczUZ13kq5225eXODnAwAAAAAAAAAAAAAAAAAAAADA0+lKMztnFPX8nupQM39n91H1n0Hkrcn6fJ5lfdKeqDsfqCzLoozv2vk6V/M8L5vEVX0aL6bdwYIAAAAAAAAAAAAAAAAAAABwed3/5NPDg/n8zr1zCdppAGlE/HUr4t+eZ9o58nJsTh41ex7M5ztNuJ6Tdo/EbpuTRGxso7qIc7otJwXPPNZzE3z/Q29VuvbBpdFZyk7edNC/13kG7dN1eJD038PRcc/Z8iGpB0GscoZxyr2GT1oq4yyP37B3aXzmax8+VwfFhpxINjX2+u/LO9ccSf55FcP6rvaWD5qgU76ek53qeY5sWf7414rEtA4AAAAAAAAAAAAAAAAAANiq1W//9iw+2Fi6U4621hYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXKjV3/8/Q1A0xadIHsa9+//xJQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAJ/B0AAP//eWdglQ==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0) ftruncate(r0, 0xde34) open(&(0x7f0000000140)='./bus\x00', 0x143142, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, "ee289f413bb90152f7d6d1ce5ca93c0f7c41499dc28ac63a01000000000000004faa2ad9c084a003ea00", "03bdbcef549ba19704007ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c20c62df7a8d5da5c00000000ff030000fff2ff008900"}) write$cgroup_int(r0, &(0x7f0000000000), 0x12) 1.93561163s ago: executing program 4: bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x0, 0x1, 0x8}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x90) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000009e8685000000040000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000cbd520850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000040)='percpu_alloc_percpu\x00', r0}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='pids.max\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000500)=0x1200000000, 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000800)={@cgroup=r3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 500.450632ms ago: executing program 2: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)={0x1b, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffff2ad, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x3}, 0x48) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_CREATE_VCPU(r4, 0xae03, 0x36) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0x6, 0x5, 0x3f, 0x800, r0, 0x5e7, '\x00', r1, r4, 0x5, 0x5, 0x3, 0xd}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r5}, 0x0, &(0x7f00000002c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000e40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3576], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sys_enter\x00', r7}, 0x10) r8 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0) r9 = fsmount(r8, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r9, &(0x7f0000000140)='./file0\x00') readlinkat(r9, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f00000002c0)=""/204, 0xcc) getpid() r10 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0) io_setup(0x4, &(0x7f0000000b80)=0x0) io_submit(r11, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r10, 0x0}]) signalfd4(r10, &(0x7f0000000140), 0x8, 0x0) 441.523222ms ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$TUNSETNOCSUM(r2, 0xc0189436, 0x0) 389.43953ms ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x2}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001040)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) getpriority(0x0, 0x0) 371.736772ms ago: executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f00000000c0)={0x28, 0x4}, 0x28) write$FUSE_OPEN(r0, &(0x7f00000002c0)={0x20, 0x0, r1}, 0x20) 367.906763ms ago: executing program 4: bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x0, 0x1, 0x8}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x90) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000009e8685000000040000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000cbd520850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000040)='percpu_alloc_percpu\x00', r0}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000040)='pids.max\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000500)=0x1200000000, 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000800)={@cgroup=r3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 315.420121ms ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000eef000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) close(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(r0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe15, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffff4b, 0x0}}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2}, 0x0, 0x0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r2, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='module_request\x00', r3}, 0x10) socketpair(0x0, 0x0, 0x0, &(0x7f0000000400)) 308.542802ms ago: executing program 4: open(&(0x7f0000000040)='./file0\x00', 0x903c40, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x0) fcntl$getflags(r1, 0x401) 297.567254ms ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) r2 = getpgid(0x0) r3 = gettid() rt_tgsigqueueinfo(r2, r3, 0x0, &(0x7f0000000080)) r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0) syz_usb_control_io$hid(r4, 0x0, &(0x7f0000001a00)={0x2c, &(0x7f0000001800)={0x0, 0x0, 0x6, "2fbdd55766e6"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r4, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) syz_usb_control_io$printer(r4, &(0x7f0000000e40)={0x14, &(0x7f0000000d40)={0x20, 0x7, 0x95, {0x95, 0x22, "4de444160089715f77d773c9a16f15853e8646fd1b78979e897784f960a0ab74a434a062982723bb67a90e756a868cb908d791865f78bd0a851f36d8f07f67ea930898ffd80a7f46f3e44535c4f9ceaed7a6d3f62aa2f54bfbd6ad7701417d4d98be2ef3398321f977285695d4e8d99e47bdab42695c1e0ab7a55d6a521baaf6ad5b4584d0f0263f637e5b8531c84a4a1d06c6"}}, &(0x7f0000000e00)={0x0, 0x3, 0x1d, @string={0x1d, 0x3, "ca4111186974f9d0861046d7ba74bcaa7a06723c4f4d9e8aa5655f"}}}, &(0x7f0000001180)={0x34, &(0x7f0000000e80)={0x40, 0x15, 0xe6, "1953a922703f12c78a4c137b706b9b54c2d887fe1bb57db8f9984a3f838df1780a14a129cc61c7bbe9d3518786aac9870f6b2c6fe8b81db638260fba863d1b509b7ea5f8b2e7809c18376036a9c0b218e5acfb2e77d758f4564ddbdc9c0505c5717061a9c647d5ef6e442d637e0c025d1ea7040521061bab04baf75de2fac496e600807f96f5b3f3364d8d86327ab44e7dd1f3631facd7199b1b469f3951c1d895863d84335c02ff002c288a8b133d0fa6dbfd23ff32e037b7da35b6b6baf3f615d2d3bdec25c959dad1f86a6dd69d78f2d9b794eb00e215c37bcca5214f747e7e58cc752dcd"}, &(0x7f0000000f80)={0x0, 0xa, 0x1, 0xff}, &(0x7f0000000fc0)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000001000)={0x20, 0x0, 0xef, {0xed, "69749db0527aa19a10b95547d3bf699fe71fda82137c9dcdbceab7ea43aa1713c1463f7e30ccb0d25fd798b3a91fb1bb56517f2bb3800206f5e3a8bfde518d650f3be6c910b70c614db1e6d66d1e0e79467238d1dd9472fae10ffd25c88d0da5ae885aadbe07dd7063766d3823411df944bba145bda5b793290fad974f5cbea4d45f2036090b3e3eeb4586a385310d2d6feb5fc2054469bc5ad1385f88709604d57cf9f051c52424bbf23848de729ed7c4e0787b3443695ba1fad04eff0cc93e3c34938660a4e595103373e7975b640d923a78378fe4b5fdaa9f392cdacca26bc3cc9d4f0473edb669ad4af0f4"}}, &(0x7f0000001100)={0x20, 0x1, 0x1, 0xf9}, &(0x7f0000001140)={0x20, 0x0, 0x1, 0xf9}}) fcntl$setlease(0xffffffffffffffff, 0x400, 0x1) r5 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) fstat(r5, &(0x7f0000000cc0)) 249.559231ms ago: executing program 1: bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) read$FUSE(r2, &(0x7f000000b800)={0x2020}, 0x2020) dup2(r2, r3) 242.163382ms ago: executing program 3: mkdir(&(0x7f0000000580)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000400)='./file1/file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r0}, 0x10) setxattr$trusted_overlay_redirect(&(0x7f0000000100)='./file1/file0\x00', &(0x7f0000000240), 0x0, 0x0, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') mount$9p_xen(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0) 212.175497ms ago: executing program 3: syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000400)='./bus\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYRES8=0x0, @ANYRESOCT, @ANYRESHEX], 0x1, 0x375, &(0x7f00000009c0)="$eJzs3c9rI2UYwPEnaZofXbbJQRQF6YNe9DK00bMaZBfEgEt3o+4Kwux2oiFjUmZCJSK2nryqN/8BwWWPCx4W1H+gF2/rxYsne1kQdBF1ZH6lSTpJNtmUpu33A23e5H2fmXkzSXiewLw5ePfLj5p116ibHUnnVVIiIg9FSpKWWCq8yUqCPXnxwh/3n716/cablWr10qbq5cq1l8qqurr2w8efFqJh93KyX3r/4EH5t/0n958++O/ahw1XG6622h019Wb7145507Z0q+E2DdUrtmW6ljZaruWE/e2wv263t7e7ara2Lq5sO5brqtnqatPqaqetHaer5gdmo6WGYejFlaTDPcPyM8TUbm9umpUZd3hrxjjM29+e543pdpyKuSRiFI701G4f63EBAICFNJT/fxPnCCVJ9xLKVFQLZIP2YBng5/9xO8j//WLhMP+/89xPnQtv312N8v972aT8/+VfwviB/N/f+9zz/++G7h/NiE693WkGP1b+j8WwNviO/P2wYo/4+b//buhV9J+/d2c9aJD/AwAAAAAAAAAAAAAAAAAAAABwGjz0vKLnecX4Nv47vIQguh/fG3ehMU6dUec/F60o0Hs94Ey6ev2G5IML9zKrIv5Z36mJ2F/4/4P+eOC6FOWf4PUQCRec2As61VeSH+3dndpyFLAU/K+IqNhiyYYUpTQQH7Qvv1G9tKGhMD7Y/+5OLZVZ8ePr0gjiy1KUJ5Ljy4nxWXnh+b54Q4ry8y1piy1b0edYHP/Zhurrb1WH4gvBuCSvHu8pAQAAAABg7gzVfFQ+lwbr37B+NwzVpH6/lpf++vzo9wO9+no9sT7PFJ/JnOzcAQAAAAA4L9zsJ03Tti3H7Y5sFGTSmFy0tfHbSW5kphnsN+4HjeVxY5b6ZvioW85Gv6AxxcHLdDM1bfvPnCQ+mfESrgNd+cd4Vk07nv+oMe/863nRI/lpT4Hjpqefu+W4a/7x6EDXV9NvJ/7aaNQYuTLbMza6Ea+cO2nwU19/+9dsu0hFq/b2d71yNz9hpkEjNfTI3oQX7YPeeR99PMvJnxbfz/IjMwAAAAAWRJz0F9z4kddO9oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADiH5rpM2ojGSc8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWBT/BwAA//+RaPeS") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='freezer.state\x00', 0x275a, 0x0) ftruncate(0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000b7000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000010000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) fdatasync(r0) 194.70808ms ago: executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}}) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 184.857361ms ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x40, 0x6, 0x8}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x8001, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r0}, 0x48) bpf$MAP_UPDATE_BATCH(0x18, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x3ff, r3}, 0x38) 178.876002ms ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x80, 0x5}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001100)={{r0, 0xffffffffffffffff}, &(0x7f0000001080), &(0x7f00000010c0)='%pK \x00'}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r1, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000020000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='ext4_drop_inode\x00', r3}, 0x10) unlink(&(0x7f0000000140)='./cgroup\x00') 145.624867ms ago: executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x7, 0x1, 0x3}, 0x14}}, 0x0) 139.236239ms ago: executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) splice(r0, 0x0, r2, 0x0, 0x88000cc, 0x0) fcntl$setpipe(r1, 0x407, 0x8900003) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) close(r3) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(r3) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r5}, 0x0, 0x0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r5, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000140)='mm_page_alloc\x00', r6}, 0x10) write$eventfd(r1, &(0x7f0000000000), 0x8) 132.22151ms ago: executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x18) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000100)=@v1={0x0, @adiantum, 0x4, @desc3}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000001240)='.\x00', 0x0, 0x0) r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000280)={'fscrypt:', @desc3}, &(0x7f0000000300)={0x0, "0f5b676b2de6cbc6ea61abc39d0a4fc4b27659a74f7a769bff4c95bd6039eb6742f2f13eed86048c0ea164d2a123cde57f11d04354869533f185505f85c8725b", 0x2c}, 0x48, r2) mkdirat(r1, &(0x7f0000000200)='./bus\x00', 0x0) mkdirat(r1, &(0x7f00000002c0)='./file1\x00', 0x0) mount$overlay(0x20000f7a, &(0x7f0000000500)='./bus\x00', &(0x7f0000000240), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}]}) 126.51101ms ago: executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='ext4_writepages_result\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000006d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000240)='ext4_writepages_result\x00', r2}, 0x10) write$cgroup_type(r3, &(0x7f0000000180), 0x40010) 107.349324ms ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) r1 = open(&(0x7f00000001c0)='.\x00', 0x0, 0x0) mkdirat(r1, &(0x7f00000003c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) 100.585404ms ago: executing program 3: r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = dup(r0) ioctl$TCSETAF(r1, 0x5408, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xe, 0x0, "fffffffffffffff7"}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xff) 87.483957ms ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000009007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) readahead(0xffffffffffffffff, 0x0, 0x0) 63.90737ms ago: executing program 1: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000040)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace$ARCH_SET_GS(0x8, r1, 0x0, 0x1001) 52.646102ms ago: executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f00000000c0)={0x28, 0x4}, 0x28) write$FUSE_OPEN(r0, &(0x7f00000002c0)={0x20, 0x0, r1}, 0x20) 47.820422ms ago: executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000140)={0x0, 0x46, &(0x7f0000000100)={&(0x7f0000000080)={0x3c, r1, 0x205, 0x0, 0x0, {}, [@ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x1}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}]}, @ETHTOOL_A_CHANNELS_OTHER_COUNT={0x8}]}, 0x3c}}, 0x0) 41.553014ms ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x4, 0xf1, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b7040000000000008500000005"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x7, 0xfff, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r3}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc}, 0x48) 27.579626ms ago: executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x2d) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c00000010004b0400f4ed00000000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c0002800800040000000000060006"], 0x4c}}, 0x0) 0s ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f600"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000dc0)={&(0x7f0000000040)='ext4_unlink_enter\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000dc0)={&(0x7f0000000040)='ext4_unlink_enter\x00', r2}, 0x10) unlink(&(0x7f0000000140)='./cgroup\x00') kernel console output (not intermixed with test programs): ): veth0_to_batadv: link becomes ready [ 244.665255][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 244.678088][ T374] device bridge_slave_1 left promiscuous mode [ 244.684008][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.691697][ T374] device bridge_slave_0 left promiscuous mode [ 244.698048][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.706111][ T374] device veth1_macvtap left promiscuous mode [ 244.712497][ T374] device veth0_vlan left promiscuous mode [ 244.790204][ T348] hid-generic 0000:0000:0000.0031: unknown main item tag 0x0 [ 244.798861][ T348] hid-generic 0000:0000:0000.0031: hidraw0: HID v0.00 Device [syz0] on syz0 [ 244.835059][ T28] kauditd_printk_skb: 11071 callbacks suppressed [ 244.835074][ T28] audit: type=1400 audit(2000000154.279:46284): avc: denied { write } for pid=348 comm="kworker/0:4" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=50151 scontext=system_u:system_r:kernel_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 245.184726][ T6717] binder: BINDER_SET_CONTEXT_MGR already set [ 245.191542][ T6717] binder: 6715:6717 ioctl 4018620d 20000040 returned -16 [ 245.201610][ T6717] binder: 6715:6717 ioctl c0306201 200007c0 returned -14 [ 245.255968][ T6713] loop0: detected capacity change from 0 to 40427 [ 245.351288][ T28] audit: type=1400 audit(2000000154.799:46285): avc: denied { append } for pid=6710 comm="syz-executor.0" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 245.509712][ T6726] loop2: detected capacity change from 0 to 1024 [ 245.582235][ T6726] EXT4-fs (loop2): required journal recovery suppressed and not mounted read-only [ 245.727371][ T6731] loop0: detected capacity change from 0 to 512 [ 245.746507][ T6731] EXT4-fs: Ignoring removed mblk_io_submit option [ 245.755155][ T6731] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 245.767329][ T6731] EXT4-fs (loop0): 1 truncate cleaned up [ 245.772821][ T6731] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 245.810599][ T6492] EXT4-fs (loop0): unmounting filesystem. [ 245.902848][ T6739] netlink: 'syz-executor.3': attribute type 12 has an invalid length. [ 245.923732][ T6741] netlink: 'syz-executor.1': attribute type 12 has an invalid length. [ 246.219423][ T6755] netlink: 576 bytes leftover after parsing attributes in process `syz-executor.0'. [ 246.332597][ T6761] syz-executor.1[6761] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 246.332671][ T6761] syz-executor.1[6761] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 246.395076][ T6763] loop4: detected capacity change from 0 to 512 [ 246.419438][ T6763] EXT4-fs: Ignoring removed mblk_io_submit option [ 246.426082][ T6763] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 246.437590][ T6763] EXT4-fs (loop4): 1 truncate cleaned up [ 246.443154][ T6763] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 246.482297][ T5465] EXT4-fs (loop4): unmounting filesystem. [ 246.503865][ T6768] loop3: detected capacity change from 0 to 512 [ 246.522424][ T6768] EXT4-fs: Ignoring removed mblk_io_submit option [ 246.529396][ T6768] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 246.540924][ T6768] EXT4-fs (loop3): 1 truncate cleaned up [ 246.546689][ T6768] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 246.596501][ T6450] EXT4-fs (loop3): unmounting filesystem. [ 246.703661][ T6777] netlink: 'syz-executor.4': attribute type 12 has an invalid length. [ 246.805753][ T6786] device veth1_macvtap left promiscuous mode [ 246.930023][ T6790] xt_SECMARK: invalid security context 'system_u:object_r:devicekit_exec_t:s0' [ 247.017675][ T6795] loop2: detected capacity change from 0 to 1024 [ 247.029735][ T6795] EXT4-fs (loop2): required journal recovery suppressed and not mounted read-only [ 247.487224][ T6821] loop0: detected capacity change from 0 to 1024 [ 247.501511][ T6821] EXT4-fs (loop0): required journal recovery suppressed and not mounted read-only [ 247.870318][ T6835] netlink: 'syz-executor.1': attribute type 12 has an invalid length. [ 248.683653][ T6875] loop2: detected capacity change from 0 to 1024 [ 248.734130][ T6875] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 248.745285][ T6875] EXT4-fs: test_dummy_encryption requires encrypt feature [ 248.793773][ T28] audit: type=1400 audit(2000000158.239:46286): avc: denied { accept } for pid=6873 comm="syz-executor.2" path="socket:[52362]" dev="sockfs" ino=52362 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 248.892171][ T6880] loop1: detected capacity change from 0 to 256 [ 249.042738][ T6889] loop2: detected capacity change from 0 to 1024 [ 249.087562][ T6889] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 249.120342][ T6889] EXT4-fs: test_dummy_encryption requires encrypt feature [ 249.303776][ T6895] device syzkaller0 entered promiscuous mode [ 249.350005][ T6897] loop1: detected capacity change from 0 to 256 [ 249.561299][ T28] audit: type=1400 audit(2000000159.009:46287): avc: denied { create } for pid=6905 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 250.013002][ T6932] loop1: detected capacity change from 0 to 256 [ 250.021009][ T6933] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 250.047970][ T28] audit: type=1400 audit(2000000159.499:46288): avc: denied { create } for pid=6931 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 250.079358][ T6932] FAT-fs (loop1): Directory bread(block 64) failed [ 250.087835][ T6932] FAT-fs (loop1): Directory bread(block 65) failed [ 250.094741][ T6932] FAT-fs (loop1): Directory bread(block 66) failed [ 250.101213][ T6932] FAT-fs (loop1): Directory bread(block 67) failed [ 250.107746][ T6932] FAT-fs (loop1): Directory bread(block 68) failed [ 250.114053][ T6932] FAT-fs (loop1): Directory bread(block 69) failed [ 250.120492][ T6932] FAT-fs (loop1): Directory bread(block 70) failed [ 250.126739][ T6932] FAT-fs (loop1): Directory bread(block 71) failed [ 250.133135][ T6932] FAT-fs (loop1): Directory bread(block 72) failed [ 250.139464][ T6932] FAT-fs (loop1): Directory bread(block 73) failed [ 250.275938][ T6941] loop0: detected capacity change from 0 to 128 [ 250.293941][ T6941] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 250.302587][ T6941] ext4 filesystem being mounted at /root/syzkaller-testdir3768139014/syzkaller.U3FlaZ/35/mnt supports timestamps until 2038 (0x7fffffff) [ 250.322350][ T6492] EXT4-fs (loop0): unmounting filesystem. [ 250.404796][ T6940] overlayfs: './file0' not a directory [ 250.664258][ T28] audit: type=1326 audit(2000000160.109:46289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6961 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1aaac7cee9 code=0x0 [ 250.729886][ T6966] device syzkaller0 entered promiscuous mode [ 250.773439][ T6972] loop0: detected capacity change from 0 to 2048 [ 250.828976][ T6972] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 251.042374][ T6492] EXT4-fs (loop0): unmounting filesystem. [ 251.783873][ T6999] loop4: detected capacity change from 0 to 256 [ 251.805226][ T6999] exfat: Deprecated parameter 'namecase' [ 251.815296][ T6999] exfat: Deprecated parameter 'namecase' [ 251.826914][ T348] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 251.831914][ T6999] exfat: Deprecated parameter 'namecase' [ 251.852775][ T6999] exfat: Deprecated parameter 'utf8' [ 251.873321][ T6999] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d) [ 251.914546][ T28] audit: type=1400 audit(2000000161.359:46290): avc: denied { setattr } for pid=6998 comm="syz-executor.4" name="file1" dev="loop4" ino=1048872 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 252.087068][ T348] usb 3-1: Using ep0 maxpacket: 16 [ 252.243186][ T7010] loop3: detected capacity change from 0 to 2048 [ 252.268351][ T7010] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 252.341410][ T6450] EXT4-fs (loop3): unmounting filesystem. [ 252.377090][ T348] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 252.386591][ T348] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 252.394523][ T348] usb 3-1: Product: syz [ 252.398538][ T348] usb 3-1: Manufacturer: syz [ 252.402928][ T348] usb 3-1: SerialNumber: syz [ 252.407844][ T348] r8152-cfgselector 3-1: config 0 descriptor?? [ 252.630621][ T7032] loop1: detected capacity change from 0 to 256 [ 252.644781][ T7032] exfat: Deprecated parameter 'namecase' [ 252.650491][ T7032] exfat: Deprecated parameter 'namecase' [ 252.656294][ T7032] exfat: Deprecated parameter 'namecase' [ 252.665300][ T7032] exfat: Deprecated parameter 'utf8' [ 252.672471][ T7032] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d) [ 252.887320][ T348] r8152-cfgselector 3-1: Unknown version 0x0000 [ 252.893572][ T348] r8152-cfgselector 3-1: bad CDC descriptors [ 252.920484][ T348] r8152-cfgselector 3-1: Unknown version 0x0000 [ 252.927171][ T348] r8152-cfgselector 3-1: USB disconnect, device number 30 [ 253.231880][ T7058] loop4: detected capacity change from 0 to 512 [ 253.287003][ T7058] EXT4-fs error (device loop4): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor.4: inline data xattr refers to an external xattr inode [ 253.317453][ T7058] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz-executor.4: couldn't read orphan inode 12 (err -117) [ 253.329800][ T7058] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 253.495510][ T5465] EXT4-fs (loop4): unmounting filesystem. [ 253.803662][ T7070] input: syz1 as /devices/virtual/input/input31 [ 254.129702][ T7077] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 254.289876][ T7080] loop4: detected capacity change from 0 to 40427 [ 254.305730][ T7080] F2FS-fs (loop4): invalid crc value [ 254.311920][ T7080] F2FS-fs (loop4): Found nat_bits in checkpoint [ 254.336329][ T28] audit: type=1400 audit(2000000163.779:46291): avc: denied { create } for pid=7083 comm="syz-executor.2" name=E91F7189591E9233614B scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1 [ 254.345682][ T7080] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 254.378279][ T7080] syz-executor.4: attempt to access beyond end of device [ 254.378279][ T7080] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 254.475273][ T5465] syz-executor.4: attempt to access beyond end of device [ 254.475273][ T5465] loop4: rw=2049, sector=45112, nr_sectors = 8 limit=40427 [ 254.503831][ T7095] loop0: detected capacity change from 0 to 256 [ 254.522069][ T7095] exfat: Deprecated parameter 'namecase' [ 254.527653][ T7095] exfat: Deprecated parameter 'namecase' [ 254.533331][ T7095] exfat: Deprecated parameter 'namecase' [ 254.539019][ T7095] exfat: Deprecated parameter 'utf8' [ 254.546443][ T7095] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d) [ 254.931779][ T7118] device syzkaller0 entered promiscuous mode [ 255.027217][ T335] kernel write not supported for file bpf-prog (pid: 335 comm: kworker/1:2) [ 255.200284][ T7130] loop4: detected capacity change from 0 to 1024 [ 255.271300][ T7130] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 255.346977][ T7130] loop4: detected capacity change from 1024 to 64 [ 255.375577][ T28] audit: type=1400 audit(2000000164.819:46292): avc: denied { append } for pid=7129 comm="syz-executor.4" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 255.426232][ T7136] loop1: detected capacity change from 0 to 8192 [ 255.435011][ T5465] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 255.499698][ T5465] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 255.562018][ T5465] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 255.620044][ T5465] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 255.643391][ T7127] loop3: detected capacity change from 0 to 40427 [ 255.650788][ T5465] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 255.665002][ T5465] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 255.678639][ T5465] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 255.697437][ T7127] F2FS-fs (loop3): invalid crc value [ 255.700098][ T5465] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 255.703676][ T7127] F2FS-fs (loop3): Found nat_bits in checkpoint [ 255.716241][ T5465] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 255.735643][ T5465] EXT4-fs warning (device loop4): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.4: error -12 reading directory block [ 255.753233][ T7127] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 255.772143][ T7127] syz-executor.3: attempt to access beyond end of device [ 255.772143][ T7127] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 255.809550][ T5465] EXT4-fs (loop4): unmounting filesystem. [ 255.815682][ T7132] kmmpd-loop4: attempt to access beyond end of device [ 255.815682][ T7132] loop4: rw=14337, sector=128, nr_sectors = 2 limit=64 [ 255.829104][ T7132] Buffer I/O error on dev loop4, logical block 64, lost sync page write [ 255.886778][ T6450] syz-executor.3: attempt to access beyond end of device [ 255.886778][ T6450] loop3: rw=2049, sector=45112, nr_sectors = 8 limit=40427 [ 255.952068][ T28] audit: type=1400 audit(2000000165.399:46293): avc: denied { getopt } for pid=7147 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 256.169151][ T7156] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.176172][ T7156] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.184487][ T7156] device bridge_slave_0 entered promiscuous mode [ 256.196286][ T7156] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.203398][ T7156] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.210554][ T7156] device bridge_slave_1 entered promiscuous mode [ 256.256271][ T7156] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.263131][ T7156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 256.270245][ T7156] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.277015][ T7156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 256.300078][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 256.307606][ T944] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.314773][ T944] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.325449][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 256.326953][ T348] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 256.334027][ T335] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.347510][ T335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 256.357591][ T43] device bridge_slave_1 left promiscuous mode [ 256.363962][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.371752][ T43] device bridge_slave_0 left promiscuous mode [ 256.377964][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.388650][ T43] device veth1_macvtap left promiscuous mode [ 256.512618][ T7171] loop3: detected capacity change from 0 to 8192 [ 256.620186][ T7176] syz-executor.0[7176] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 256.620374][ T7176] syz-executor.0[7176] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 256.708142][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 256.728853][ T335] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.735732][ T335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 256.743450][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 256.746989][ T348] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 256.767068][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 256.768317][ T348] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 256.786359][ T348] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 256.799737][ T348] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 256.799937][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 256.808996][ T348] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.831886][ T7156] device veth0_vlan entered promiscuous mode [ 256.841936][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 256.855052][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 256.863559][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 256.877944][ T348] usb 2-1: invalid MIDI in EP 0 [ 256.890498][ T7179] syz-executor.0[7179] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 256.890689][ T7179] syz-executor.0[7179] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 256.914282][ T7156] device veth1_macvtap entered promiscuous mode [ 256.946695][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 256.955945][ T348] snd-usb-audio: probe of 2-1:27.0 failed with error -22 [ 256.973159][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 256.982299][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 257.147478][ T348] usb 2-1: USB disconnect, device number 30 [ 257.196305][ T7182] loop3: detected capacity change from 0 to 40427 [ 257.209245][ T7182] F2FS-fs (loop3): invalid crc value [ 257.215663][ T7182] F2FS-fs (loop3): Found nat_bits in checkpoint [ 257.248589][ T7182] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 257.269927][ T7182] syz-executor.3: attempt to access beyond end of device [ 257.269927][ T7182] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 257.331587][ T28] audit: type=1326 audit(2000000166.779:46294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7195 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c1aa7cee9 code=0x7ffc0000 [ 257.369578][ T28] audit: type=1326 audit(2000000166.779:46295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7195 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c1aa7cee9 code=0x7ffc0000 [ 257.394934][ T28] audit: type=1326 audit(2000000166.809:46296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7195 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=253 compat=0 ip=0x7f6c1aa7cee9 code=0x7ffc0000 [ 257.419617][ T28] audit: type=1326 audit(2000000166.809:46297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7195 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c1aa7cee9 code=0x7ffc0000 [ 257.444335][ T28] audit: type=1326 audit(2000000166.809:46298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7195 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c1aa7cee9 code=0x7ffc0000 [ 257.491937][ T6450] syz-executor.3: attempt to access beyond end of device [ 257.491937][ T6450] loop3: rw=2049, sector=45112, nr_sectors = 8 limit=40427 [ 257.883497][ T7212] loop4: detected capacity change from 0 to 512 [ 257.901646][ T7212] EXT4-fs (loop4): Test dummy encryption mode enabled [ 257.910670][ T7212] EXT4-fs error (device loop4): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor.4: inline data xattr refers to an external xattr inode [ 257.929496][ T7212] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz-executor.4: couldn't read orphan inode 12 (err -117) [ 257.942146][ T7212] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 257.955725][ T7212] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 258.027326][ T7156] EXT4-fs (loop4): unmounting filesystem. [ 258.657724][ T7241] loop0: detected capacity change from 0 to 8192 [ 258.697334][ T7241] loop0: p1 p2 p3 p4 [ 258.701246][ T7241] loop0: p1 size 108922248 extends beyond EOD, truncated [ 258.709118][ T7241] loop0: p2 start 861536256 is beyond EOD, truncated [ 258.715668][ T7241] loop0: p3 start 851968 is beyond EOD, truncated [ 258.722004][ T7241] loop0: p4 size 65536 extends beyond EOD, truncated [ 258.758538][ T28] audit: type=1400 audit(2000000170.205:46299): avc: denied { write } for pid=7240 comm="syz-executor.0" name="loop0p1" dev="devtmpfs" ino=683 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 258.758982][ C1] operation not supported error, dev loop0, sector 0 op 0x9:(WRITE_ZEROES) flags 0x8000800 phys_seg 0 prio class 2 [ 258.781925][ T28] audit: type=1400 audit(2000000170.205:46300): avc: denied { open } for pid=7240 comm="syz-executor.0" path="/dev/loop0p1" dev="devtmpfs" ino=683 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 259.108729][ T7258] loop1: detected capacity change from 0 to 128 [ 259.126966][ T944] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 259.357167][ T7263] syz-executor.4[7263] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 259.357247][ T7263] syz-executor.4[7263] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 259.369176][ T944] usb 4-1: Using ep0 maxpacket: 16 [ 259.578518][ T7251] loop2: detected capacity change from 0 to 131072 [ 259.598785][ T7251] F2FS-fs (loop2): invalid crc value [ 259.619313][ T7251] F2FS-fs (loop2): Found nat_bits in checkpoint [ 259.662369][ T7251] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 259.756961][ T944] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=ed.ec [ 259.766248][ T944] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.778705][ T944] usb 4-1: Product: syz [ 259.783407][ T944] usb 4-1: Manufacturer: syz [ 259.810506][ T944] usb 4-1: SerialNumber: syz [ 259.825355][ T944] r8152-cfgselector 4-1: config 0 descriptor?? [ 260.096954][ T944] r8152-cfgselector 4-1: Unknown version 0x0000 [ 260.112517][ T7288] loop1: detected capacity change from 0 to 512 [ 260.117047][ T944] r8152-cfgselector 4-1: Unknown version 0x0000 [ 260.125625][ T944] r8152-cfgselector 4-1: USB disconnect, device number 28 [ 260.139752][ T7288] EXT4-fs (loop1): corrupt root inode, run e2fsck [ 260.146494][ T7288] EXT4-fs (loop1): mount failed [ 260.178630][ T7289] Source file dentry negative [ 260.727925][ T7311] Source file dentry negative [ 260.861483][ T7316] Source file dentry negative [ 260.941056][ T7322] Source file dentry negative [ 261.080109][ T7328] loop0: detected capacity change from 0 to 256 [ 261.099818][ T7328] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011a39, chksum : 0xd82bb37b, utbl_chksum : 0xe619d30d) [ 261.199229][ T7333] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 261.738163][ T7357] Source file dentry negative [ 261.994879][ T7365] loop3: detected capacity change from 0 to 256 [ 262.007946][ T7365] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 262.020334][ T7365] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 262.663548][ T7388] Source file dentry negative [ 262.935178][ T7396] af_packet: tpacket_rcv: packet too big, clamped from 64989 to 3952. macoff=96 [ 262.977746][ T7398] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 263.217526][ T28] audit: type=1326 audit(2000000176.673:46301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7406 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03d8a7cee9 code=0x7ffc0000 [ 263.242049][ T28] audit: type=1326 audit(2000000176.673:46302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7406 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03d8a7cee9 code=0x7ffc0000 [ 263.266043][ T28] audit: type=1326 audit(2000000176.673:46303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7406 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f03d8a7cee9 code=0x7ffc0000 [ 263.290511][ T28] audit: type=1326 audit(2000000176.673:46304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7406 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03d8a7cee9 code=0x7ffc0000 [ 263.314523][ T28] audit: type=1326 audit(2000000176.673:46305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7406 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03d8a7cee9 code=0x7ffc0000 [ 263.338773][ T28] audit: type=1326 audit(2000000176.673:46306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7406 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f03d8a7cee9 code=0x7ffc0000 [ 263.363069][ T28] audit: type=1326 audit(2000000176.673:46307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7406 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03d8a7cee9 code=0x7ffc0000 [ 263.387007][ T28] audit: type=1326 audit(2000000176.673:46308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7406 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03d8a7cee9 code=0x7ffc0000 [ 263.411033][ T28] audit: type=1326 audit(2000000176.673:46309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7406 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f03d8a7cee9 code=0x7ffc0000 [ 263.435028][ T28] audit: type=1326 audit(2000000176.673:46310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7406 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03d8a7cee9 code=0x7ffc0000 [ 264.061240][ T7431] serio: Serial port pts0 [ 264.166291][ T7437] loop0: detected capacity change from 0 to 8192 [ 264.189086][ T7440] input: syz0 as /devices/virtual/input/input32 [ 264.275518][ T7437] loop0: detected capacity change from 0 to 512 [ 264.312119][ T7437] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 248: padding at end of block bitmap is not set [ 264.328991][ T7437] EXT4-fs (loop0): 1 truncate cleaned up [ 264.334794][ T7437] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 264.344038][ T7437] ext4 filesystem being mounted at /root/syzkaller-testdir3768139014/syzkaller.U3FlaZ/81/file0 supports timestamps until 2038 (0x7fffffff) [ 264.378144][ T7451] loop2: detected capacity change from 0 to 128 [ 264.397066][ T6492] EXT4-fs (loop0): unmounting filesystem. [ 264.537170][ T316] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 264.776956][ T316] usb 2-1: Using ep0 maxpacket: 16 [ 264.937000][ T316] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 264.947802][ T316] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 264.957957][ T316] usb 2-1: New USB device found, idVendor=054c, idProduct=0374, bcdDevice= 0.00 [ 264.966799][ T316] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.975295][ T316] usb 2-1: config 0 descriptor?? [ 264.986964][ T335] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 265.298854][ T7477] input: syz0 as /devices/virtual/input/input33 [ 265.347069][ T335] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 265.358102][ T335] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 265.367688][ T335] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 265.376559][ T335] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.385100][ T335] usb 1-1: config 0 descriptor?? [ 265.401079][ T7479] serio: Serial port pts0 [ 265.467569][ T316] sony 0003:054C:0374.0032: unknown main item tag 0x5 [ 265.475036][ T316] sony 0003:054C:0374.0032: hiddev96,hidraw0: USB HID v0.00 Device [HID 054c:0374] on usb-dummy_hcd.1-1/input0 [ 265.486630][ T316] sony 0003:054C:0374.0032: failed to claim input [ 265.669345][ T316] usb 2-1: USB disconnect, device number 31 [ 265.949694][ T7487] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 266.076956][ T335] usb 1-1: language id specifier not provided by device, defaulting to English [ 266.362344][ T7498] cgroup: Invalid name [ 266.435543][ T7501] loop1: detected capacity change from 0 to 128 [ 266.797080][ T335] uclogic 0003:256C:006D.0033: v1 frame probing failed: -71 [ 266.804295][ T335] uclogic 0003:256C:006D.0033: failed probing parameters: -71 [ 266.811691][ T335] uclogic: probe of 0003:256C:006D.0033 failed with error -71 [ 266.820071][ T335] usb 1-1: USB disconnect, device number 24 [ 266.928696][ T7512] loop4: detected capacity change from 0 to 256 [ 266.929208][ T7513] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 267.033005][ T7515] loop3: detected capacity change from 0 to 16 [ 267.048663][ T7515] erofs: (device loop3): mounted with root inode @ nid 36. [ 267.435587][ T7526] cgroup: Invalid name [ 267.452005][ T7527] cgroup: Invalid name [ 267.509773][ T7529] loop3: detected capacity change from 0 to 128 [ 267.667872][ T7534] loop1: detected capacity change from 0 to 1024 [ 267.766509][ T7534] loop1: detected capacity change from 0 to 512 [ 267.772915][ T7534] EXT4-fs: Cannot specify journal on remount [ 267.828370][ T7537] loop2: detected capacity change from 0 to 128 [ 267.990054][ T7541] loop1: detected capacity change from 0 to 256 [ 268.072551][ T6679] FAT-fs (loop1): error, corrupted directory (invalid entries) [ 268.080575][ T6679] FAT-fs (loop1): error, corrupted directory (invalid entries) [ 268.177131][ T39] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 268.395834][ T7550] bridge0: port 1(bridge_slave_0) entered blocking state [ 268.407355][ T7550] bridge0: port 1(bridge_slave_0) entered disabled state [ 268.414804][ T7550] device bridge_slave_0 entered promiscuous mode [ 268.423892][ T7550] bridge0: port 2(bridge_slave_1) entered blocking state [ 268.432203][ T7550] bridge0: port 2(bridge_slave_1) entered disabled state [ 268.439933][ T7550] device bridge_slave_1 entered promiscuous mode [ 268.515556][ T7550] bridge0: port 2(bridge_slave_1) entered blocking state [ 268.522526][ T7550] bridge0: port 2(bridge_slave_1) entered forwarding state [ 268.529725][ T7550] bridge0: port 1(bridge_slave_0) entered blocking state [ 268.536652][ T7550] bridge0: port 1(bridge_slave_0) entered forwarding state [ 268.536952][ T39] usb 1-1: config 0 has an invalid interface descriptor of length 3, skipping [ 268.552523][ T39] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 268.562536][ T39] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 268.571379][ T39] usb 1-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00 [ 268.580358][ T39] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.589319][ T39] usb 1-1: config 0 descriptor?? [ 268.603024][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 268.610530][ T944] bridge0: port 1(bridge_slave_0) entered disabled state [ 268.617760][ T944] bridge0: port 2(bridge_slave_1) entered disabled state [ 268.626496][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 268.634738][ T316] bridge0: port 1(bridge_slave_0) entered blocking state [ 268.641773][ T316] bridge0: port 1(bridge_slave_0) entered forwarding state [ 268.653190][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 268.661296][ T316] bridge0: port 2(bridge_slave_1) entered blocking state [ 268.668161][ T316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 268.668372][ T7559] loop2: detected capacity change from 0 to 256 [ 268.682366][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 268.691565][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 268.700181][ T43] device bridge_slave_1 left promiscuous mode [ 268.706363][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 268.714898][ T43] device bridge_slave_0 left promiscuous mode [ 268.722462][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 268.730851][ T43] device veth0_vlan left promiscuous mode [ 268.789861][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 268.799895][ T6562] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 268.802146][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 268.811830][ T6562] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 268.815794][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 268.829833][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 268.841998][ T7550] device veth0_vlan entered promiscuous mode [ 268.857828][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 268.867194][ T7539] loop0: detected capacity change from 0 to 512 [ 268.867643][ T7550] device veth1_macvtap entered promiscuous mode [ 268.880891][ T7539] EXT4-fs (loop0): orphan cleanup on readonly fs [ 268.888787][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 268.889607][ T7539] __quota_error: 5714 callbacks suppressed [ 268.889624][ T7539] Quota error (device loop0): dq_insert_tree: Quota tree root isn't allocated! [ 268.902774][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 268.911273][ T7539] Quota error (device loop0): qtree_write_dquot: Error -5 occurred while creating quota [ 268.911320][ T7539] Quota error (device loop0): dq_insert_tree: Quota tree root isn't allocated! [ 268.937621][ T7539] Quota error (device loop0): qtree_write_dquot: Error -5 occurred while creating quota [ 268.954730][ T7539] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 64: padding at end of block bitmap is not set [ 268.973367][ T7539] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6157: Corrupt filesystem [ 268.982573][ T7539] Quota error (device loop0): dq_insert_tree: Quota tree root isn't allocated! [ 268.991841][ T7539] Quota error (device loop0): qtree_write_dquot: Error -5 occurred while creating quota [ 269.001945][ T7539] EXT4-fs (loop0): 1 orphan inode deleted [ 269.010412][ T7539] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 269.019650][ T7539] EXT4-fs (loop0): unmounting filesystem. [ 269.048996][ T348] usb 1-1: USB disconnect, device number 25 [ 269.259725][ T7569] bridge0: port 1(bridge_slave_0) entered blocking state [ 269.266629][ T7569] bridge0: port 1(bridge_slave_0) entered disabled state [ 269.273923][ T7569] device bridge_slave_0 entered promiscuous mode [ 269.280899][ T7569] bridge0: port 2(bridge_slave_1) entered blocking state [ 269.288200][ T7569] bridge0: port 2(bridge_slave_1) entered disabled state [ 269.295786][ T7569] device bridge_slave_1 entered promiscuous mode [ 269.342664][ T7569] bridge0: port 2(bridge_slave_1) entered blocking state [ 269.349537][ T7569] bridge0: port 2(bridge_slave_1) entered forwarding state [ 269.356675][ T7569] bridge0: port 1(bridge_slave_0) entered blocking state [ 269.363501][ T7569] bridge0: port 1(bridge_slave_0) entered forwarding state [ 269.393654][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 269.401713][ T348] bridge0: port 1(bridge_slave_0) entered disabled state [ 269.409003][ T348] bridge0: port 2(bridge_slave_1) entered disabled state [ 269.428383][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 269.436404][ T348] bridge0: port 1(bridge_slave_0) entered blocking state [ 269.443259][ T348] bridge0: port 1(bridge_slave_0) entered forwarding state [ 269.450985][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 269.460121][ T348] bridge0: port 2(bridge_slave_1) entered blocking state [ 269.466992][ T348] bridge0: port 2(bridge_slave_1) entered forwarding state [ 269.474317][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 269.482166][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 269.496940][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 269.507986][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 269.515711][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 269.523112][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 269.534391][ T7569] device veth0_vlan entered promiscuous mode [ 269.544824][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 269.555147][ T7569] device veth1_macvtap entered promiscuous mode [ 269.570987][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 269.582079][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 269.617979][ T43] device bridge_slave_1 left promiscuous mode [ 269.623933][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 269.631129][ T43] device bridge_slave_0 left promiscuous mode [ 269.637316][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 269.645111][ T43] device veth1_macvtap left promiscuous mode [ 269.651018][ T43] device veth0_vlan left promiscuous mode [ 269.667272][ T7581] loop2: detected capacity change from 0 to 256 [ 269.879328][ T7593] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 269.916358][ T7595] loop0: detected capacity change from 0 to 128 [ 270.156748][ T7599] overlayfs: './file0' not a directory [ 270.295963][ T7610] device wg2 entered promiscuous mode [ 271.098983][ T7636] loop2: detected capacity change from 0 to 128 [ 271.228804][ T7638] loop3: detected capacity change from 0 to 40427 [ 271.248020][ T7638] F2FS-fs (loop3): invalid crc value [ 271.254369][ T7638] F2FS-fs (loop3): Found nat_bits in checkpoint [ 271.279476][ T7638] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 271.710661][ T7662] loop0: detected capacity change from 0 to 40427 [ 271.729238][ T7662] F2FS-fs (loop0): invalid crc value [ 271.736063][ T7662] F2FS-fs (loop0): Found nat_bits in checkpoint [ 271.782216][ T7662] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 272.247000][ T39] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 272.397399][ T7695] loop3: detected capacity change from 0 to 1024 [ 272.456478][ T7695] loop3: detected capacity change from 0 to 512 [ 272.463241][ T7695] EXT4-fs: Cannot specify journal on remount [ 272.606959][ T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 272.620872][ T39] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 272.634323][ T39] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 272.654832][ T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.671018][ T39] usb 3-1: config 0 descriptor?? [ 272.861549][ T7704] loop3: detected capacity change from 0 to 40427 [ 272.876212][ T7704] F2FS-fs (loop3): invalid crc value [ 272.882956][ T7704] F2FS-fs (loop3): Found nat_bits in checkpoint [ 272.920673][ T7704] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 272.997009][ T655] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 273.157819][ T39] plantronics 0003:047F:FFFF.0034: unknown main item tag 0x0 [ 273.165237][ T39] plantronics 0003:047F:FFFF.0034: No inputs registered, leaving [ 273.175218][ T39] plantronics 0003:047F:FFFF.0034: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 273.337033][ T39] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 273.366922][ T655] usb 2-1: config 0 has an invalid interface descriptor of length 3, skipping [ 273.379815][ T655] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 273.389752][ T655] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 273.398536][ T655] usb 2-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00 [ 273.409129][ T655] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.437571][ T655] usb 2-1: config 0 descriptor?? [ 273.549925][ T60] usb 3-1: USB disconnect, device number 31 [ 273.576910][ T39] usb 4-1: Using ep0 maxpacket: 32 [ 273.694426][ T7706] loop1: detected capacity change from 0 to 512 [ 273.701229][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 273.712357][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 273.713632][ T7706] EXT4-fs (loop1): orphan cleanup on readonly fs [ 273.723658][ T39] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 273.730641][ T7706] Quota error (device loop1): dq_insert_tree: Quota tree root isn't allocated! [ 273.738679][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.747958][ T7706] Quota error (device loop1): qtree_write_dquot: Error -5 occurred while creating quota [ 273.759134][ T39] usb 4-1: config 0 descriptor?? [ 273.765516][ T7706] Quota error (device loop1): dq_insert_tree: Quota tree root isn't allocated! [ 273.778511][ T7706] Quota error (device loop1): qtree_write_dquot: Error -5 occurred while creating quota [ 273.788376][ T7712] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 273.788968][ T7706] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 64: padding at end of block bitmap is not set [ 273.810410][ T39] hub 4-1:0.0: USB hub found [ 273.815237][ T7706] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6157: Corrupt filesystem [ 273.824128][ T7706] EXT4-fs (loop1): 1 orphan inode deleted [ 273.830919][ T7706] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 273.840173][ T7706] EXT4-fs (loop1): unmounting filesystem. [ 273.883456][ T655] usb 2-1: USB disconnect, device number 32 [ 274.026947][ T39] hub 4-1:0.0: 2 ports detected [ 274.559700][ T7742] loop0: detected capacity change from 0 to 256 [ 274.577032][ T7742] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 274.773570][ T7749] loop0: detected capacity change from 0 to 512 [ 274.798730][ T7749] EXT4-fs error (device loop0): ext4_orphan_get:1396: inode #15: comm syz-executor.0: casefold flag without casefold feature [ 274.811985][ T7749] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.0: missing EA_INODE flag [ 274.836543][ T7749] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz-executor.0: error while reading EA inode 12 err=-117 [ 274.849675][ T7749] EXT4-fs (loop0): 1 orphan inode deleted [ 274.855324][ T7749] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 274.911010][ T6492] EXT4-fs (loop0): unmounting filesystem. [ 275.105214][ T7753] overlayfs: './file0' not a directory [ 275.379316][ T7760] overlayfs: './file0' not a directory [ 276.007521][ T39] usb 4-1: USB disconnect, device number 29 [ 276.354336][ T7786] loop1: detected capacity change from 0 to 128 [ 276.392273][ T7786] syz-executor.1: attempt to access beyond end of device [ 276.392273][ T7786] loop1: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 276.424151][ T7783] syz-executor.1: attempt to access beyond end of device [ 276.424151][ T7783] loop1: rw=524288, sector=145, nr_sectors = 224 limit=128 [ 276.491451][ T7785] loop0: detected capacity change from 0 to 40427 [ 276.509395][ T7785] F2FS-fs (loop0): Fix alignment : internally, start(4096) end(16896) block(12288) [ 276.785139][ T7805] 9pnet_fd: Insufficient options for proto=fd [ 277.830614][ T7826] loop1: detected capacity change from 0 to 40427 [ 277.847231][ T7826] F2FS-fs (loop1): Found nat_bits in checkpoint [ 277.884009][ T7826] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 277.935303][ T7550] syz-executor.1: attempt to access beyond end of device [ 277.935303][ T7550] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 278.232515][ T7840] loop1: detected capacity change from 0 to 512 [ 278.259037][ T7840] EXT4-fs (loop1): 1 orphan inode deleted [ 278.264745][ T7840] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 278.273637][ T7840] ext4 filesystem being mounted at /root/syzkaller-testdir4254576272/syzkaller.hvzVwG/21/file1 supports timestamps until 2038 (0x7fffffff) [ 278.381334][ T7550] EXT4-fs error (device loop1): ext4_lookup:1859: inode #2: comm syz-executor.1: deleted inode referenced: 16 [ 278.393327][ T7550] EXT4-fs error (device loop1): ext4_lookup:1859: inode #2: comm syz-executor.1: deleted inode referenced: 16 [ 278.438781][ T7550] EXT4-fs (loop1): unmounting filesystem. [ 278.751516][ T7852] bridge0: port 1(bridge_slave_0) entered blocking state [ 278.758548][ T7852] bridge0: port 1(bridge_slave_0) entered disabled state [ 278.765886][ T7852] device bridge_slave_0 entered promiscuous mode [ 278.775144][ T7852] bridge0: port 2(bridge_slave_1) entered blocking state [ 278.782233][ T7852] bridge0: port 2(bridge_slave_1) entered disabled state [ 278.789621][ T7852] device bridge_slave_1 entered promiscuous mode [ 278.846100][ T7852] bridge0: port 2(bridge_slave_1) entered blocking state [ 278.852991][ T7852] bridge0: port 2(bridge_slave_1) entered forwarding state [ 278.860087][ T7852] bridge0: port 1(bridge_slave_0) entered blocking state [ 278.866869][ T7852] bridge0: port 1(bridge_slave_0) entered forwarding state [ 278.896540][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 278.904715][ T316] bridge0: port 1(bridge_slave_0) entered disabled state [ 278.912522][ T316] bridge0: port 2(bridge_slave_1) entered disabled state [ 278.933033][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 278.941340][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 278.948401][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 278.955766][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 278.973880][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 278.980779][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 279.006380][ T43] device bridge_slave_1 left promiscuous mode [ 279.012550][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 279.020066][ T43] device bridge_slave_0 left promiscuous mode [ 279.026143][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 279.038352][ T43] device veth1_macvtap left promiscuous mode [ 279.044331][ T43] device veth0_vlan left promiscuous mode [ 279.224135][ T7852] device veth0_vlan entered promiscuous mode [ 279.231364][ T7865] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 279.243917][ T7873] loop2: detected capacity change from 0 to 512 [ 279.251520][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 279.260026][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 279.268285][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 279.275565][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 279.284041][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 279.292713][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 279.512073][ T7852] device veth1_macvtap entered promiscuous mode [ 279.528414][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 279.534409][ T7873] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz-executor.2: casefold flag without casefold feature [ 279.536745][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 279.550161][ T7873] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.2: missing EA_INODE flag [ 279.558722][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 279.569849][ T7873] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 12 err=-117 [ 279.599425][ T7873] EXT4-fs (loop2): 1 orphan inode deleted [ 279.605079][ T7873] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 279.783330][ T7569] EXT4-fs (loop2): unmounting filesystem. [ 280.116939][ T316] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 280.506992][ T316] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 280.525738][ T316] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 280.535712][ T316] usb 1-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 280.545191][ T316] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.840628][ T316] usb 1-1: config 0 descriptor?? [ 281.056522][ T7911] loop1: detected capacity change from 0 to 40427 [ 281.081067][ T7911] F2FS-fs (loop1): Found nat_bits in checkpoint [ 281.137617][ T7911] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 281.172697][ T7916] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 281.189579][ T7852] syz-executor.1: attempt to access beyond end of device [ 281.189579][ T7852] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 281.209747][ T7916] loop2: detected capacity change from 0 to 512 [ 281.237105][ T7916] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #15: comm syz-executor.2: casefold flag without casefold feature [ 281.264675][ T7916] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz-executor.2: missing EA_INODE flag [ 281.289481][ T7916] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 12 err=-117 [ 281.308984][ T316] magicmouse 0003:05AC:0269.0035: unbalanced delimiter at end of report description [ 281.318408][ T316] magicmouse 0003:05AC:0269.0035: magicmouse hid parse failed [ 281.325699][ T316] magicmouse: probe of 0003:05AC:0269.0035 failed with error -22 [ 281.334585][ T7916] EXT4-fs (loop2): 1 orphan inode deleted [ 281.340206][ T7916] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 281.410535][ T7569] EXT4-fs (loop2): unmounting filesystem. [ 281.509012][ T348] usb 1-1: USB disconnect, device number 26 [ 282.256713][ T7942] loop3: detected capacity change from 0 to 40427 [ 282.271472][ T7942] F2FS-fs (loop3): Found nat_bits in checkpoint [ 282.296829][ T7942] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 282.316095][ T7942] syz-executor.3: attempt to access beyond end of device [ 282.316095][ T7942] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 282.394987][ T6450] syz-executor.3: attempt to access beyond end of device [ 282.394987][ T6450] loop3: rw=2049, sector=45104, nr_sectors = 16 limit=40427 [ 282.422280][ T7953] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 282.556510][ T7956] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 282.646908][ T24] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 282.706893][ T348] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 282.719264][ T7962] input: syz0 as /devices/virtual/input/input35 [ 282.748809][ T7961] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.755765][ T7961] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.763390][ T7961] device bridge_slave_0 entered promiscuous mode [ 282.771042][ T7961] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.777984][ T7961] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.785097][ T7961] device bridge_slave_1 entered promiscuous mode [ 282.834025][ T7961] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.840918][ T7961] bridge0: port 2(bridge_slave_1) entered forwarding state [ 282.847999][ T7961] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.854770][ T7961] bridge0: port 1(bridge_slave_0) entered forwarding state [ 282.876805][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 282.884515][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.893247][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.904866][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 282.913111][ T335] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.920148][ T335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 282.937797][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 282.945828][ T335] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.952702][ T335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 282.960671][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 282.968578][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 282.979056][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 282.990377][ T7961] device veth0_vlan entered promiscuous mode [ 282.997059][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 283.004812][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 283.012310][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 283.019436][ T24] usb 1-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00 [ 283.029066][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.036294][ T7961] device veth1_macvtap entered promiscuous mode [ 283.037939][ T24] usb 1-1: config 0 descriptor?? [ 283.048491][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 283.058051][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 283.068252][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 283.087275][ T24] usb-storage 1-1:0.0: USB Mass Storage device detected [ 283.094804][ T24] usb-storage 1-1:0.0: Quirks match for vid 054c pid 002e: 1 [ 283.136957][ T348] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 283.147978][ T348] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 283.157707][ T348] usb 3-1: New USB device found, idVendor=056a, idProduct=0327, bcdDevice= 0.00 [ 283.166488][ T348] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.174990][ T348] usb 3-1: config 0 descriptor?? [ 283.227349][ T7977] overlayfs: missing 'lowerdir' [ 283.334867][ T7980] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 283.537694][ T60] usb 1-1: USB disconnect, device number 27 [ 283.575546][ T7983] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 283.658315][ T348] wacom 0003:056A:0327.0036: collection stack underflow [ 283.665162][ T348] wacom 0003:056A:0327.0036: item 0 0 0 12 parsing failed [ 283.672253][ T348] wacom 0003:056A:0327.0036: parse failed [ 283.677873][ T348] wacom: probe of 0003:056A:0327.0036 failed with error -22 [ 283.857806][ T43] device bridge_slave_1 left promiscuous mode [ 283.861607][ T60] usb 3-1: USB disconnect, device number 32 [ 283.863892][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.877264][ T43] device bridge_slave_0 left promiscuous mode [ 283.883347][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.891225][ T43] device veth1_macvtap left promiscuous mode [ 283.897194][ T43] device veth0_vlan left promiscuous mode [ 284.223227][ T7994] SELinux: security_context_str_to_sid (…) failed with errno=-22 [ 284.288245][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 284.288279][ T28] audit: type=1326 audit(2000000197.743:52023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7996 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf8687cee9 code=0x7ffc0000 [ 284.318197][ T28] audit: type=1326 audit(2000000197.743:52024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7996 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf8687cee9 code=0x7ffc0000 [ 284.342790][ T28] audit: type=1326 audit(2000000197.743:52025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7996 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbf8687cee9 code=0x7ffc0000 [ 284.366909][ T28] audit: type=1326 audit(2000000197.743:52026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7996 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf8687cee9 code=0x7ffc0000 [ 284.390933][ T28] audit: type=1326 audit(2000000197.743:52027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7996 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf8687cee9 code=0x7ffc0000 [ 284.414778][ T28] audit: type=1326 audit(2000000197.743:52028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7996 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fbf8687cee9 code=0x7ffc0000 [ 284.438735][ T28] audit: type=1326 audit(2000000197.743:52029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7996 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf8687cee9 code=0x7ffc0000 [ 284.462718][ T28] audit: type=1326 audit(2000000197.743:52030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7996 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf8687cee9 code=0x7ffc0000 [ 284.486785][ T28] audit: type=1326 audit(2000000197.743:52031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7996 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=105 compat=0 ip=0x7fbf8687cee9 code=0x7ffc0000 [ 284.511583][ T28] audit: type=1326 audit(2000000197.743:52032): auid=4294967295 uid=3327 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7996 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf8687cee9 code=0x7ffc0000 [ 284.535789][ T862] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 284.659783][ T8002] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 284.786997][ T862] usb 1-1: Using ep0 maxpacket: 8 [ 284.838094][ T8007] input: syz0 as /devices/virtual/input/input36 [ 285.107017][ T862] usb 1-1: New USB device found, idVendor=0421, idProduct=01d0, bcdDevice=98.e6 [ 285.115882][ T862] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 285.123782][ T862] usb 1-1: Product: syz [ 285.127744][ T862] usb 1-1: Manufacturer: syz [ 285.132116][ T862] usb 1-1: SerialNumber: syz [ 285.137397][ T862] usb 1-1: config 0 descriptor?? [ 285.187311][ T862] usb 1-1: bad CDC descriptors [ 285.192093][ T862] cdc_acm 1-1:0.0: Zero length descriptor references [ 285.198831][ T862] cdc_acm: probe of 1-1:0.0 failed with error -22 [ 285.215141][ T8024] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=8024 comm=syz-executor.1 [ 285.376927][ T348] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 285.390039][ T944] usb 1-1: USB disconnect, device number 28 [ 285.616908][ T348] usb 4-1: Using ep0 maxpacket: 32 [ 285.746956][ T348] usb 4-1: config 0 has no interfaces? [ 285.917111][ T348] usb 4-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 285.926006][ T348] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 285.933832][ T348] usb 4-1: Product: syz [ 285.937810][ T348] usb 4-1: Manufacturer: syz [ 285.942301][ T348] usb 4-1: SerialNumber: syz [ 285.947233][ T348] usb 4-1: config 0 descriptor?? [ 286.022911][ T8033] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 286.832837][ T8050] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.839831][ T8050] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.847564][ T8050] device bridge_slave_0 entered promiscuous mode [ 286.854299][ T8050] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.861215][ T8050] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.868339][ T8050] device bridge_slave_1 entered promiscuous mode [ 286.919313][ T8050] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.926412][ T8050] bridge0: port 2(bridge_slave_1) entered forwarding state [ 286.933511][ T8050] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.940612][ T8050] bridge0: port 1(bridge_slave_0) entered forwarding state [ 286.961508][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 286.969386][ T348] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.976599][ T348] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.986036][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 286.994473][ T944] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.001338][ T944] bridge0: port 1(bridge_slave_0) entered forwarding state [ 287.010287][ T8057] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=8057 comm=syz-executor.1 [ 287.024883][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 287.033522][ T316] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.040399][ T316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 287.088969][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 287.098561][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 287.106483][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 287.119786][ T8050] device veth0_vlan entered promiscuous mode [ 287.126406][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 287.134343][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 287.141613][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 287.155138][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 287.164137][ T8050] device veth1_macvtap entered promiscuous mode [ 287.173845][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 287.183829][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 287.193486][ T8059] A link change request failed with some changes committed already. Interface veth1_vlan may have been left with an inconsistent configuration, please check. [ 287.237402][ T43] device bridge_slave_1 left promiscuous mode [ 287.243359][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 287.250809][ T43] device bridge_slave_0 left promiscuous mode [ 287.256945][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 287.264483][ T43] device veth1_macvtap left promiscuous mode [ 287.270522][ T43] device veth0_vlan left promiscuous mode [ 287.280817][ T8061] x_tables: unsorted underflow at hook 3 [ 287.520138][ T8065] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=8065 comm=syz-executor.1 [ 287.626009][ T8067] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 287.899858][ T8073] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=8073 comm=syz-executor.4 [ 288.023341][ T335] usb 4-1: USB disconnect, device number 30 [ 288.980614][ T8111] serio: Serial port pts0 [ 289.510705][ T8126] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 290.287041][ T316] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 290.296929][ T862] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 290.546882][ T316] usb 1-1: Using ep0 maxpacket: 8 [ 290.551797][ T862] usb 4-1: Using ep0 maxpacket: 8 [ 290.565603][ T28] kauditd_printk_skb: 9 callbacks suppressed [ 290.565618][ T28] audit: type=1400 audit(2000000204.013:52042): avc: denied { map } for pid=8145 comm="syz-executor.4" path="socket:[58231]" dev="sockfs" ino=58231 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 290.846978][ T862] usb 4-1: New USB device found, idVendor=0421, idProduct=01d0, bcdDevice=98.e6 [ 290.856218][ T316] usb 1-1: New USB device found, idVendor=0421, idProduct=01d0, bcdDevice=98.e6 [ 290.865062][ T316] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.872846][ T862] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.881089][ T316] usb 1-1: Product: syz [ 290.885074][ T316] usb 1-1: Manufacturer: syz [ 290.889556][ T862] usb 4-1: Product: syz [ 290.893500][ T862] usb 4-1: Manufacturer: syz [ 290.897978][ T316] usb 1-1: SerialNumber: syz [ 290.903192][ T316] usb 1-1: config 0 descriptor?? [ 290.908079][ T862] usb 4-1: SerialNumber: syz [ 290.913159][ T862] usb 4-1: config 0 descriptor?? [ 290.947248][ T316] usb 1-1: bad CDC descriptors [ 290.951991][ T316] cdc_acm 1-1:0.0: Zero length descriptor references [ 290.958791][ T862] usb 4-1: bad CDC descriptors [ 290.963478][ T862] cdc_acm 4-1:0.0: Zero length descriptor references [ 290.969939][ T316] cdc_acm: probe of 1-1:0.0 failed with error -22 [ 290.976554][ T862] cdc_acm: probe of 4-1:0.0 failed with error -22 [ 291.167889][ T316] usb 4-1: USB disconnect, device number 31 [ 291.174207][ T862] usb 1-1: USB disconnect, device number 29 [ 291.305100][ T8162] device pim6reg1 entered promiscuous mode [ 291.426761][ T28] audit: type=1326 audit(2000000204.873:52043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8163 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf8687cee9 code=0x7ffc0000 [ 291.456579][ T28] audit: type=1326 audit(2000000204.903:52044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8163 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbf8687cee9 code=0x7ffc0000 [ 291.484862][ T28] audit: type=1326 audit(2000000204.903:52045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8163 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf8687cee9 code=0x7ffc0000 [ 291.509094][ T28] audit: type=1326 audit(2000000204.903:52046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8163 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbf8687cee9 code=0x7ffc0000 [ 291.533837][ T28] audit: type=1326 audit(2000000204.903:52047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8163 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf8687cee9 code=0x7ffc0000 [ 291.558257][ T28] audit: type=1326 audit(2000000204.903:52048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8163 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbf8687a667 code=0x7ffc0000 [ 291.582665][ T28] audit: type=1326 audit(2000000204.903:52049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8163 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbf86840329 code=0x7ffc0000 [ 291.606885][ T28] audit: type=1326 audit(2000000204.903:52050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8163 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7fbf8687cee9 code=0x7ffc0000 [ 291.631482][ T28] audit: type=1326 audit(2000000204.903:52051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8163 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbf8687a667 code=0x7ffc0000 [ 291.733750][ T8166] syz-executor.1[8166] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 291.733825][ T8166] syz-executor.1[8166] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 291.747289][ T8166] syz-executor.1[8166] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 291.759263][ T8166] syz-executor.1[8166] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 292.078205][ T8182] loop1: detected capacity change from 0 to 512 [ 292.109520][ T8182] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 292.122155][ T8182] EXT4-fs (loop1): 1 truncate cleaned up [ 292.127764][ T8182] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 292.207094][ T7852] EXT4-fs (loop1): unmounting filesystem. [ 292.460740][ T8195] loop0: detected capacity change from 0 to 128 [ 292.482622][ T8195] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 292.491192][ T8195] ext4 filesystem being mounted at /root/syzkaller-testdir3768139014/syzkaller.U3FlaZ/131/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 292.605982][ T6492] EXT4-fs (loop0): unmounting filesystem. [ 293.531326][ T8245] tipc: Failed to remove unknown binding: 66,1,1/0:1792335051/1792335053 [ 293.539743][ T8245] tipc: Failed to remove unknown binding: 66,1,1/0:1792335051/1792335053 [ 294.325078][ T8275] tipc: Failed to remove unknown binding: 66,1,1/0:4156640556/4156640558 [ 294.333580][ T8275] tipc: Failed to remove unknown binding: 66,1,1/0:4156640556/4156640558 [ 294.984924][ T8307] loop3: detected capacity change from 0 to 512 [ 295.030174][ T8307] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 295.038912][ T8307] EXT4-fs (loop3): 1 truncate cleaned up [ 295.044470][ T8307] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 295.139236][ T6450] EXT4-fs (loop3): unmounting filesystem. [ 295.200424][ T8312] loop1: detected capacity change from 0 to 256 [ 295.784612][ T8340] loop0: detected capacity change from 0 to 512 [ 295.803016][ T8340] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 295.812550][ T8340] EXT4-fs (loop0): 1 truncate cleaned up [ 295.818112][ T8340] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 295.919475][ T6492] EXT4-fs (loop0): unmounting filesystem. [ 296.327137][ T8358] loop4: detected capacity change from 0 to 512 [ 296.358530][ T8358] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 296.369850][ T8358] ext4 filesystem being mounted at /root/syzkaller-testdir1209942961/syzkaller.CbtP4e/34/file0 supports timestamps until 2038 (0x7fffffff) [ 296.390403][ T8358] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor.4: bg 0: block 256: padding at end of block bitmap is not set [ 296.405228][ T8358] __quota_error: 3 callbacks suppressed [ 296.405243][ T8358] Quota error (device loop4): write_blk: dquota write failed [ 296.418223][ T8358] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 296.484749][ T8050] EXT4-fs (loop4): unmounting filesystem. [ 296.697381][ T8369] overlayfs: failed to resolve './file0': -2 [ 297.027045][ T8384] loop0: detected capacity change from 0 to 256 [ 297.040824][ T8384] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 297.058003][ T8384] exFAT-fs (loop0): error, exfat_alloc_cluster: invalid used clusters(t:15,u:4294930442) [ 297.058003][ T8384] [ 297.069909][ T8384] exFAT-fs (loop0): Filesystem has been set read-only [ 297.150601][ T8388] loop1: detected capacity change from 0 to 512 [ 297.163087][ T8388] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 297.171856][ T8388] EXT4-fs (loop1): 1 truncate cleaned up [ 297.177632][ T8388] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 297.301096][ T7852] EXT4-fs (loop1): unmounting filesystem. [ 298.178464][ T8420] loop3: detected capacity change from 0 to 40427 [ 298.194667][ T8420] F2FS-fs (loop3): Invalid segment count (0) [ 298.200708][ T8420] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 298.209726][ T8420] F2FS-fs (loop3): invalid crc value [ 298.215982][ T8420] F2FS-fs (loop3): Found nat_bits in checkpoint [ 298.240823][ T8420] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 298.247790][ T8420] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 298.314942][ T6450] syz-executor.3: attempt to access beyond end of device [ 298.314942][ T6450] loop3: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 298.329353][ T6450] syz-executor.3: attempt to access beyond end of device [ 298.329353][ T6450] loop3: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 298.354328][ T10] kworker/u4:1: attempt to access beyond end of device [ 298.354328][ T10] loop3: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 298.601951][ T8430] loop1: detected capacity change from 0 to 40427 [ 298.621124][ T8430] F2FS-fs (loop1): Found nat_bits in checkpoint [ 298.651555][ T8430] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 298.668672][ T8430] syz-executor.1: attempt to access beyond end of device [ 298.668672][ T8430] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 298.740398][ T7852] syz-executor.1: attempt to access beyond end of device [ 298.740398][ T7852] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 298.869289][ T8444] bridge0: port 1(bridge_slave_0) entered blocking state [ 298.883890][ T8444] bridge0: port 1(bridge_slave_0) entered disabled state [ 298.898888][ T8444] device bridge_slave_0 entered promiscuous mode [ 298.912390][ T8444] bridge0: port 2(bridge_slave_1) entered blocking state [ 298.928101][ T8444] bridge0: port 2(bridge_slave_1) entered disabled state [ 298.941385][ T8444] device bridge_slave_1 entered promiscuous mode [ 299.050605][ T8444] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.057511][ T8444] bridge0: port 2(bridge_slave_1) entered forwarding state [ 299.064600][ T8444] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.071468][ T8444] bridge0: port 1(bridge_slave_0) entered forwarding state [ 299.100954][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 299.108899][ T862] bridge0: port 1(bridge_slave_0) entered disabled state [ 299.116030][ T862] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.126081][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 299.146727][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.153595][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 299.168750][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 299.176670][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.183428][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 299.190627][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 299.199005][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 299.215557][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 299.226242][ T8444] device veth0_vlan entered promiscuous mode [ 299.232545][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 299.240346][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 299.247566][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 299.260242][ T8444] device veth1_macvtap entered promiscuous mode [ 299.267032][ T8454] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 299.279499][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 299.294908][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 299.303358][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 300.276275][ T8490] input: syz1 as /devices/virtual/input/input37 [ 300.279487][ T8489] loop4: detected capacity change from 0 to 256 [ 300.301162][ T8489] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000001) [ 300.308997][ T8489] FAT-fs (loop4): Filesystem has been set read-only [ 300.509381][ T8498] device wg2 entered promiscuous mode [ 300.935872][ T28] audit: type=1326 audit(2000000214.383:52055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8520 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c1aa7cee9 code=0x7ffc0000 [ 300.960015][ T28] audit: type=1326 audit(2000000214.383:52056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8520 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c1aa7cee9 code=0x7ffc0000 [ 300.984019][ T28] audit: type=1326 audit(2000000214.383:52057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8520 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6c1aa7cee9 code=0x7ffc0000 [ 301.008438][ T28] audit: type=1326 audit(2000000214.383:52058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8520 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c1aa7cee9 code=0x7ffc0000 [ 301.032681][ T28] audit: type=1326 audit(2000000214.383:52059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8520 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c1aa7cee9 code=0x7ffc0000 [ 301.056581][ T28] audit: type=1326 audit(2000000214.393:52060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8520 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6c1aa7cee9 code=0x7ffc0000 [ 301.080440][ T28] audit: type=1326 audit(2000000214.393:52061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8520 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c1aa7cee9 code=0x7ffc0000 [ 301.104510][ T28] audit: type=1326 audit(2000000214.393:52062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8520 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c1aa7cee9 code=0x7ffc0000 [ 301.460183][ T8532] loop0: detected capacity change from 0 to 512 [ 301.476718][ T8532] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor.0: casefold flag without casefold feature [ 301.490492][ T8532] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 301.500686][ T8532] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 301.513467][ T8535] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 301.535620][ T6492] EXT4-fs (loop0): unmounting filesystem. [ 301.786974][ T60] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 302.053619][ T28] kauditd_printk_skb: 62 callbacks suppressed [ 302.053635][ T28] audit: type=1326 audit(2000000215.503:52125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8550 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f462a27cee9 code=0x7ffc0000 [ 302.084099][ T28] audit: type=1326 audit(2000000215.503:52126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8550 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f462a27cee9 code=0x7ffc0000 [ 302.108350][ T28] audit: type=1326 audit(2000000215.503:52127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8550 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f462a27cee9 code=0x7ffc0000 [ 302.132667][ T28] audit: type=1326 audit(2000000215.503:52128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8550 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f462a27cee9 code=0x7ffc0000 [ 302.258574][ T24] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 302.282266][ T28] audit: type=1326 audit(2000000215.503:52129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8550 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f462a27cee9 code=0x7ffc0000 [ 302.311231][ T28] audit: type=1326 audit(2000000215.503:52130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8550 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f462a27cee9 code=0x7ffc0000 [ 302.335319][ T28] audit: type=1326 audit(2000000215.503:52131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8550 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f462a27cee9 code=0x7ffc0000 [ 302.359610][ T28] audit: type=1326 audit(2000000215.503:52132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8550 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f462a27cee9 code=0x7ffc0000 [ 302.383676][ T28] audit: type=1326 audit(2000000215.503:52133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8550 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f462a27cee9 code=0x7ffc0000 [ 302.408551][ T28] audit: type=1326 audit(2000000215.503:52134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8550 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f462a27cee9 code=0x7ffc0000 [ 302.556910][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 302.577048][ T60] usb 4-1: New USB device found, idVendor=0582, idProduct=0023, bcdDevice=53.24 [ 302.586403][ T60] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.594449][ T60] usb 4-1: Product: syz [ 302.598436][ T60] usb 4-1: Manufacturer: syz [ 302.602839][ T60] usb 4-1: SerialNumber: syz [ 302.607698][ T60] usb 4-1: config 0 descriptor?? [ 302.658086][ T60] snd-usb-audio: probe of 4-1:0.0 failed with error -2 [ 302.675998][ T8563] loop4: detected capacity change from 0 to 512 [ 302.682512][ T24] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 302.691487][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.699911][ T24] usb 1-1: config 0 descriptor?? [ 302.700538][ T8563] EXT4-fs error (device loop4): __ext4_fill_super:5386: inode #2: comm syz-executor.4: casefold flag without casefold feature [ 302.718100][ T8563] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 302.727942][ T8563] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 302.762000][ T8050] EXT4-fs (loop4): unmounting filesystem. [ 302.858472][ T862] usb 4-1: USB disconnect, device number 32 [ 303.397036][ T24] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 303.416933][ T24] asix: probe of 1-1:0.0 failed with error -32 [ 303.766914][ T862] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 304.046933][ T862] usb 4-1: Using ep0 maxpacket: 8 [ 304.196921][ T862] usb 4-1: config 0 has an invalid interface number: 96 but max is 0 [ 304.204904][ T862] usb 4-1: config 0 has no interface number 0 [ 304.210854][ T862] usb 4-1: config 0 interface 96 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 32 [ 304.220430][ T862] usb 4-1: New USB device found, idVendor=0403, idProduct=f06b, bcdDevice=a6.da [ 304.229272][ T862] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.237613][ T862] usb 4-1: config 0 descriptor?? [ 304.257114][ T8589] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 304.277303][ T862] ftdi_sio 4-1:0.96: FTDI USB Serial Device converter detected [ 304.284901][ T862] ftdi_sio ttyUSB0: unknown device type: 0xa6da [ 304.480703][ T24] usb 4-1: USB disconnect, device number 33 [ 304.486811][ T24] ftdi_sio 4-1:0.96: device disconnected [ 304.529500][ T8611] loop1: detected capacity change from 0 to 512 [ 304.542792][ T8611] EXT4-fs: Ignoring removed oldalloc option [ 304.549110][ T8611] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 304.561550][ T8611] EXT4-fs (loop1): 1 truncate cleaned up [ 304.567218][ T8611] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 304.578029][ T8611] EXT4-fs error (device loop1): ext4_lookup:1855: inode #16: comm syz-executor.1: iget: bogus i_mode (0) [ 304.605069][ T7852] EXT4-fs (loop1): unmounting filesystem. [ 305.115016][ T944] usb 1-1: USB disconnect, device number 30 [ 305.226916][ T24] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 305.288189][ T8627] loop0: detected capacity change from 0 to 512 [ 305.306438][ T8627] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor.0: casefold flag without casefold feature [ 305.319631][ T8627] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 305.329462][ T8627] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 305.367026][ T6492] EXT4-fs (loop0): unmounting filesystem. [ 305.445534][ T8630] loop3: detected capacity change from 0 to 40427 [ 305.464367][ T8630] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 305.472044][ T8630] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 305.482382][ T8630] F2FS-fs (loop3): Found nat_bits in checkpoint [ 305.506405][ T8630] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 305.513342][ T8630] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 305.530233][ T8630] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 305.586922][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 305.597791][ T24] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 305.610855][ T24] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 305.619793][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.628372][ T24] usb 2-1: config 0 descriptor?? [ 306.107434][ T24] plantronics 0003:047F:FFFF.0037: unknown main item tag 0x0 [ 306.114888][ T24] plantronics 0003:047F:FFFF.0037: No inputs registered, leaving [ 306.123222][ T24] plantronics 0003:047F:FFFF.0037: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 306.377305][ T862] usb 2-1: USB disconnect, device number 33 [ 306.894499][ T8660] loop4: detected capacity change from 0 to 40427 [ 306.911433][ T8660] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 306.919066][ T8660] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 306.929292][ T8660] F2FS-fs (loop4): Found nat_bits in checkpoint [ 306.954812][ T8660] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 306.961781][ T8660] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 306.978009][ T8660] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 306.996961][ T24] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 307.020636][ T8669] input: syz0 as /devices/virtual/input/input38 [ 307.236913][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 307.328814][ T8678] device veth0_vlan left promiscuous mode [ 307.334700][ T8678] device veth0_vlan entered promiscuous mode [ 307.341575][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 307.349760][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 307.350012][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 307.364343][ T24] usb 1-1: config 0 has an invalid interface number: 96 but max is 0 [ 307.364369][ T24] usb 1-1: config 0 has no interface number 0 [ 307.364397][ T24] usb 1-1: config 0 interface 96 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 32 [ 307.364427][ T24] usb 1-1: New USB device found, idVendor=0403, idProduct=f06b, bcdDevice=a6.da [ 307.397231][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.398148][ T24] usb 1-1: config 0 descriptor?? [ 307.426992][ T8656] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 307.447355][ T24] ftdi_sio 1-1:0.96: FTDI USB Serial Device converter detected [ 307.455025][ T24] ftdi_sio ttyUSB0: unknown device type: 0xa6da [ 307.610747][ T8683] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 307.655848][ T862] usb 1-1: USB disconnect, device number 31 [ 307.661881][ T862] ftdi_sio 1-1:0.96: device disconnected [ 307.842920][ T8687] loop3: detected capacity change from 0 to 128 [ 307.857197][ T8687] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 307.866055][ T8687] ext4 filesystem being mounted at /root/syzkaller-testdir1505430643/syzkaller.dGDOa1/10/mnt supports timestamps until 2038 (0x7fffffff) [ 307.886903][ T24] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 307.895120][ T8687] netlink: 124 bytes leftover after parsing attributes in process `syz-executor.3'. [ 307.904373][ T8687] tipc: Started in network mode [ 307.909011][ T8687] tipc: Node identity aaaaaaaaaa0c, cluster identity 4711 [ 307.916017][ T8687] tipc: Enabled bearer , priority 0 [ 307.926436][ T8444] EXT4-fs (loop3): unmounting filesystem. [ 308.406997][ T24] usb 2-1: New USB device found, idVendor=0582, idProduct=0023, bcdDevice=53.24 [ 308.416114][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.424007][ T24] usb 2-1: Product: syz [ 308.427943][ T24] usb 2-1: Manufacturer: syz [ 308.432336][ T24] usb 2-1: SerialNumber: syz [ 308.437388][ T24] usb 2-1: config 0 descriptor?? [ 308.446684][ T28] kauditd_printk_skb: 183 callbacks suppressed [ 308.446721][ T28] audit: type=1326 audit(2000000221.893:52318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8699 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6c1aa7a667 code=0x7ffc0000 [ 308.476521][ T28] audit: type=1326 audit(2000000221.893:52319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8699 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6c1aa40329 code=0x7ffc0000 [ 308.500622][ T28] audit: type=1326 audit(2000000221.893:52320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8699 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c1aa7cee9 code=0x7ffc0000 [ 308.502872][ T24] snd-usb-audio: probe of 2-1:0.0 failed with error -2 [ 308.525410][ T28] audit: type=1326 audit(2000000221.893:52321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8699 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6c1aa7a667 code=0x7ffc0000 [ 308.555167][ T28] audit: type=1326 audit(2000000221.893:52322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8699 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6c1aa40329 code=0x7ffc0000 [ 308.579205][ T28] audit: type=1326 audit(2000000221.893:52323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8699 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c1aa7cee9 code=0x7ffc0000 [ 308.603450][ T28] audit: type=1326 audit(2000000221.893:52324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8699 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6c1aa7a667 code=0x7ffc0000 [ 308.618782][ T8705] overlayfs: statfs failed on './file0' [ 308.627229][ T28] audit: type=1326 audit(2000000221.893:52325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8699 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6c1aa40329 code=0x7ffc0000 [ 308.657052][ T28] audit: type=1326 audit(2000000221.893:52326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8699 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c1aa7cee9 code=0x7ffc0000 [ 308.681782][ T28] audit: type=1326 audit(2000000221.893:52327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8699 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6c1aa7a667 code=0x7ffc0000 [ 308.713397][ T24] usb 2-1: USB disconnect, device number 34 [ 309.046892][ T60] tipc: Node number set to 10922666 [ 309.340458][ T8714] loop1: detected capacity change from 0 to 512 [ 309.357554][ T8714] EXT4-fs: Ignoring removed oldalloc option [ 309.363988][ T8714] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 309.375138][ T8714] EXT4-fs (loop1): 1 truncate cleaned up [ 309.380666][ T8714] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 309.393679][ T8714] EXT4-fs error (device loop1): ext4_lookup:1855: inode #16: comm syz-executor.1: iget: bogus i_mode (0) [ 309.423234][ T7852] EXT4-fs (loop1): unmounting filesystem. [ 309.810083][ T8732] syz-executor.1[8732] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 309.810132][ T8732] syz-executor.1[8732] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 309.876884][ T39] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 309.944155][ T8732] overlayfs: statfs failed on './file0' [ 310.135849][ T8738] bridge0: port 1(bridge_slave_0) entered blocking state [ 310.142830][ T8738] bridge0: port 1(bridge_slave_0) entered disabled state [ 310.149797][ T39] usb 1-1: Using ep0 maxpacket: 8 [ 310.150241][ T8738] device bridge_slave_0 entered promiscuous mode [ 310.163101][ T8738] bridge0: port 2(bridge_slave_1) entered blocking state [ 310.170055][ T8738] bridge0: port 2(bridge_slave_1) entered disabled state [ 310.177240][ T8738] device bridge_slave_1 entered promiscuous mode [ 310.186191][ T8745] loop3: detected capacity change from 0 to 128 [ 310.210460][ T8745] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 310.218944][ T8745] ext4 filesystem being mounted at /root/syzkaller-testdir1505430643/syzkaller.dGDOa1/24/mnt supports timestamps until 2038 (0x7fffffff) [ 310.258595][ T8745] netlink: 124 bytes leftover after parsing attributes in process `syz-executor.3'. [ 310.267964][ T8745] tipc: Enabling of bearer rejected, already enabled [ 310.281853][ T8444] EXT4-fs (loop3): unmounting filesystem. [ 310.286936][ T39] usb 1-1: config 0 has an invalid interface number: 96 but max is 0 [ 310.295453][ T39] usb 1-1: config 0 has no interface number 0 [ 310.301431][ T39] usb 1-1: config 0 interface 96 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 32 [ 310.311199][ T39] usb 1-1: New USB device found, idVendor=0403, idProduct=f06b, bcdDevice=a6.da [ 310.330041][ T8738] bridge0: port 2(bridge_slave_1) entered blocking state [ 310.336951][ T8738] bridge0: port 2(bridge_slave_1) entered forwarding state [ 310.344125][ T8738] bridge0: port 1(bridge_slave_0) entered blocking state [ 310.350923][ T8738] bridge0: port 1(bridge_slave_0) entered forwarding state [ 310.372563][ T39] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 310.381072][ T39] usb 1-1: config 0 descriptor?? [ 310.393594][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 310.401063][ T862] bridge0: port 1(bridge_slave_0) entered disabled state [ 310.407275][ T8724] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 310.415009][ T862] bridge0: port 2(bridge_slave_1) entered disabled state [ 310.428573][ T39] ftdi_sio 1-1:0.96: FTDI USB Serial Device converter detected [ 310.436270][ T39] ftdi_sio ttyUSB0: unknown device type: 0xa6da [ 310.660277][ T10] device bridge_slave_1 left promiscuous mode [ 310.672056][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 310.680033][ T10] device bridge_slave_0 left promiscuous mode [ 310.686436][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 310.695143][ T316] usb 1-1: USB disconnect, device number 32 [ 310.695160][ T10] device veth1_macvtap left promiscuous mode [ 310.695202][ T10] device veth0_vlan left promiscuous mode [ 310.701327][ T316] ftdi_sio 1-1:0.96: device disconnected [ 310.763236][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 310.771770][ T862] bridge0: port 1(bridge_slave_0) entered blocking state [ 310.778648][ T862] bridge0: port 1(bridge_slave_0) entered forwarding state [ 310.785965][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 310.794021][ T862] bridge0: port 2(bridge_slave_1) entered blocking state [ 310.800892][ T862] bridge0: port 2(bridge_slave_1) entered forwarding state [ 310.812786][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 310.826954][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 310.851726][ T8738] device veth0_vlan entered promiscuous mode [ 310.858864][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 310.867381][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 310.875432][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 310.882718][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 310.894899][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 310.904044][ T8738] device veth1_macvtap entered promiscuous mode [ 310.907091][ T8756] loop4: detected capacity change from 0 to 256 [ 310.916184][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 310.926512][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 310.934729][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 310.949744][ T8756] FAT-fs (loop4): Directory bread(block 64) failed [ 310.957644][ T8756] FAT-fs (loop4): Directory bread(block 65) failed [ 310.964090][ T8756] FAT-fs (loop4): Directory bread(block 66) failed [ 310.970763][ T8756] FAT-fs (loop4): Directory bread(block 67) failed [ 310.977229][ T8756] FAT-fs (loop4): Directory bread(block 68) failed [ 310.983564][ T8756] FAT-fs (loop4): Directory bread(block 69) failed [ 310.989962][ T8756] FAT-fs (loop4): Directory bread(block 70) failed [ 310.996223][ T8756] FAT-fs (loop4): Directory bread(block 71) failed [ 311.002629][ T8756] FAT-fs (loop4): Directory bread(block 72) failed [ 311.009103][ T8756] FAT-fs (loop4): Directory bread(block 73) failed [ 311.048979][ T8756] syz-executor.4: attempt to access beyond end of device [ 311.048979][ T8756] loop4: rw=2049, sector=1800, nr_sectors = 404 limit=256 [ 311.107650][ T8761] loop2: detected capacity change from 0 to 512 [ 311.176527][ T8761] EXT4-fs error (device loop2): ext4_do_update_inode:5212: inode #3: comm syz-executor.2: corrupted inode contents [ 311.188940][ T8761] EXT4-fs (loop2): Remounting filesystem read-only [ 311.195397][ T8761] EXT4-fs error (device loop2): ext4_dirty_inode:6074: inode #3: comm syz-executor.2: mark_inode_dirty error [ 311.207436][ T8761] EXT4-fs error (device loop2): ext4_do_update_inode:5212: inode #3: comm syz-executor.2: corrupted inode contents [ 311.237120][ T8761] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #3: comm syz-executor.2: mark_inode_dirty error [ 311.250950][ T8761] EXT4-fs (loop2): 1 truncate cleaned up [ 311.265846][ T8761] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 311.282816][ T8761] ext4 filesystem being mounted at /root/syzkaller-testdir3189619749/syzkaller.lvAtu3/0/file1 supports timestamps until 2038 (0x7fffffff) [ 311.301077][ T8761] SELinux: Context system_u:object_r:etc_aliases_t:s0 is not valid (left unmapped). [ 311.411713][ T8738] EXT4-fs (loop2): unmounting filesystem. [ 311.592614][ T8780] EXT4-fs (sda1): re-mounted. Quota mode: journalled. [ 311.646080][ T8787] overlayfs: missing 'lowerdir' [ 311.794194][ T8799] syz-executor.4[8799] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 311.794265][ T8799] syz-executor.4[8799] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 311.865252][ T8804] overlayfs: statfs failed on './file0' [ 312.116239][ T8823] input: syz1 as /devices/virtual/input/input39 [ 312.277650][ T8831] loop0: detected capacity change from 0 to 1024 [ 312.286929][ T8831] EXT4-fs: Ignoring removed nomblk_io_submit option [ 312.295577][ T8831] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 312.317552][ T8831] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 312.338081][ T8831] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 312.346310][ T8831] System zones: 0-1, 3-36 [ 312.352057][ T8831] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 312.378405][ T6492] EXT4-fs (loop0): unmounting filesystem. [ 312.839250][ T8829] loop4: detected capacity change from 0 to 40427 [ 312.863527][ T8829] F2FS-fs (loop4): Found nat_bits in checkpoint [ 312.927736][ T8829] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 312.997719][ T8891] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 313.156281][ T8899] loop3: detected capacity change from 0 to 512 [ 313.192404][ T8899] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #3: comm syz-executor.3: corrupted inode contents [ 313.246914][ T8899] EXT4-fs (loop3): Remounting filesystem read-only [ 313.253346][ T8899] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #3: comm syz-executor.3: mark_inode_dirty error [ 313.273840][ T8899] EXT4-fs error (device loop3): ext4_do_update_inode:5212: inode #3: comm syz-executor.3: corrupted inode contents [ 313.286562][ T8899] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #3: comm syz-executor.3: mark_inode_dirty error [ 313.303319][ T8899] EXT4-fs (loop3): 1 truncate cleaned up [ 313.309660][ T8899] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 313.587513][ T8899] ext4 filesystem being mounted at /root/syzkaller-testdir1505430643/syzkaller.dGDOa1/40/file1 supports timestamps until 2038 (0x7fffffff) [ 313.640257][ T8444] EXT4-fs (loop3): unmounting filesystem. [ 313.959202][ T8910] loop0: detected capacity change from 0 to 65536 [ 314.051305][ T8944] printk: syz-executor.4 (8944): Attempt to access syslog with CAP_SYS_ADMIN but no CAP_SYSLOG (deprecated). [ 314.079878][ T8900] loop2: detected capacity change from 0 to 65536 [ 314.133629][ T8949] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 314.198738][ T8961] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 314.234100][ T8965] syz-executor.4[8965] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 314.234164][ T8965] syz-executor.4[8965] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 314.398604][ T8992] syz-executor.2[8992] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 314.460700][ T8992] syz-executor.2[8992] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 314.705579][ T9011] syz-executor.2[9011] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 314.752319][ T9011] syz-executor.2[9011] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 314.760441][ T8989] loop0: detected capacity change from 0 to 65536 [ 314.938543][ T8968] loop1: detected capacity change from 0 to 65536 [ 314.997448][ T9024] loop0: detected capacity change from 0 to 256 [ 315.322871][ T9033] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 315.340684][ T9033] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 315.347745][ T9033] IPv6: NLM_F_CREATE should be set when creating new route [ 315.358215][ T9033] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 315.471099][ T9049] loop4: detected capacity change from 0 to 512 [ 315.504539][ T9049] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 315.519885][ T9049] ext4 filesystem being mounted at /root/syzkaller-testdir1209942961/syzkaller.CbtP4e/84/file1 supports timestamps until 2038 (0x7fffffff) [ 315.535899][ T28] kauditd_printk_skb: 4276 callbacks suppressed [ 315.535914][ T28] audit: type=1400 audit(2000000228.983:56600): avc: denied { setattr } for pid=9045 comm="syz-executor.4" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 315.569351][ T8050] EXT4-fs (loop4): unmounting filesystem. [ 315.623192][ T9064] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 315.637606][ T9064] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 315.644646][ T9064] IPv6: NLM_F_CREATE should be set when creating new route [ 315.652250][ T9064] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 315.666629][ T9067] syz-executor.0[9067] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 315.666723][ T9067] syz-executor.0[9067] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 315.772705][ T9083] loop0: detected capacity change from 0 to 1024 [ 315.791453][ T9083] EXT4-fs: Ignoring removed nomblk_io_submit option [ 315.798800][ T9083] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 315.810253][ T9083] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 315.848322][ T9083] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 315.856383][ T9083] System zones: 0-1, 3-36 [ 315.879825][ T9083] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 315.897981][ T6492] EXT4-fs (loop0): unmounting filesystem. [ 315.902129][ T9090] loop1: detected capacity change from 0 to 256 [ 315.917741][ T9092] loop0: detected capacity change from 0 to 256 [ 315.937036][ T9090] loop1: detected capacity change from 256 to 0 [ 315.945484][ C0] I/O error, dev loop1, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 315.954495][ T9090] FAT-fs (loop1): FAT read failed (blocknr 1) [ 315.960895][ C0] I/O error, dev loop1, sector 12 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 315.969975][ T9090] FAT-fs (loop1): unable to read inode block for updating (i_pos 203) [ 315.970087][ T9092] loop0: detected capacity change from 256 to 0 [ 315.985821][ C1] I/O error, dev loop0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 315.995230][ T9093] FAT-fs (loop0): FAT read failed (blocknr 1) [ 316.001677][ C0] I/O error, dev loop0, sector 12 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 316.010783][ T9093] FAT-fs (loop0): unable to read inode block for updating (i_pos 203) [ 316.214300][ C1] I/O error, dev loop1, sector 12 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 316.223421][ T7852] FAT-fs (loop1): Directory bread(block 3) failed [ 316.242805][ C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 316.251831][ T7852] FAT-fs (loop1): unable to read boot sector to mark fs as dirty [ 316.283575][ C0] I/O error, dev loop0, sector 12 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 316.292711][ T6492] FAT-fs (loop0): Directory bread(block 3) failed [ 316.312621][ C1] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 316.321685][ T6492] FAT-fs (loop0): unable to read boot sector to mark fs as dirty [ 316.375222][ T9096] loop3: detected capacity change from 0 to 256 [ 316.497207][ T9096] loop3: detected capacity change from 256 to 0 [ 316.518333][ C0] I/O error, dev loop3, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 316.527962][ T9100] FAT-fs (loop3): FAT read failed (blocknr 1) [ 316.536529][ C0] I/O error, dev loop3, sector 12 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 316.546005][ T9100] FAT-fs (loop3): unable to read inode block for updating (i_pos 203) [ 316.757086][ T9108] loop4: detected capacity change from 0 to 256 [ 316.803519][ T8444] FAT-fs (loop3): Directory bread(block 3) failed [ 316.818650][ T8444] FAT-fs (loop3): unable to read boot sector to mark fs as dirty [ 316.847061][ T9108] loop4: detected capacity change from 256 to 0 [ 316.853808][ T9108] FAT-fs (loop4): FAT read failed (blocknr 1) [ 316.871040][ T9108] FAT-fs (loop4): unable to read inode block for updating (i_pos 203) [ 316.924910][ T9110] bridge0: port 1(bridge_slave_0) entered blocking state [ 316.932014][ T9110] bridge0: port 1(bridge_slave_0) entered disabled state [ 316.939296][ T9110] device bridge_slave_0 entered promiscuous mode [ 316.955102][ T9110] bridge0: port 2(bridge_slave_1) entered blocking state [ 316.963162][ T9110] bridge0: port 2(bridge_slave_1) entered disabled state [ 316.970526][ T9110] device bridge_slave_1 entered promiscuous mode [ 316.980932][ T9109] bridge0: port 1(bridge_slave_0) entered blocking state [ 316.987907][ T9109] bridge0: port 1(bridge_slave_0) entered disabled state [ 316.995153][ T9109] device bridge_slave_0 entered promiscuous mode [ 317.011187][ T9109] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.018125][ T9109] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.025321][ T9109] device bridge_slave_1 entered promiscuous mode [ 317.078421][ T374] device bridge_slave_1 left promiscuous mode [ 317.084447][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.091736][ T374] device bridge_slave_0 left promiscuous mode [ 317.097799][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.105548][ T374] device bridge_slave_1 left promiscuous mode [ 317.111928][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.119617][ T374] device bridge_slave_0 left promiscuous mode [ 317.122891][ T8050] FAT-fs (loop4): Directory bread(block 3) failed [ 317.125815][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.139668][ T8050] FAT-fs (loop4): unable to read boot sector to mark fs as dirty [ 317.147516][ T374] device veth1_macvtap left promiscuous mode [ 317.153660][ T374] device veth1_macvtap left promiscuous mode [ 317.159496][ T374] device veth0_vlan left promiscuous mode [ 317.541874][ T9124] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.549164][ T9124] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.556592][ T9124] device bridge_slave_0 entered promiscuous mode [ 317.563713][ T9124] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.570822][ T9124] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.578240][ T9124] device bridge_slave_1 entered promiscuous mode [ 317.593447][ T9109] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.600333][ T9109] bridge0: port 2(bridge_slave_1) entered forwarding state [ 317.607429][ T9109] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.614192][ T9109] bridge0: port 1(bridge_slave_0) entered forwarding state [ 317.653230][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 317.661679][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 317.669878][ T335] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.700853][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 317.709671][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 317.718147][ T335] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.724998][ T335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 317.732211][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 317.740267][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 317.767488][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 317.775701][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 317.808687][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 317.817074][ T335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 317.842841][ T9109] device veth0_vlan entered promiscuous mode [ 317.849120][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 317.859545][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 317.867553][ T9139] tmpfs: Unknown parameter 'nolazytime˙˙' [ 317.869082][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 317.880658][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 317.903689][ T9109] device veth1_macvtap entered promiscuous mode [ 317.911994][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 317.919581][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 317.927503][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 317.935594][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 317.947097][ T316] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 317.977925][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 317.986135][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 317.994087][ T862] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.000934][ T862] bridge0: port 1(bridge_slave_0) entered forwarding state [ 318.008619][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 318.016656][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 318.024623][ T862] bridge0: port 2(bridge_slave_1) entered blocking state [ 318.031458][ T862] bridge0: port 2(bridge_slave_1) entered forwarding state [ 318.038630][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 318.046421][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 318.054127][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 318.061935][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 318.069639][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 318.077657][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 318.085693][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 318.093677][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 318.112225][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 318.140930][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 318.149297][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 318.162321][ T9110] device veth0_vlan entered promiscuous mode [ 318.168582][ T9129] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.175445][ T9129] bridge0: port 1(bridge_slave_0) entered disabled state [ 318.182906][ T9129] device bridge_slave_0 entered promiscuous mode [ 318.190996][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 318.198616][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 318.206088][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 318.214086][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 318.227269][ T9129] bridge0: port 2(bridge_slave_1) entered blocking state [ 318.234164][ T9129] bridge0: port 2(bridge_slave_1) entered disabled state [ 318.241780][ T9129] device bridge_slave_1 entered promiscuous mode [ 318.256324][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 318.265973][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 318.273861][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 318.282525][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 318.290562][ T944] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.297403][ T944] bridge0: port 1(bridge_slave_0) entered forwarding state [ 318.304626][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 318.312734][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 318.320812][ T944] bridge0: port 2(bridge_slave_1) entered blocking state [ 318.327658][ T944] bridge0: port 2(bridge_slave_1) entered forwarding state [ 318.344248][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 318.351996][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 318.380141][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 318.388380][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 318.396101][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 318.403586][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 318.410795][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 318.419733][ T9124] device veth0_vlan entered promiscuous mode [ 318.432431][ T9110] device veth1_macvtap entered promiscuous mode [ 318.438960][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 318.447113][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 318.455028][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 318.488737][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 318.503011][ T9124] device veth1_macvtap entered promiscuous mode [ 318.510153][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 318.518719][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 318.526808][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 318.534872][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 318.561442][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 318.573405][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 318.605383][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 318.621248][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 318.623440][ T9161] loop0: detected capacity change from 0 to 4096 [ 318.629583][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.642116][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 318.654338][ T9161] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 318.657863][ T9167] loop3: detected capacity change from 0 to 512 [ 318.671985][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 318.680079][ T28] audit: type=1400 audit(2134217960.133:56601): avc: denied { ioctl } for pid=9160 comm="syz-executor.0" path="/root/syzkaller-testdir3032561893/syzkaller.cihUlS/0/file0/file0/file0" dev="loop0" ino=13 ioctlcmd=0x6685 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 318.680165][ T9161] fs-verity: sha512 using implementation "sha512-avx2" [ 318.718923][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 318.721029][ T9161] fs-verity (loop0, inode 13): Error -27 writing Merkle tree block 8709239245 [ 318.727204][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 318.735570][ T9161] fs-verity (loop0, inode 13): Error -27 building Merkle tree [ 318.742275][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 318.742719][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 318.763649][ T9167] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 318.773243][ T9167] ext4 filesystem being mounted at /root/syzkaller-testdir3491488362/syzkaller.U7qaOb/1/file0 supports timestamps until 2038 (0x7fffffff) [ 318.796913][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 318.805054][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 318.820185][ T9124] EXT4-fs (loop3): unmounting filesystem. [ 318.825383][ T9129] device veth0_vlan entered promiscuous mode [ 318.835513][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 318.846194][ T9110] EXT4-fs (loop0): unmounting filesystem. [ 318.854061][ T9171] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Dropping request. Check SNMP counters. [ 318.857398][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 318.873397][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 318.883042][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 318.891189][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 318.898575][ T862] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 318.906493][ T374] device bridge_slave_1 left promiscuous mode [ 318.912627][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 318.925882][ T374] device bridge_slave_0 left promiscuous mode [ 318.935501][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 318.943273][ T374] device veth1_macvtap left promiscuous mode [ 318.949492][ T374] device veth0_vlan left promiscuous mode [ 319.035488][ T9129] device veth1_macvtap entered promiscuous mode [ 319.042546][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 319.050727][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 319.058736][ T944] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 319.082816][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 319.092374][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 319.097982][ T9197] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Dropping request. Check SNMP counters. [ 319.121023][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 319.130819][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 319.163609][ T9203] loop3: detected capacity change from 0 to 1024 [ 319.170389][ T9203] EXT4-fs: Ignoring removed orlov option [ 319.175890][ T9203] EXT4-fs: Ignoring removed nomblk_io_submit option [ 319.189299][ T9203] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 319.210070][ T28] audit: type=1400 audit(2134217960.663:56602): avc: denied { map } for pid=9202 comm="syz-executor.3" path="/root/syzkaller-testdir3491488362/syzkaller.U7qaOb/8/file1/file0/bus" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 319.234504][ T9203] EXT4-fs error (device loop3): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.3: corrupt xattr in inline inode [ 319.253071][ T9203] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.3: corrupted in-inode xattr [ 319.282479][ T9124] EXT4-fs (loop3): unmounting filesystem. [ 319.298276][ T9219] overlayfs: invalid redirect ((null)) [ 319.367666][ T9225] overlayfs: statfs failed on './file0' [ 319.404199][ T9237] loop3: detected capacity change from 0 to 128 [ 319.431894][ T9241] loop2: detected capacity change from 0 to 1024 [ 319.438878][ T9241] EXT4-fs: Ignoring removed orlov option [ 319.444438][ T9241] EXT4-fs: Ignoring removed nomblk_io_submit option [ 319.459249][ T9241] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 319.482993][ T9241] EXT4-fs error (device loop2): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.2: corrupt xattr in inline inode [ 319.499437][ T9241] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.2: corrupted in-inode xattr [ 319.520200][ T9256] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 319.531962][ T8738] ================================================================== [ 319.540195][ T8738] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 319.548010][ T8738] Read of size 4 at addr ffff8881339c4000 by task syz-executor.2/8738 [ 319.555990][ T8738] [ 319.558159][ T8738] CPU: 0 PID: 8738 Comm: syz-executor.2 Not tainted 6.1.78-syzkaller-00133-g74c507aab139 #0 [ 319.568053][ T8738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 319.577959][ T8738] Call Trace: [ 319.581071][ T8738] [ 319.583852][ T8738] dump_stack_lvl+0x151/0x1b7 [ 319.588363][ T8738] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 319.593660][ T8738] ? _printk+0xd1/0x111 [ 319.597650][ T8738] ? __virt_addr_valid+0x242/0x2f0 [ 319.602596][ T8738] print_report+0x158/0x4e0 [ 319.606934][ T8738] ? __virt_addr_valid+0x242/0x2f0 [ 319.611884][ T8738] ? kasan_addr_to_slab+0xd/0x80 [ 319.616659][ T8738] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 319.622123][ T8738] kasan_report+0x13c/0x170 [ 319.626464][ T8738] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 319.631934][ T8738] __asan_report_load4_noabort+0x14/0x20 [ 319.637407][ T8738] ext4_xattr_delete_inode+0xcd0/0xce0 [ 319.642697][ T8738] ? sb_end_intwrite+0x130/0x130 [ 319.647467][ T8738] ? ext4_expand_extra_isize_ea+0x1c40/0x1c40 [ 319.653373][ T8738] ? __kasan_check_read+0x11/0x20 [ 319.658230][ T8738] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 319.663957][ T8738] ? ext4_evict_inode+0xbc2/0x1550 [ 319.668909][ T8738] ext4_evict_inode+0xef9/0x1550 [ 319.673679][ T8738] ? _raw_spin_unlock+0x4c/0x70 [ 319.678372][ T8738] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 319.684098][ T8738] ? _raw_spin_unlock+0x4c/0x70 [ 319.688899][ T8738] ? inode_io_list_del+0x18b/0x1a0 [ 319.693829][ T8738] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 319.699561][ T8738] evict+0x2a3/0x630 [ 319.703295][ T8738] iput+0x642/0x870 [ 319.706938][ T8738] vfs_rmdir+0x3c2/0x500 [ 319.711015][ T8738] do_rmdir+0x3ab/0x630 [ 319.715007][ T8738] ? d_delete_notify+0x160/0x160 [ 319.719806][ T8738] __x64_sys_unlinkat+0xdf/0xf0 [ 319.724468][ T8738] do_syscall_64+0x3d/0xb0 [ 319.728723][ T8738] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 319.734448][ T8738] RIP: 0033:0x7f782b87c6c7 [ 319.738705][ T8738] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 319.758143][ T8738] RSP: 002b:00007ffe727d7f78 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 319.766387][ T8738] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f782b87c6c7 [ 319.774198][ T8738] RDX: 0000000000000200 RSI: 00007ffe727d9120 RDI: 00000000ffffff9c [ 319.782009][ T8738] RBP: 00007f782b8c8336 R08: 0000000000000000 R09: 0000000000000000 [ 319.789821][ T8738] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffe727d9120 [ 319.797632][ T8738] R13: 00007f782b8c8336 R14: 000000000004dfb0 R15: 0000000000000009 [ 319.805448][ T8738] [ 319.808307][ T8738] [ 319.810476][ T8738] The buggy address belongs to the physical page: [ 319.816739][ T8738] page:ffffea0004ce7100 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x1 pfn:0x1339c4 [ 319.827056][ T8738] flags: 0x4000000000000000(zone=1) [ 319.832093][ T8738] raw: 4000000000000000 ffffea0004c85188 ffffea0004e8eb88 0000000000000000 [ 319.840515][ T8738] raw: 0000000000000001 0000000000000001 00000000ffffff7f 0000000000000000 [ 319.848931][ T8738] page dumped because: kasan: bad access detected [ 319.855187][ T8738] page_owner tracks the page as freed [ 319.860385][ T8738] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 8989, tgid 8988 (syz-executor.0), ts 314694428395, free_ts 314866231534 [ 319.878270][ T8738] post_alloc_hook+0x213/0x220 [ 319.882861][ T8738] prep_new_page+0x1b/0x110 [ 319.887202][ T8738] get_page_from_freelist+0x27ea/0x2870 [ 319.892584][ T8738] __alloc_pages+0x3a1/0x780 [ 319.897020][ T8738] __folio_alloc+0x15/0x40 [ 319.901267][ T8738] shmem_alloc_and_acct_folio+0x78c/0xa50 [ 319.906818][ T8738] shmem_get_folio_gfp+0x12d4/0x24b0 [ 319.911937][ T8738] shmem_write_begin+0x164/0x3a0 [ 319.916712][ T8738] generic_perform_write+0x2f9/0x5c0 [ 319.921831][ T8738] __generic_file_write_iter+0x174/0x3a0 [ 319.927300][ T8738] generic_file_write_iter+0xb1/0x310 [ 319.932508][ T8738] vfs_write+0x902/0xeb0 [ 319.936586][ T8738] ksys_write+0x199/0x2c0 [ 319.940762][ T8738] __x64_sys_write+0x7b/0x90 [ 319.945181][ T8738] do_syscall_64+0x3d/0xb0 [ 319.949432][ T8738] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 319.955162][ T8738] page last free stack trace: [ 319.959675][ T8738] free_unref_page_prepare+0x83d/0x850 [ 319.964967][ T8738] free_unref_page_list+0xf1/0x7b0 [ 319.969920][ T8738] release_pages+0xf7f/0xfe0 [ 319.974342][ T8738] __pagevec_release+0x84/0x100 [ 319.979033][ T8738] shmem_undo_range+0x5fc/0x1660 [ 319.983801][ T8738] shmem_evict_inode+0x25f/0xa30 [ 319.988577][ T8738] evict+0x2a3/0x630 [ 319.992307][ T8738] iput+0x642/0x870 [ 319.995954][ T8738] dentry_unlink_inode+0x34f/0x440 [ 320.000905][ T8738] __dentry_kill+0x447/0x650 [ 320.005331][ T8738] dentry_kill+0xc0/0x2a0 [ 320.009494][ T8738] dput+0x40/0x80 [ 320.013050][ T8738] __fput+0x5f0/0x870 [ 320.016872][ T8738] ____fput+0x15/0x20 [ 320.020689][ T8738] task_work_run+0x24d/0x2e0 [ 320.025114][ T8738] exit_to_user_mode_loop+0x94/0xa0 [ 320.030152][ T8738] [ 320.032318][ T8738] Memory state around the buggy address: [ 320.037793][ T8738] ffff8881339c3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 320.045693][ T8738] ffff8881339c3f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 320.053592][ T8738] >ffff8881339c4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 320.061553][ T8738] ^ [ 320.065393][ T8738] ffff8881339c4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 320.073303][ T8738] ffff8881339c4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 2037/08/18 14:19:21 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 320.081443][ T8738] ================================================================== [ 320.116956][ T8738] Disabling lock debugging due to kernel taint