last executing test programs: 4.495140148s ago: executing program 0 (id=731): prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x5, &(0x7f0000000140)={0x1, &(0x7f00000000c0)=[{0x6}]}) 3.041673525s ago: executing program 0 (id=756): r0 = creat(&(0x7f00000001c0)='./bus\x00', 0x0) close(r0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$UHID_CREATE(r1, &(0x7f0000002a00)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f00000000c0)=""/43, 0x2b}}, 0x120) readv(r1, &(0x7f0000000580)=[{&(0x7f0000000700)=""/163, 0xa3}], 0x1) write$UHID_DESTROY(r1, &(0x7f0000000080), 0x4) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) getsockname(r0, &(0x7f0000000000)=@in={0x2, 0x0, @remote}, &(0x7f0000000080)=0x80) r2 = epoll_create(0xff) mount$9p_fd(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 3.020630198s ago: executing program 2 (id=758): prctl$PR_GET_SPECULATION_CTRL(0x35, 0x0, 0x8) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) 2.989157743s ago: executing program 2 (id=759): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x20000003, 0x0) 2.969524956s ago: executing program 2 (id=762): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 2.756564529s ago: executing program 2 (id=767): prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x5, &(0x7f0000000140)={0x1, &(0x7f00000000c0)=[{0x6}]}) 2.053121599s ago: executing program 0 (id=779): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x8}]}}}]}, 0x3c}}, 0x0) 1.98398389s ago: executing program 0 (id=784): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000001080), 0x1, 0x4e2, &(0x7f0000000b80)="$eJzs3c9vG1kdAPDvTOImm81usrASPwRsWRYKqmon7m602tNyAaHVSogVJw7ZkLhRFDuOYmdpQiXS/wGJSpzgT+CAxAGpJ+7c4MalHJAKVKAGiYPRjCdpSOMkbRMb7M9HGs28eeP5vldr3nO/SfwCGFlXI2IvIq5ExMcRMVOcT4ot3u9u2XWPH91Z3n90ZzmJTuejvyV5fXYujrwm83Jxz8mI+N63I36YPB23tbO7vlSv17aKcqXd2Ky0dnZvrDWWVmurtY1qdWF+Ye7dm+9UL6yvbzR+9fBbax98/7e/+eKD3+9948dZs6aLuqP9uEjdrpcO42TGI+KDywg2AGNFf64MuiE8lzQiPhURb+bP/0yM5e/m+ZzwWAMA/wc6nZnozBwtAwDDLs1zYElaLnIB05Gm5XI3h/d6TKX1Zqt9/VZze2OlmyubjVJ6a61emytyhbNRSrLyfH78pFw9Vr4ZEa9FxE8nXsrL5eXz5xkAgIv18rH5/58T3fkfABhyk2ddsNifdgAA/XPm/A8ADB3zPwCMHvM/AIwe8z8AjB7zPwCMnmL+Hxt0OwCAvvjuhx9mW2e/+P7rlU92ttebn9xYqbXWy43t5fJyc2uzvNpsrtZr5eVm46z71ZvNzfm3Y/t2pV1rtSutnd3FRnN7o72Yf6/3Yq3Ul14BAKd57Y37f0wiYu+9l/ItjqzlYK6G4ZYOugHAwMj5w+jyLdwwuvwfHzhrLc+evyJ87zmCdX7yHC8CLtq1z8n/w6iS/4fRJf8Po0v+H0ZXp5P0WvM/PbwEABgqcvxAX3/+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAENiOt+StFysBT4daVouR7wSEbNRSm6t1WtzEfFqRPxhojSRlecH3WgA4AWlf0mK9b+uzbw1fbz2SvKviXwfET/6+Uc/u73Ubm/NZ+f/fni+fa84Xx1E+wGAsxzM0wfz+IHHj+4sH2z9bM/Db3YXF83i7hdbt2Y8xvP9ZJQiYuofSVHuyj6vjF1A/L27EfHZk/qf5LmR2WLl0+Pxs9iv9DV++l/x07yuu8/+LT79DDHPWusVRsX9bPx5/6TnL42r+X7yxMWPJ/MR6sUdjH/7T41/6eH4N9Zj/Lt63hhv/+47PevuRnx+/KT4yWH8pEf8t84Z/09f+NKbveo6v4i4FifHPxqr0m5sVlo7uzfWGkurtdXaRrW6ML8w9+7Nd6qVPEddOchUP+2v711/9bT+T/WIP3lG/796aq87EwdHv/z3xz/48inxv/6Vk9//10+Jn82JXzs1/hNLU7/uuXx3Fn+l2/+7z/r+Xz9n/Ad/3l0556UAQB+0dnbXl+r12taFHpTigm945CC5pDY7GPKD7PP4i97nM0XK7H+gO5d9MOiRCbhsTx76QbcEAAAAAAAAAAAAAADo5dL/nCgddA8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYZv8JAAD//wqryik=") r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000005c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r2 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r3 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) pwritev2(r3, &(0x7f0000000500)=[{&(0x7f0000000340)=' ', 0x1}], 0x1, 0x1ffffff, 0x0, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0x8400fffffffa) ioctl$EXT4_IOC_MIGRATE(r1, 0x6609) 1.249053825s ago: executing program 0 (id=793): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 1.208232161s ago: executing program 4 (id=795): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x8}]}}}]}, 0x3c}}, 0x0) 1.169779447s ago: executing program 4 (id=798): mlock2(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x0) mremap(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) mlock2(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0) 1.069060903s ago: executing program 1 (id=800): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x12, r1, 0x0) ftruncate(r1, 0x8979) setsockopt$inet6_tcp_int(r0, 0x6, 0xd, &(0x7f00000000c0), 0x4) 1.068589302s ago: executing program 4 (id=802): mkdir(0x0, 0x0) mkdir(0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') open(&(0x7f0000000300)='.\x00', 0x0, 0x0) open(0x0, 0x0, 0x0) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 1.01995662s ago: executing program 1 (id=803): r0 = socket(0x40000000002, 0x3, 0x6) setsockopt(r0, 0xff, 0x0, 0x0, 0x32) 981.886277ms ago: executing program 1 (id=805): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r0, &(0x7f0000000180), 0x40001) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x5, 0xff}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000057"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000004c0)='ext4_mb_release_inode_pa\x00', r2}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) 906.497328ms ago: executing program 1 (id=807): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x10010, 0x0) llistxattr(&(0x7f00000000c0)='./file0\x00', 0x0, 0x18) 864.805265ms ago: executing program 1 (id=808): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10) socket(0x1, 0x0, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 828.82447ms ago: executing program 1 (id=809): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x69, 0x11, 0x34}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x70) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={r0, 0x2, 0x0}, 0x10) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) read(0xffffffffffffffff, 0x0, 0x0) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) setsockopt$sock_int(r1, 0x1, 0x2f, &(0x7f0000000200)=0x5, 0x4) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000300)=[@window, @mss, @window, @sack_perm, @sack_perm, @window, @timestamp, @sack_perm], 0x8) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r1, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd14b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a663afd02facb08dd9695f854c7b031d9af8bd7350897996b5208b23030cc0feb84570730eaf24b9f2ac05d0feb3be07a29f887095f36f3c8f0e77e45509acd14a5be4a1572dd4cd1231087b830fa03e071571d4abd694710ef140469cf6df8a59839aafe046a5bffb97e5247be901789eafd726ba090337a2c49207e6b900c7e982472e6aac70e5d52ca2c1bab47b1f6d00f9601e2281686c21f770ae96e0ffec4b30496d012fa00958f794cdbd721bd155cae87", 0x109e8, 0x805, 0x0, 0x6) 771.740889ms ago: executing program 0 (id=810): bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x2, 0x1, 0x3ff, 0x20000005, 0x1000}, 0x48) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x11, 0x1, r1, 0x1, 0x0, 0x6, @remote}, 0x14) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x13, 0x0, 0x0, 0x8000}, 0x48) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x1042, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000}, 0x48) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000728000/0x3000)=nil, 0x3000, 0x2000, 0x0, &(0x7f0000320000/0x2000)=nil) socket(0x0, 0x0, 0x3) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040), 0x4) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r6, 0x1, 0x10, &(0x7f0000000000), 0x4) sendmsg$inet(r6, &(0x7f0000001200)={0x0, 0x0, 0x0}, 0x0) 613.397354ms ago: executing program 2 (id=813): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x12, r1, 0x0) ftruncate(r1, 0x8979) setsockopt$inet6_tcp_int(r0, 0x6, 0xd, &(0x7f00000000c0), 0x4) 590.378217ms ago: executing program 3 (id=814): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f0000000580)=0x6, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000600)={0x0, 0x0}, 0x10) 575.25061ms ago: executing program 3 (id=815): r0 = socket(0x40000000002, 0x3, 0x6) setsockopt(r0, 0xff, 0x0, 0x0, 0x32) 314.109681ms ago: executing program 3 (id=816): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) prlimit64(0x0, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='bridge_slave_1\x00', 0x10) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) 276.069616ms ago: executing program 3 (id=817): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(0x0, 0x0, 0x0, 0x0, 0x0) mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x2081c80, 0x0) mount$bind(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x80000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00') r1 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) sendfile(r1, r0, 0x0, 0x80000000) 269.077177ms ago: executing program 4 (id=818): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f0000000240)={[{@shortname_winnt}, {@numtail}, {@fat=@codepage={'codepage', 0x3d, '855'}}, {@shortname_mixed}, {@utf8no}, {@uni_xlateno}, {@rodir}, {@iocharset={'iocharset', 0x3d, 'maccyrillic'}}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'iso8859-5'}}, {@shortname_win95}]}, 0x2, 0x217, &(0x7f00000004c0)="$eJzs3TFrE2EYB/CnttVSkGQQiiJ44uIUmop7ilQQA4qSQSeLTVGaWDAQ0KF180voV9DRVXAQV7+ACFIFF7t1ECL1YmNrYiM1OTG/35KH3Pu/e95LyEuGvLl1sr6ytNpY3tzciKmpsZgoRSm2xiIfh2I8Uo8CAPifbLVa8aWVyroXAGA4rP8AMHr6XP+vDrElAGDAfP8HgNFz/cbNy/Pl8sK1JJmKqD9uVpqV9DE9Pr8cd6MW1ZiNXHyNaO1I64uXyguzybaP+ajU19v59WZlfHe+GLnId88Xk9Tu/GRMt/PvpqMac5GLY93zc13zh+PsmZ+uX4hcvL0dq1GLpdjOdvJrxSS5cKW8J3/k+zgAAAAAAAAAAAAAAAAAAAAAABiEQrKj6/49hUKv42m+//2B9u7PMxEnJrKdOwAAAAAAAAAAAAAAAAAAAPwrGg8erizWatX7vyvuvXn2ar8xfRZj7ese9DwHL46e/vCk15jxP7s/f7d4eSrL29Jn8XrjzvFzjZnzmbUxGRG/PtPzrfU5FzGgfp5n+lr8mPW+g2eelhZfrL3/1O+Zh/5RBAAAAAAAAAAAAAAAAAAAI6/zo9+sOwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA7HT+/39wRdZzBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbwEAAP//uSidyw==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) 249.306641ms ago: executing program 3 (id=819): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_socket_connect_nvme_tcp() bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) socket(0x0, 0x0, 0x0) r1 = socket(0x2, 0x3, 0x6) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) lseek(r0, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f00000000c0)=0x6, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sendto$inet(r1, 0x0, 0x0, 0x48800, &(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x50}, {0x6}]}, 0x10) sendto$inet(r1, &(0x7f00000023c0)="8ce2ad4d4f95e087a7846d3f81", 0xd, 0x0, &(0x7f0000002400)={0x2, 0x0, @multicast2}, 0x10) 188.90646ms ago: executing program 3 (id=820): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x15, 0x4, &(0x7f00000000c0)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x15}]}, &(0x7f0000000100)='GPL\x00', 0x5, 0xd2, &(0x7f00000002c0)=""/210}, 0x22) setrlimit(0xe, &(0x7f0000000380)={0xbe, 0x7fff}) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x5) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.throttle.io_service_bytes\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000400), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000006, 0x28011, r4, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r5, &(0x7f0000000e00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x18}}], 0x1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600013, 0x15) r6 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r6, &(0x7f0000000140)={0x10, 0x0, 0x25dfdbfb}, 0xc) bind$netlink(r6, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbfb, 0x8}, 0xc) r7 = creat(&(0x7f0000000280)='./file1\x00', 0x0) write$eventfd(r7, &(0x7f0000000080), 0xfffffe5e) syz_open_dev$MSR(0x0, 0x0, 0x0) write$binfmt_script(r0, &(0x7f00000014c0)={'#! ', '', [], 0xa, "1d5cbd2069c42bc3e1"}, 0xd) mmap(&(0x7f00004f1000/0x1000)=nil, 0x1000, 0x2, 0x8010, r0, 0xfffff000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800006, 0x11, r0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000140)={r0, 0x20, &(0x7f0000000100)={&(0x7f0000000080)=""/2, 0x2, 0x0, &(0x7f0000000240)=""/224, 0xe0}}, 0x10) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001480)={0xffffffffffffffff, 0x20, &(0x7f0000001440)={&(0x7f0000000340)=""/4096, 0x1000, 0x0, &(0x7f0000001340)=""/241, 0xf1}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000001680)=ANY=[@ANYRESDEC=r8], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r8}, 0x90) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 188.5018ms ago: executing program 4 (id=821): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 152.329525ms ago: executing program 2 (id=823): syz_read_part_table(0x5be, &(0x7f00000005c0)="$eJzs2z9ok2kcB/BfqkHQwcXJSR3kOFwURzOoJFFRCNEuIoeCImKmCELkAoIOmsHSDKW3dekVsvTP1DRDp5YWOpfSoUehQ5c72qXQpTl6fbq31z8gfD4k/Hie9/s+v/c3vOMb/NR64p9ut5uJiO65w9/d28oXHl4p3S0/i8jEi4j47Y9f/ty9kkmJ/VOvpfVKWg8Pne9833yQbS0/3br+cqbRs3/k5/9+cWGk3XvU2Th5o7nZi1++Vos/arl3S8X62rfFhSdjG/ly+3GjOf4oe/91ys2lejbVD1GLT/E+XkUlKvEmqsfUf7C1enPncrE1+fbOdqHTN30r5UpHnPOg/T9e7X/erN+7MXFp4HZtar68fmYvV/kfbxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKdvNDd78cvXavFHLfduqVhf+7a48GRsI19uP240xx9l779OublUz6b6IWrxKd7Hq6hEJd5E9Zj6D7ZWb+5cLrYm397ZLnT6pm+lXOmIcx60/8er/c+b9Xs3Ji4N3K5NzZfXz+zlKudO6AEAAAAAAAAAAAAAAAAAAAAgIvKFh1dKd8vPIjLxIiJ+/fv3nt39bvrePZNy11JdSfvDQ+c73zcfZFvLT7euv5xp/JX2P6f/hZF276kPw6H9GwAA///bW5Wc") ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) syz_emit_ethernet(0x2b, &(0x7f0000000e00)={@local, @link_local, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1d, 0x0, 0x0, 0x0, 0x2, 0x0, @remote, @multicast1}, {0x11, 0x0, 0x0, @dev, "c5"}}}}}, 0x0) 0s ago: executing program 4 (id=824): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000180)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="48000000680001000000000000000000020000000000000006000700040000000c0008800500050000000000140006000000000000000000000000000000000008000500", @ANYRES32=r1], 0x48}}, 0x0) kernel console output (not intermixed with test programs): T599] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.191977][ T599] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.204764][ T372] hid-generic: probe of 0003:0158:0100.0005 failed with error -22 [ 35.220546][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 35.228499][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.235335][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.243391][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 35.255065][ T854] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 35.255194][ T107] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.270858][ T107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.291652][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 35.309011][ T107] usb 2-1: USB disconnect, device number 3 [ 35.315479][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 35.339634][ T9] device bridge_slave_1 left promiscuous mode [ 35.349460][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.357359][ T372] usb 1-1: USB disconnect, device number 2 [ 35.363380][ T9] device bridge_slave_0 left promiscuous mode [ 35.369328][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.518863][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 35.531378][ T381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 35.546515][ T381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 35.589532][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 35.673477][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 35.803064][ T23] kauditd_printk_skb: 1 callbacks suppressed [ 35.803076][ T23] audit: type=1400 audit(1719396460.350:181): avc: denied { mounton } for pid=841 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=12344 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 35.847807][ T408] buffer_io_error: 62 callbacks suppressed [ 35.847817][ T408] Buffer I/O error on dev loop3p4, logical block 1, async page read [ 35.863891][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 35.871949][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 35.883345][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 35.891590][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 35.899519][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 35.977003][ T408] Buffer I/O error on dev loop3p4, logical block 1, async page read [ 35.986774][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 35.995015][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 36.003258][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 36.202318][ T882] EXT4-fs (sda1): re-mounted. Opts: (null) [ 36.413169][ T23] audit: type=1400 audit(1719396460.960:182): avc: denied { bind } for pid=893 comm="syz.4.158" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 36.457591][ T897] tipc: Failed to remove local publication {66,0,0}/3287226443 [ 36.579483][ T892] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 36.820044][ T888] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 38.692872][ T23] audit: type=1400 audit(1719396463.240:183): avc: denied { ioctl } for pid=902 comm="syz.3.160" path="socket:[14944]" dev="sockfs" ino=14944 ioctlcmd=0x89ee scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 39.019566][ T881] fs-verity (loop1, inode 13): Error -27 writing Merkle tree block 2160165643 [ 39.028924][ T881] fs-verity (loop1, inode 13): Error -27 building Merkle tree [ 39.322404][ T467] print_req_error: 46 callbacks suppressed [ 39.322420][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 39.339482][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 39.350841][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 39.361841][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 39.373580][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 39.377456][ T408] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 39.384297][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 39.425274][ T408] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 39.540135][ T107] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 39.561524][ T937] EXT4-fs (sda1): re-mounted. Opts: (null) [ 39.593906][ T939] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 39.815606][ T7] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 39.970102][ T107] usb 4-1: Using ep0 maxpacket: 16 [ 40.150604][ T107] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 40.195545][ T107] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 40.205886][ T107] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 40.291842][ T952] tipc: Failed to remove local publication {66,0,0}/3998593479 [ 40.442232][ T107] usb 4-1: config 0 descriptor?? [ 40.548759][ T954] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 41.237147][ T964] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 41.585702][ T975] netlink: 'syz.4.179': attribute type 4 has an invalid length. [ 41.610032][ T971] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 41.631035][ T107] hid (null): invalid report_size 29797 [ 41.638415][ T107] hid (null): unknown global tag 0x6f [ 41.645093][ T968] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2930: inode #16: comm syz.1.178: corrupted xattr block 8 [ 41.646558][ T107] hid-generic 0003:0158:0100.0006: unknown main item tag 0x1 [ 41.660818][ T968] EXT4-fs warning (device loop1): ext4_evict_inode:321: xattr delete (err -117) [ 41.670667][ T107] hid-generic 0003:0158:0100.0006: unexpected long global item [ 41.674022][ T968] EXT4-fs (loop1): 1 orphan inode deleted [ 41.686203][ T968] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 41.687211][ T107] hid-generic: probe of 0003:0158:0100.0006 failed with error -22 [ 41.695322][ T968] ext4 filesystem being mounted at /root/syzkaller.olQSsw/32/bus supports timestamps until 2038 (0x7fffffff) [ 41.714068][ T377] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 41.726588][ T23] audit: type=1400 audit(1719396466.270:184): avc: denied { mounton } for pid=967 comm="syz.1.178" path="/root/syzkaller.olQSsw/32/bus/file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 41.762049][ T982] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 41.771096][ T982] ext4 filesystem being mounted at /root/syzkaller.bXbMhR/28/file0 supports timestamps until 2038 (0x7fffffff) [ 41.854004][ T381] usb 4-1: USB disconnect, device number 2 [ 41.906240][ T975] loop_set_status: loop4 () has still dirty pages (nrpages=3) [ 41.922878][ T352] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /root/syzkaller.bXbMhR/28/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0 [ 41.947008][ T352] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /root/syzkaller.bXbMhR/28/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 41.971141][ T352] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /root/syzkaller.bXbMhR/28/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 41.996345][ T352] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /root/syzkaller.bXbMhR/28/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 42.064515][ T352] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /root/syzkaller.bXbMhR/28/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 42.162813][ T352] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /root/syzkaller.bXbMhR/28/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 42.186137][ T352] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 17: comm syz-executor: path /root/syzkaller.bXbMhR/28/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 42.208925][ T352] EXT4-fs error (device loop4): ext4_map_blocks:617: inode #2: block 18: comm syz-executor: lblock 23 mapped to illegal pblock 18 (length 1) [ 42.223270][ T5] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 42.441527][ T995] ====================================================== [ 42.441527][ T995] WARNING: the mand mount option is being deprecated and [ 42.441527][ T995] will be removed in v5.15! [ 42.441527][ T995] ====================================================== [ 42.490149][ T5] usb 1-1: Using ep0 maxpacket: 16 [ 42.513623][ T999] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.515393][ T995] FAT-fs (loop1): Directory bread(block 64) failed [ 42.520781][ T999] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.530647][ T995] FAT-fs (loop1): Directory bread(block 65) failed [ 42.534872][ T999] device bridge_slave_0 entered promiscuous mode [ 42.540637][ T995] FAT-fs (loop1): Directory bread(block 66) failed [ 42.547693][ T999] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.559633][ T995] FAT-fs (loop1): Directory bread(block 67) failed [ 42.559775][ T999] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.566242][ T995] FAT-fs (loop1): Directory bread(block 68) failed [ 42.573735][ T999] device bridge_slave_1 entered promiscuous mode [ 42.585980][ T995] FAT-fs (loop1): Directory bread(block 69) failed [ 42.592592][ T995] FAT-fs (loop1): Directory bread(block 70) failed [ 42.599125][ T995] FAT-fs (loop1): Directory bread(block 71) failed [ 42.619088][ T995] FAT-fs (loop1): Directory bread(block 72) failed [ 42.627909][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 42.639331][ T5] usb 1-1: config index 0 descriptor too short (expected 16456, got 72) [ 42.650867][ T408] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 42.666253][ T5] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 42.680582][ T995] FAT-fs (loop1): Directory bread(block 73) failed [ 42.692190][ T408] buffer_io_error: 26 callbacks suppressed [ 42.692199][ T408] Buffer I/O error on dev loop3p4, logical block 1, async page read [ 42.706234][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 42.714283][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 42.725678][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 42.737349][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 42.739304][ T5] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 42.745729][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 42.761898][ T5] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 42.771750][ T5] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 42.780437][ T5] usb 1-1: config 0 has no interface number 0 [ 42.786319][ T5] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 42.797179][ T5] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 42.806817][ T5] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 42.816470][ T5] usb 1-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 42.829382][ T5] usb 1-1: config 0 interface 125 has no altsetting 0 [ 42.856991][ T999] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.863869][ T999] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.870998][ T999] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.877829][ T999] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.904971][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 42.915307][ T408] Buffer I/O error on dev loop3p4, logical block 1, async page read [ 42.923721][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 42.936167][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 43.031921][ T1012] tipc: Failed to remove local publication {66,0,0}/4232460839 [ 43.319333][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.347403][ T388] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.449469][ T388] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.552124][ T5] usb 1-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 43.578924][ T5] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 43.588395][ T5] usb 1-1: Product: syz [ 43.607806][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.672965][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.690485][ T5] usb 1-1: Manufacturer: syz [ 43.695183][ T5] usb 1-1: SerialNumber: syz [ 43.745575][ T107] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.752547][ T107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.831744][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 43.879925][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.889497][ T107] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.896354][ T107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.097686][ T5] usb 1-1: config 0 descriptor?? [ 44.130823][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.138838][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.158950][ T1027] overlayfs: unrecognized mount option "\%)#&" or missing value [ 44.169305][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.177709][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.247311][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 44.255638][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.280154][ T381] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 44.287984][ T381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.482319][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 44.489008][ T23] audit: type=1400 audit(1719396468.950:185): avc: denied { read write } for pid=1028 comm="syz.1.197" name="vga_arbiter" dev="devtmpfs" ino=22 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 44.498604][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.558487][ T107] usb 1-1: USB disconnect, device number 3 [ 44.591691][ T1025] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 44.601116][ T1025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.622603][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 44.636750][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.646922][ T23] audit: type=1400 audit(1719396468.950:186): avc: denied { open } for pid=1028 comm="syz.1.197" path="/dev/vga_arbiter" dev="devtmpfs" ino=22 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 44.671465][ T23] audit: type=1400 audit(1719396469.100:187): avc: denied { remount } for pid=1031 comm="syz.2.199" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 44.704959][ T7] device bridge_slave_1 left promiscuous mode [ 44.712430][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.719728][ T7] device bridge_slave_0 left promiscuous mode [ 44.725764][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.170667][ T23] audit: type=1400 audit(1719396469.710:188): avc: denied { write } for pid=1061 comm="syz.2.207" name="kvm" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 45.219325][ T1069] overlayfs: unrecognized mount option "\%)#&" or missing value [ 45.233208][ T1065] FAT-fs (loop1): Directory bread(block 64) failed [ 45.239584][ T1065] FAT-fs (loop1): Directory bread(block 65) failed [ 45.245970][ T1065] FAT-fs (loop1): Directory bread(block 66) failed [ 45.252272][ T1065] FAT-fs (loop1): Directory bread(block 67) failed [ 45.258599][ T1065] FAT-fs (loop1): Directory bread(block 68) failed [ 45.264969][ T1065] FAT-fs (loop1): Directory bread(block 69) failed [ 45.282959][ T1065] FAT-fs (loop1): Directory bread(block 70) failed [ 45.289300][ T1065] FAT-fs (loop1): Directory bread(block 71) failed [ 45.316214][ T1065] FAT-fs (loop1): Directory bread(block 72) failed [ 45.324869][ T1065] FAT-fs (loop1): Directory bread(block 73) failed [ 45.331817][ T23] audit: type=1400 audit(1719396469.880:189): avc: denied { unmount } for pid=841 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 45.502479][ T408] print_req_error: 30 callbacks suppressed [ 45.502494][ T408] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 45.525069][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 45.543116][ T408] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 45.554624][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 45.604168][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 45.635294][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 45.689433][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 45.833072][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 46.032184][ T1091] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 46.094923][ T1101] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2930: inode #16: comm syz.1.221: corrupted xattr block 8 [ 46.107052][ T1101] EXT4-fs warning (device loop1): ext4_evict_inode:321: xattr delete (err -117) [ 46.110814][ T1085] fs-verity (loop2, inode 13): Error -27 writing Merkle tree block 2160165643 [ 46.116274][ T1101] EXT4-fs (loop1): 1 orphan inode deleted [ 46.124642][ T1085] fs-verity (loop2, inode 13): Error -27 building Merkle tree [ 46.130461][ T1101] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 46.130583][ T1101] ext4 filesystem being mounted at /root/syzkaller.olQSsw/40/bus supports timestamps until 2038 (0x7fffffff) [ 46.162012][ T1094] F2FS-fs (loop4): invalid crc value [ 46.177649][ T1094] F2FS-fs (loop4): Found nat_bits in checkpoint [ 46.231003][ T1094] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 46.411111][ T999] attempt to access beyond end of device [ 46.411111][ T999] loop4: rw=2049, want=45104, limit=40427 [ 46.447668][ T388] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 46.492143][ T408] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 46.502727][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 46.585337][ T1134] FAT-fs (loop1): Directory bread(block 64) failed [ 46.591823][ T1134] FAT-fs (loop1): Directory bread(block 65) failed [ 46.605438][ T23] audit: type=1400 audit(1719396471.150:190): avc: denied { append } for pid=1136 comm="syz.3.230" name="001" dev="devtmpfs" ino=880 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 46.628559][ T1134] FAT-fs (loop1): Directory bread(block 66) failed [ 46.635382][ T1134] FAT-fs (loop1): Directory bread(block 67) failed [ 46.643825][ T1134] FAT-fs (loop1): Directory bread(block 68) failed [ 46.650635][ T1134] FAT-fs (loop1): Directory bread(block 69) failed [ 46.657860][ T1134] FAT-fs (loop1): Directory bread(block 70) failed [ 46.662565][ T23] audit: type=1400 audit(1719396471.190:191): avc: denied { map } for pid=1136 comm="syz.3.230" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=880 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 46.664416][ T1134] FAT-fs (loop1): Directory bread(block 71) failed [ 46.694826][ T388] usb 1-1: Using ep0 maxpacket: 16 [ 46.701049][ T1134] FAT-fs (loop1): Directory bread(block 72) failed [ 46.707371][ T1134] FAT-fs (loop1): Directory bread(block 73) failed [ 46.770230][ T372] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 46.886603][ T388] usb 1-1: config index 0 descriptor too short (expected 16456, got 72) [ 46.895219][ T388] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 46.906598][ T388] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 46.914953][ T388] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 46.924990][ T388] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 46.933751][ T388] usb 1-1: config 0 has no interface number 0 [ 46.939632][ T388] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 46.950539][ T388] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 46.960559][ T388] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 46.970577][ T388] usb 1-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 46.983511][ T388] usb 1-1: config 0 interface 125 has no altsetting 0 [ 47.240218][ T388] usb 1-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 47.256477][ T388] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 47.267291][ T388] usb 1-1: Product: syz [ 47.271518][ T388] usb 1-1: Manufacturer: syz [ 47.278724][ T388] usb 1-1: SerialNumber: syz [ 47.285054][ T388] usb 1-1: config 0 descriptor?? [ 47.311231][ T1150] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 47.346142][ T1150] fs-verity (loop4, inode 13): Error -27 writing Merkle tree block 2160165643 [ 47.355109][ T1150] fs-verity (loop4, inode 13): Error -27 building Merkle tree [ 47.390264][ T372] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 47.401000][ T372] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 47.410781][ T372] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 47.419682][ T372] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 47.460659][ T372] usb 3-1: config 0 descriptor?? [ 47.576645][ T388] usb 1-1: USB disconnect, device number 4 [ 48.310551][ T372] hid (null): bogus close delimiter [ 48.467504][ T1168] F2FS-fs (loop3): invalid crc value [ 48.475737][ T1168] F2FS-fs (loop3): Found nat_bits in checkpoint [ 48.509776][ T1168] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 48.520301][ T372] usb 3-1: language id specifier not provided by device, defaulting to English [ 48.671487][ T841] attempt to access beyond end of device [ 48.671487][ T841] loop3: rw=2049, want=45104, limit=40427 [ 48.676801][ T1189] capability: warning: `syz.0.246' uses deprecated v2 capabilities in a way that may be insecure [ 48.693087][ T1025] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 48.725315][ T23] audit: type=1400 audit(1719396473.270:192): avc: denied { read } for pid=1192 comm="syz.0.249" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 48.751430][ T23] audit: type=1400 audit(1719396473.270:193): avc: denied { open } for pid=1192 comm="syz.0.249" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 48.789688][ T23] audit: type=1400 audit(1719396473.270:194): avc: denied { ioctl } for pid=1192 comm="syz.0.249" path="/dev/binderfs/binder0" dev="binder" ino=13 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 48.815625][ T23] audit: type=1400 audit(1719396473.270:195): avc: denied { set_context_mgr } for pid=1192 comm="syz.0.249" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 48.835772][ T23] audit: type=1400 audit(1719396473.270:196): avc: denied { map } for pid=1192 comm="syz.0.249" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 48.859831][ T23] audit: type=1400 audit(1719396473.270:197): avc: denied { call } for pid=1192 comm="syz.0.249" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 48.903911][ T23] audit: type=1400 audit(1719396473.270:198): avc: denied { transfer } for pid=1192 comm="syz.0.249" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 48.926618][ T23] audit: type=1400 audit(1719396473.290:199): avc: denied { mount } for pid=1131 comm="syz.2.231" name="/" dev="configfs" ino=815 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 49.052273][ T1025] usb 2-1: Using ep0 maxpacket: 16 [ 49.110386][ T23] audit: type=1400 audit(1719396473.570:200): avc: denied { create } for pid=1194 comm="syz.0.250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 49.188473][ T372] uclogic 0003:256C:006D.0007: failed retrieving string descriptor #200: -71 [ 49.197144][ T372] uclogic 0003:256C:006D.0007: failed retrieving pen parameters: -71 [ 49.205038][ T372] uclogic 0003:256C:006D.0007: failed probing pen v2 parameters: -71 [ 49.213035][ T372] uclogic 0003:256C:006D.0007: failed probing parameters: -71 [ 49.220395][ T372] uclogic: probe of 0003:256C:006D.0007 failed with error -71 [ 49.228834][ T372] usb 3-1: USB disconnect, device number 3 [ 49.231046][ T1025] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 49.245663][ T1025] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 49.254804][ T1025] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 49.287437][ T1025] usb 2-1: config 0 descriptor?? [ 49.368224][ T467] buffer_io_error: 38 callbacks suppressed [ 49.368235][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 49.387985][ T408] Buffer I/O error on dev loop3p4, logical block 1, async page read [ 49.403643][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 49.413905][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 49.421877][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 49.429848][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 49.448999][ T408] Buffer I/O error on dev loop3p4, logical block 1, async page read [ 49.452314][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 49.470535][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 49.478491][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 49.487159][ T23] audit: type=1400 audit(1719396474.030:201): avc: denied { remove_name } for pid=144 comm="syslogd" name="messages" dev="tmpfs" ino=9260 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 49.725267][ T1205] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 49.737943][ T1205] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 49.760396][ T1176] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 49.771300][ T1205] F2FS-fs (loop4): invalid crc value [ 49.779165][ T1205] F2FS-fs (loop4): Found nat_bits in checkpoint [ 49.781044][ T1025] hid (null): invalid report_size 29797 [ 49.790656][ T388] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 49.804362][ T1025] hid (null): unknown global tag 0x6f [ 49.814564][ T1025] hid-generic 0003:0158:0100.0008: unknown main item tag 0x1 [ 49.829998][ T1025] hid-generic 0003:0158:0100.0008: unexpected long global item [ 49.838415][ T1205] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 49.845448][ T1205] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 49.850488][ T1025] hid-generic: probe of 0003:0158:0100.0008 failed with error -22 [ 49.999197][ T1025] usb 2-1: USB disconnect, device number 4 [ 50.080151][ T388] usb 4-1: Using ep0 maxpacket: 16 [ 50.220447][ T388] usb 4-1: config index 0 descriptor too short (expected 16456, got 72) [ 50.247664][ T388] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 50.360142][ T388] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 50.376304][ T388] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 50.386444][ T388] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 50.395577][ T388] usb 4-1: config 0 has no interface number 0 [ 50.401807][ T388] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 50.412832][ T388] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 50.422719][ T388] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 50.432561][ T388] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 50.445735][ T388] usb 4-1: config 0 interface 125 has no altsetting 0 [ 50.542018][ T1222] F2FS-fs (loop2): invalid crc value [ 50.563735][ T1222] F2FS-fs (loop2): Found nat_bits in checkpoint [ 50.597109][ T1222] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 50.780451][ T388] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 50.790905][ T388] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 50.798693][ T388] usb 4-1: Product: syz [ 50.803071][ T388] usb 4-1: Manufacturer: syz [ 50.820130][ T388] usb 4-1: SerialNumber: syz [ 50.830943][ T388] usb 4-1: config 0 descriptor?? [ 50.929017][ T353] attempt to access beyond end of device [ 50.929017][ T353] loop2: rw=2049, want=45104, limit=40427 [ 50.958265][ T1249] erofs: (device loop4): mounted with opts: , root inode @ nid 36. [ 50.985894][ T1249] erofs: (device loop4): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 51.076569][ T388] usb 4-1: USB disconnect, device number 3 [ 51.310176][ T124] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 51.454384][ T1275] overlayfs: unrecognized mount option "fsmagic=0x000000000000d8b6" or missing value [ 51.843941][ T408] print_req_error: 38 callbacks suppressed [ 51.843957][ T408] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 51.844103][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 51.849637][ T408] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 51.860977][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 51.882396][ T124] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 51.893254][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 51.904010][ T124] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 51.916964][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 51.935162][ T124] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 51.939118][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 51.944288][ T124] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.963014][ T1281] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 51.966240][ T124] usb 5-1: config 0 descriptor?? [ 51.977926][ T1281] EXT4-fs error (device loop3): ext4_get_journal_inode:4880: comm syz.3.275: inode #67108864: comm syz.3.275: iget: illegal inode # [ 51.994083][ T1281] EXT4-fs (loop3): no journal found [ 52.043153][ T408] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 52.060017][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 52.085977][ T408] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 52.192508][ T1287] erofs: (device loop1): mounted with opts: , root inode @ nid 36. [ 52.285659][ T1287] erofs: (device loop1): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 52.500628][ T124] hid (null): bogus close delimiter [ 52.540161][ T957] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 52.767699][ T124] usb 5-1: language id specifier not provided by device, defaulting to English [ 52.810143][ T957] usb 3-1: Using ep0 maxpacket: 16 [ 52.931043][ T957] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 52.959044][ T957] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 52.985796][ T957] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 53.018705][ T957] usb 3-1: config 0 descriptor?? [ 53.370175][ T124] uclogic 0003:256C:006D.0009: failed retrieving string descriptor #200: -71 [ 53.378882][ T124] uclogic 0003:256C:006D.0009: failed retrieving pen parameters: -71 [ 53.387041][ T124] uclogic 0003:256C:006D.0009: failed probing pen v2 parameters: -71 [ 53.398181][ T124] uclogic 0003:256C:006D.0009: failed probing parameters: -71 [ 53.406062][ T124] uclogic: probe of 0003:256C:006D.0009 failed with error -71 [ 53.415861][ T124] usb 5-1: USB disconnect, device number 4 [ 53.540449][ T1298] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 53.550923][ T957] hid (null): invalid report_size 29797 [ 53.557768][ T1334] overlayfs: unrecognized mount option "fsmagic=0x000000000000d8b6" or missing value [ 53.558992][ T957] hid (null): unknown global tag 0x6f [ 53.574085][ T957] hid-generic 0003:0158:0100.000A: unknown main item tag 0x1 [ 53.581340][ T957] hid-generic 0003:0158:0100.000A: unexpected long global item [ 53.588921][ T957] hid-generic: probe of 0003:0158:0100.000A failed with error -22 [ 53.715438][ T1336] erofs: (device loop3): mounted with opts: , root inode @ nid 36. [ 53.748839][ T1336] erofs: (device loop3): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 53.773001][ T124] usb 3-1: USB disconnect, device number 4 [ 53.929157][ T1349] fuseblk: Unknown parameter 'nystem.posix_acl_access' [ 54.189592][ T1353] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 54.197300][ T1353] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 54.209870][ T1353] F2FS-fs (loop3): invalid crc value [ 54.217940][ T1353] F2FS-fs (loop3): Found nat_bits in checkpoint [ 54.240108][ T372] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 54.256402][ T1353] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 54.263478][ T1353] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 54.420716][ T1368] erofs: (device loop1): mounted with opts: , root inode @ nid 36. [ 54.651811][ T1368] erofs: (device loop1): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 54.680114][ T372] usb 1-1: Using ep0 maxpacket: 32 [ 54.741647][ T23] kauditd_printk_skb: 10 callbacks suppressed [ 54.741657][ T23] audit: type=1400 audit(1719396479.290:212): avc: denied { create } for pid=1377 comm="syz.1.308" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 54.745695][ T1378] l2tp_ppp: tunl 8: set debug=b3 [ 54.747741][ T23] audit: type=1400 audit(1719396479.290:213): avc: denied { connect } for pid=1377 comm="syz.1.308" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 54.767814][ T911] l2tp_core: tunl 8: closing all sessions... [ 54.771768][ T23] audit: type=1400 audit(1719396479.290:214): avc: denied { setopt } for pid=1377 comm="syz.1.308" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 54.811857][ T372] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 54.842848][ T372] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 54.854181][ T372] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 54.863292][ T372] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.127069][ T1385] fuseblk: Unknown parameter 'nystem.posix_acl_access' [ 55.129932][ C0] l2tp_core: tunl 8: closing... [ 55.143844][ T372] usb 1-1: config 0 descriptor?? [ 55.161438][ T1351] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 55.181403][ T372] hub 1-1:0.0: USB hub found [ 55.370150][ T23] audit: type=1326 audit(1719396479.910:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1399 comm="syz.2.317" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe2d6bafae9 code=0x0 [ 55.400206][ T372] hub 1-1:0.0: 2 ports detected [ 55.427695][ T1404] l2tp_ppp: tunl 8: set debug=b3 [ 55.432791][ T911] l2tp_core: tunl 8: closing all sessions... [ 55.470159][ C0] l2tp_core: tunl 8: closing... [ 55.480306][ T957] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 55.527123][ T467] buffer_io_error: 73 callbacks suppressed [ 55.527132][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 55.543770][ T408] Buffer I/O error on dev loop3p4, logical block 1, async page read [ 55.554245][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 55.562635][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 55.570891][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 55.578909][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 55.639031][ T1408] netlink: 16 bytes leftover after parsing attributes in process `syz.2.317'. [ 55.648030][ T1408] netlink: 24 bytes leftover after parsing attributes in process `syz.2.317'. [ 55.733575][ T1409] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 55.741519][ T1409] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 55.751996][ T1409] F2FS-fs (loop4): invalid crc value [ 55.758792][ T1409] F2FS-fs (loop4): Found nat_bits in checkpoint [ 55.790123][ T1386] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 55.793291][ T1409] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 55.804311][ T1409] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 55.879358][ T957] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 55.890423][ T957] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 55.899972][ T957] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 55.908888][ T957] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.917624][ T957] usb 2-1: config 0 descriptor?? [ 56.210124][ T1386] usb 4-1: Using ep0 maxpacket: 16 [ 56.330208][ T1386] usb 4-1: config index 0 descriptor too short (expected 16456, got 72) [ 56.340349][ T1386] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 56.348327][ T1386] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 56.356889][ T1386] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 56.408211][ T1386] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 56.416934][ T1386] usb 4-1: config 0 has no interface number 0 [ 56.423054][ T1386] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 56.434153][ T1386] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 56.444259][ T1386] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 56.453972][ T1386] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 56.467277][ T1386] usb 4-1: config 0 interface 125 has no altsetting 0 [ 56.520483][ T957] hid (null): bogus close delimiter [ 56.640281][ T1386] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 56.649402][ T1386] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 56.660835][ T1386] usb 4-1: Product: syz [ 56.664810][ T1386] usb 4-1: Manufacturer: syz [ 56.669238][ T1386] usb 4-1: SerialNumber: syz [ 56.674815][ T1386] usb 4-1: config 0 descriptor?? [ 56.738905][ T1435] fuseblk: Unknown parameter 'nystem.posix_acl_access' [ 56.740214][ T957] usb 2-1: language id specifier not provided by device, defaulting to English [ 56.909438][ T1440] tipc: Failed to remove local publication {66,0,0}/1663757697 [ 56.969614][ T1025] usb 4-1: USB disconnect, device number 4 [ 57.230281][ T957] uclogic 0003:256C:006D.000B: failed retrieving string descriptor #200: -71 [ 57.239292][ T957] uclogic 0003:256C:006D.000B: failed retrieving pen parameters: -71 [ 57.273149][ T957] uclogic 0003:256C:006D.000B: failed probing pen v2 parameters: -71 [ 57.304731][ T957] uclogic 0003:256C:006D.000B: failed probing parameters: -71 [ 57.346623][ T957] uclogic: probe of 0003:256C:006D.000B failed with error -71 [ 57.368693][ T1443] l2tp_ppp: tunl 8: set debug=b3 [ 57.422442][ T911] l2tp_core: tunl 8: closing all sessions... [ 57.460076][ C1] l2tp_core: tunl 8: closing... [ 57.484060][ T957] usb 2-1: USB disconnect, device number 5 [ 57.944058][ T467] print_req_error: 93 callbacks suppressed [ 57.944154][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 57.976139][ T408] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 58.073150][ T408] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 58.125363][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 58.135493][ T408] Buffer I/O error on dev loop3p4, logical block 1, async page read [ 58.144825][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 58.153602][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 58.164879][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 58.174876][ T23] audit: type=1326 audit(1719396482.720:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1448 comm="syz.4.334" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f30f38b3ae9 code=0x0 [ 58.198992][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 58.211036][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 58.222547][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 58.234536][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 58.255263][ T408] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 58.256183][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 58.435447][ T1457] netlink: 16 bytes leftover after parsing attributes in process `syz.4.334'. [ 58.444187][ T1457] netlink: 24 bytes leftover after parsing attributes in process `syz.4.334'. [ 58.554816][ T1464] fuseblk: Unknown parameter 'nystem.posix_acl_access' [ 58.595930][ T355] usb 1-1: USB disconnect, device number 5 [ 58.641648][ T1472] erofs: (device loop2): mounted with opts: , root inode @ nid 36. [ 58.659369][ T1472] erofs: (device loop2): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 58.762752][ T1478] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 58.791605][ T1478] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv1,bsddf,errors=continue,norecovery,debug_want_extra_isize=0x0000000000000080,lazytime,nodelalloc,init_itable,mblk_io_submit,,errors=continue [ 58.823215][ T23] audit: type=1400 audit(1719396483.370:217): avc: denied { read } for pid=1477 comm="syz.2.344" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 58.845567][ T23] audit: type=1400 audit(1719396483.370:218): avc: denied { open } for pid=1477 comm="syz.2.344" path="/root/syzkaller.FkdrGP/74/file1/file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 59.094701][ T1494] overlayfs: unrecognized mount option "fsmagic=0x000000000000d8b6" or missing value [ 59.288346][ T1500] erofs: (device loop3): mounted with opts: , root inode @ nid 36. [ 59.296900][ T1502] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.304055][ T1502] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.316450][ T1502] device bridge_slave_0 entered promiscuous mode [ 59.338339][ T1502] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.341384][ T1500] erofs: (device loop3): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 59.345349][ T1502] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.362250][ T1502] device bridge_slave_1 entered promiscuous mode [ 59.429168][ T23] audit: type=1400 audit(1719396483.970:219): avc: denied { write } for pid=1502 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 59.438475][ T1502] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.450026][ T23] audit: type=1400 audit(1719396483.970:220): avc: denied { read } for pid=1502 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 59.456252][ T1502] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.456375][ T1502] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.490271][ T1502] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.499702][ T1508] netlink: 8 bytes leftover after parsing attributes in process `syz.3.355'. [ 59.538174][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.547534][ T355] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.610661][ T355] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.641070][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.649042][ T1386] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.655881][ T1386] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.663055][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.671690][ T1386] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.678525][ T1386] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.920225][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.928583][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.949689][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 59.976266][ T23] audit: type=1400 audit(1719396484.520:221): avc: denied { create } for pid=1519 comm="syz.2.361" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 60.010939][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 60.025574][ T1526] input: syz0 as /devices/virtual/input/input4 [ 60.039279][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 60.042426][ T23] audit: type=1326 audit(1719396484.550:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1520 comm="syz.1.359" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdea6d40ae9 code=0x0 [ 60.060267][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 60.079499][ T23] audit: type=1400 audit(1719396484.550:223): avc: denied { bind } for pid=1519 comm="syz.2.361" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 60.080907][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 60.099286][ T23] audit: type=1400 audit(1719396484.550:224): avc: denied { write } for pid=1519 comm="syz.2.361" path="socket:[19499]" dev="sockfs" ino=19499 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 60.130814][ T23] audit: type=1400 audit(1719396484.570:225): avc: denied { read } for pid=1525 comm="syz.2.362" name="uinput" dev="devtmpfs" ino=891 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 60.153802][ T23] audit: type=1400 audit(1719396484.570:226): avc: denied { open } for pid=1525 comm="syz.2.362" path="/dev/uinput" dev="devtmpfs" ino=891 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 60.184467][ T23] audit: type=1400 audit(1719396484.570:227): avc: denied { ioctl } for pid=1525 comm="syz.2.362" path="/dev/uinput" dev="devtmpfs" ino=891 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 60.264607][ T179] device bridge_slave_1 left promiscuous mode [ 60.282152][ T179] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.293840][ T179] device bridge_slave_0 left promiscuous mode [ 60.300566][ T179] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.307593][ T23] audit: type=1400 audit(1719396484.850:228): avc: denied { mount } for pid=1533 comm="syz.2.365" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 60.345183][ T1542] overlayfs: unrecognized mount option "fsmagic=0x000000000000d8b6" or missing value [ 60.349750][ T23] audit: type=1400 audit(1719396484.850:229): avc: denied { mounton } for pid=1533 comm="syz.2.365" path="/root/syzkaller.FkdrGP/81/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 60.450520][ T23] audit: type=1400 audit(1719396485.000:230): avc: denied { unmount } for pid=353 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 60.520593][ T1550] overlayfs: failed to get index nlink (file1/bus, err=-61) [ 60.910188][ T124] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 60.958670][ T1553] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.971054][ T1553] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.978660][ T1553] device bridge_slave_0 entered promiscuous mode [ 60.986230][ T1553] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.993321][ T1553] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.000781][ T1553] device bridge_slave_1 entered promiscuous mode [ 61.063526][ T1553] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.070378][ T1553] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.077494][ T1553] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.084362][ T1553] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.113288][ T1566] input: syz0 as /devices/virtual/input/input5 [ 61.119065][ T467] buffer_io_error: 38 callbacks suppressed [ 61.119076][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 61.141400][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.150249][ T124] usb 2-1: Using ep0 maxpacket: 8 [ 61.157198][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 61.157896][ T408] Buffer I/O error on dev loop3p4, logical block 1, async page read [ 61.172943][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 61.185287][ T1386] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.201703][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 61.209568][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 61.218039][ T1386] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.235028][ T957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.243280][ T957] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.252137][ T957] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.258998][ T957] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.300196][ T124] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 61.313524][ T124] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.342952][ T124] usb 2-1: config 0 descriptor?? [ 61.351603][ T957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.359922][ T957] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.368375][ T957] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.375228][ T957] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.412425][ T468] Buffer I/O error on dev loop3p4, logical block 1, async page read [ 61.429529][ T408] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 61.438306][ T408] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 61.446727][ T408] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 61.457480][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 61.465423][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.473846][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.481804][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.486644][ T1574] erofs: (device loop4): mounted with opts: , root inode @ nid 36. [ 61.540735][ T1574] erofs: (device loop4): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 61.555291][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 61.563795][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 61.594555][ T957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 61.602730][ T957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 61.612610][ T957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 61.621809][ T957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 61.656134][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 61.673334][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 61.682644][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 61.697413][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 61.707949][ T1569] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.715065][ T1569] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.722614][ T1569] device bridge_slave_0 entered promiscuous mode [ 61.740175][ T1569] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.747021][ T1569] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.755004][ T1569] device bridge_slave_1 entered promiscuous mode [ 61.807132][ T1599] netlink: 344 bytes leftover after parsing attributes in process `syz.0.381'. [ 61.820174][ T124] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 61.835131][ T124] asix 2-1:0.0 (unnamed net_device) (uninitialized): Error reading PHYID register: ffffffe0 [ 61.862935][ T1602] 9pnet: p9_errstr2errno: server reported unknown error @΂(QhQI [ 61.929108][ T1569] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.935985][ T1569] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.943137][ T1569] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.949960][ T1569] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.960523][ T957] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 61.974611][ T179] device bridge_slave_1 left promiscuous mode [ 61.978790][ T1604] erofs: (device loop0): mounted with opts: , root inode @ nid 36. [ 61.981162][ T179] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.995981][ T179] device bridge_slave_0 left promiscuous mode [ 62.002723][ T179] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.017772][ T1604] erofs: (device loop0): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 62.131265][ T1600] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.138167][ T1600] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.145628][ T1600] device bridge_slave_0 entered promiscuous mode [ 62.153193][ T1600] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.160022][ T1600] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.167524][ T1600] device bridge_slave_1 entered promiscuous mode [ 62.210092][ T957] usb 5-1: Using ep0 maxpacket: 16 [ 62.224086][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.238630][ T341] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.261874][ T341] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.293226][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 62.301471][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.309434][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.316285][ T372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.327618][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 62.336525][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.344900][ T18] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.351751][ T18] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.359021][ T957] usb 5-1: config index 0 descriptor too short (expected 16456, got 72) [ 62.367406][ T957] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 62.389083][ T957] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 62.397515][ T957] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 62.407520][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 62.407940][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.415343][ T957] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 62.423964][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 62.432548][ T957] usb 5-1: config 0 has no interface number 0 [ 62.440949][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.445531][ T957] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 62.464203][ T957] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 62.473842][ T957] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 62.482945][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 62.484158][ T957] usb 5-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 62.492388][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 62.504214][ T957] usb 5-1: config 0 interface 125 has no altsetting 0 [ 62.537291][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 62.546475][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 62.573378][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.580818][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.588126][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 62.597246][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.605638][ T388] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.612473][ T388] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.619862][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 62.628425][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.636514][ T388] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.643341][ T388] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.651710][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.666403][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 62.670287][ T957] usb 5-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 62.674660][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 62.683203][ T957] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 62.704001][ T957] usb 5-1: Product: syz [ 62.708013][ T957] usb 5-1: Manufacturer: syz [ 62.712825][ T957] usb 5-1: SerialNumber: syz [ 62.717888][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 62.726433][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.731156][ T957] usb 5-1: config 0 descriptor?? [ 62.735590][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 62.746769][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.779260][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 62.787918][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 62.796661][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 62.805301][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 62.833962][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 62.858797][ T1613] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.866736][ T1613] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.875577][ T1613] device bridge_slave_0 entered promiscuous mode [ 62.886149][ T1613] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.893845][ T1613] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.901327][ T1613] device bridge_slave_1 entered promiscuous mode [ 62.921864][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 62.969943][ T124] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 62.980202][ T124] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 62.985808][ T957] usb 5-1: USB disconnect, device number 5 [ 62.991913][ T124] asix: probe of 2-1:0.0 failed with error -71 [ 63.008250][ T124] usb 2-1: USB disconnect, device number 6 [ 63.024453][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 63.042613][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 63.051955][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 63.060098][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 63.068176][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 63.126592][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.130772][ T467] print_req_error: 86 callbacks suppressed [ 63.130789][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 63.147981][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.159295][ T1386] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.163203][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 63.166151][ T1386] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.176964][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 63.186922][ T408] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 63.195421][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 63.208724][ T408] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 63.221408][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 63.232169][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.246347][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 63.259821][ T1386] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.266703][ T1386] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.269608][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 63.276384][ T408] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 63.299919][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 63.337690][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 63.346972][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.355918][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 63.364518][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.372463][ T1628] netlink: 344 bytes leftover after parsing attributes in process `syz.3.401'. [ 63.397291][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 63.405955][ T1386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 63.433411][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 63.441677][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 63.461648][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 63.469793][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 63.486572][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 63.494849][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 63.508881][ T1632] erofs: (device loop3): mounted with opts: , root inode @ nid 36. [ 63.517764][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 63.536722][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 63.558734][ T1632] erofs: (device loop3): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 63.635083][ T1643] 9pnet: p9_errstr2errno: server reported unknown error @΂(QhQI [ 63.728345][ T1651] netlink: 344 bytes leftover after parsing attributes in process `syz.0.411'. [ 63.739527][ T179] device bridge_slave_1 left promiscuous mode [ 63.753130][ T179] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.756633][ T1657] erofs: (device loop4): mounted with opts: , root inode @ nid 36. [ 63.768143][ T179] device bridge_slave_0 left promiscuous mode [ 63.774280][ T179] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.781984][ T179] device bridge_slave_1 left promiscuous mode [ 63.788000][ T179] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.798322][ T179] device bridge_slave_0 left promiscuous mode [ 63.804703][ T179] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.815092][ T179] device bridge_slave_1 left promiscuous mode [ 63.821111][ T18] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 63.821837][ T179] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.828711][ T1657] erofs: (device loop4): erofs_readdir: invalid de[0].nameoff 0 @ nid 89 [ 63.843958][ T179] device bridge_slave_0 left promiscuous mode [ 63.849965][ T179] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.900121][ T341] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 63.908586][ T1660] FAT-fs (loop0): Directory bread(block 64) failed [ 63.915141][ T1660] FAT-fs (loop0): Directory bread(block 65) failed [ 63.947374][ T1660] FAT-fs (loop0): Directory bread(block 66) failed [ 63.956313][ T1660] FAT-fs (loop0): Directory bread(block 67) failed [ 63.962944][ T1660] FAT-fs (loop0): Directory bread(block 68) failed [ 63.969266][ T1660] FAT-fs (loop0): Directory bread(block 69) failed [ 63.979285][ T1660] FAT-fs (loop0): Directory bread(block 70) failed [ 63.986128][ T1660] FAT-fs (loop0): Directory bread(block 71) failed [ 63.993395][ T1660] FAT-fs (loop0): Directory bread(block 72) failed [ 63.999785][ T1660] FAT-fs (loop0): Directory bread(block 73) failed [ 64.001318][ T957] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 64.037694][ T1665] EXT4-fs: Warning: mounting with data=journal disables delayed allocation and O_DIRECT support! [ 64.058415][ T1665] EXT4-fs (loop4): corrupt root inode, run e2fsck [ 64.065621][ T1665] EXT4-fs (loop4): mount failed [ 64.161303][ T341] usb 4-1: Using ep0 maxpacket: 32 [ 64.180396][ T18] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 64.199241][ T18] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 64.209267][ T18] usb 2-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 64.218308][ T18] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.227335][ T18] usb 2-1: config 0 descriptor?? [ 64.260117][ T957] usb 3-1: Using ep0 maxpacket: 8 [ 64.280327][ T341] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 64.291127][ T341] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 64.305485][ T341] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 64.314942][ T341] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.324623][ T341] usb 4-1: config 0 descriptor?? [ 64.330673][ T1670] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 64.338227][ T1670] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 64.348906][ T1670] F2FS-fs (loop0): invalid crc value [ 64.355718][ T1670] F2FS-fs (loop0): Found nat_bits in checkpoint [ 64.362511][ T341] hub 4-1:0.0: USB hub found [ 64.380285][ T957] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 64.389236][ T957] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.402142][ T957] usb 3-1: config 0 descriptor?? [ 64.406323][ T1670] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 64.414185][ T1670] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 64.480732][ T124] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 64.809164][ T341] hub 4-1:0.0: 1 port detected [ 64.840617][ T18] hid (null): global environment stack underflow [ 64.849456][ T18] uclogic 0003:5543:0522.000C: global environment stack underflow [ 64.857324][ T18] uclogic 0003:5543:0522.000C: item 0 1 1 11 parsing failed [ 64.864807][ T18] uclogic 0003:5543:0522.000C: parse failed [ 64.870630][ T18] uclogic: probe of 0003:5543:0522.000C failed with error -22 [ 64.930445][ T124] usb 5-1: Using ep0 maxpacket: 16 [ 65.060206][ T957] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 65.070216][ T124] usb 5-1: config index 0 descriptor too short (expected 16456, got 72) [ 65.070320][ T957] asix 3-1:0.0 (unnamed net_device) (uninitialized): Error reading PHYID register: ffffffe0 [ 65.078357][ T124] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 65.099759][ T124] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 65.112577][ T124] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 65.122673][ T1635] device wg2 entered promiscuous mode [ 65.122944][ T124] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 65.140775][ T124] usb 5-1: config 0 has no interface number 0 [ 65.146667][ T124] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 65.157532][ T124] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 65.167167][ T124] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 65.176810][ T124] usb 5-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 65.189627][ T124] usb 5-1: config 0 interface 125 has no altsetting 0 [ 65.318971][ T1695] 9pnet: p9_errstr2errno: server reported unknown error @΂(QhQI [ 65.327668][ T341] hub 4-1:0.0: activate --> -90 [ 65.350254][ T124] usb 5-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 65.359193][ T124] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 65.367255][ T124] usb 5-1: Product: syz [ 65.371377][ T124] usb 5-1: Manufacturer: syz [ 65.375753][ T124] usb 5-1: SerialNumber: syz [ 65.381308][ T124] usb 5-1: config 0 descriptor?? [ 65.405190][ T23] kauditd_printk_skb: 9 callbacks suppressed [ 65.405203][ T23] audit: type=1400 audit(1719396489.950:240): avc: denied { setopt } for pid=1696 comm="syz.0.424" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 65.532936][ T1699] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.539984][ T1699] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.547769][ T1699] device bridge_slave_0 entered promiscuous mode [ 65.557605][ T1699] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.564457][ T1699] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.571925][ T1699] device bridge_slave_1 entered promiscuous mode [ 65.628857][ T1699] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.635724][ T1699] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.643046][ T1699] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.649917][ T1699] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.651202][ T107] usb 5-1: USB disconnect, device number 6 [ 65.687304][ T1683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.695204][ T1683] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.702433][ T1683] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.720854][ T1683] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.728937][ T1683] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.735789][ T1683] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.738997][ T18] usb 4-1: USB disconnect, device number 5 [ 65.743611][ T1683] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.756516][ T1683] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.763352][ T1683] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.778999][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.787285][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 65.807301][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 65.818183][ T1683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 65.832631][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 65.850131][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 65.858372][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 65.885068][ T1705] netlink: 344 bytes leftover after parsing attributes in process `syz.0.425'. [ 65.929431][ T1709] overlayfs: failed to get index nlink (file1/bus, err=-61) [ 65.995202][ T1711] netlink: 24 bytes leftover after parsing attributes in process `syz.0.428'. [ 66.004450][ T377] device bridge_slave_1 left promiscuous mode [ 66.013390][ T377] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.028338][ T377] device bridge_slave_0 left promiscuous mode [ 66.034357][ T377] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.210189][ T957] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 66.220033][ T957] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 66.238588][ T957] asix: probe of 3-1:0.0 failed with error -71 [ 66.260970][ T957] usb 3-1: USB disconnect, device number 5 [ 66.277128][ T408] buffer_io_error: 62 callbacks suppressed [ 66.277138][ T408] Buffer I/O error on dev loop3p4, logical block 1, async page read [ 66.282603][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 66.320280][ T13] cfg80211: failed to load regulatory.db [ 66.330475][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 66.339271][ T1721] EXT4-fs (loop4): corrupt root inode, run e2fsck [ 66.347095][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 66.358465][ T1721] EXT4-fs (loop4): mount failed [ 66.363892][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 66.372026][ T1683] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 66.387630][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 66.484426][ T23] audit: type=1400 audit(1719396491.030:241): avc: denied { create } for pid=1725 comm="syz.3.433" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 66.506529][ T23] audit: type=1400 audit(1719396491.030:242): avc: denied { write } for pid=1725 comm="syz.3.433" path="socket:[22155]" dev="sockfs" ino=22155 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 66.509198][ T408] Buffer I/O error on dev loop3p4, logical block 1, async page read [ 66.532407][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 66.556801][ T18] usb 2-1: USB disconnect, device number 7 [ 66.565327][ T23] audit: type=1400 audit(1719396491.030:243): avc: denied { nlmsg_read } for pid=1725 comm="syz.3.433" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 66.569416][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 66.602402][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 66.620249][ T1734] [ 66.622399][ T1734] ********************************************************** [ 66.648737][ T1734] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 66.656263][ T1683] usb 1-1: Using ep0 maxpacket: 16 [ 66.662327][ T1734] ** ** [ 66.682044][ T1734] ** trace_printk() being used. Allocating extra memory. ** [ 66.694279][ T1734] ** ** [ 66.707281][ T1734] ** This means that this is a DEBUG kernel and it is ** [ 66.713388][ T1740] overlayfs: failed to get index nlink (file1/bus, err=-61) [ 66.723747][ T1734] ** unsafe for production use. ** [ 66.727428][ T23] audit: type=1400 audit(1719396491.270:244): avc: denied { write } for pid=1733 comm="syz.4.436" name="psched" dev="proc" ino=4026532626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 66.732490][ T1734] ** ** [ 66.761932][ T23] audit: type=1400 audit(1719396491.300:245): avc: denied { write } for pid=1733 comm="syz.4.436" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 66.768831][ T1734] ** If you see this message and you are not debugging ** [ 66.789298][ T1734] ** the kernel, report this immediately to your vendor! ** [ 66.797284][ T1734] ** ** [ 66.811600][ T1683] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 66.822798][ T23] audit: type=1400 audit(1719396491.300:246): avc: denied { read } for pid=1733 comm="syz.4.436" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 66.825211][ T1683] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 66.851400][ T1734] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 66.852142][ T1683] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 66.871244][ T1734] ********************************************************** [ 66.878817][ T1683] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 66.888420][ T1683] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.937854][ T1683] usb 1-1: config 0 descriptor?? [ 66.961893][ T23] audit: type=1400 audit(1719396491.510:247): avc: denied { getopt } for pid=1753 comm="syz.1.444" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 67.162880][ T1746] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 67.178188][ T1746] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 67.193456][ T1746] F2FS-fs (loop2): invalid crc value [ 67.202389][ T1746] F2FS-fs (loop2): Found nat_bits in checkpoint [ 67.239295][ T1746] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 67.250103][ T1746] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 67.350177][ T1683] usbhid 1-1:0.0: can't add hid device: -71 [ 67.356018][ T1683] usbhid: probe of 1-1:0.0 failed with error -71 [ 67.363847][ T1683] usb 1-1: USB disconnect, device number 6 [ 67.630140][ T107] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 67.870161][ T107] usb 2-1: Using ep0 maxpacket: 8 [ 68.000331][ T107] usb 2-1: config 135 has an invalid interface number: 230 but max is 0 [ 68.008601][ T107] usb 2-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 68.018796][ T107] usb 2-1: config 135 has no interface number 0 [ 68.025000][ T107] usb 2-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 68.484154][ T107] usb 2-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 68.505397][ T107] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 68.532283][ T107] usb 2-1: Product: syz [ 68.536401][ T107] usb 2-1: Manufacturer: syz [ 68.550185][ T107] usb 2-1: SerialNumber: syz [ 68.600837][ T107] uvcvideo: Found UVC 0.00 device syz (18ec:3288) [ 68.608423][ T107] uvcvideo: No valid video chain found. [ 68.795344][ T1801] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 68.803461][ T1801] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 68.813691][ T1801] F2FS-fs (loop4): invalid crc value [ 68.830627][ T13] usb 2-1: USB disconnect, device number 8 [ 68.847627][ T1801] F2FS-fs (loop4): Found nat_bits in checkpoint [ 68.900995][ T467] print_req_error: 125 callbacks suppressed [ 68.901016][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 68.901046][ T408] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 68.906819][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 68.939658][ T107] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 68.952455][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 68.964285][ T1801] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 68.971545][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 68.981372][ T1801] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 68.990930][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 69.010493][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 69.028374][ T408] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 69.084637][ T408] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 69.128294][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 69.382487][ T1827] F2FS-fs (loop0): Corrupted extension count (64 + 1 > 64) [ 69.390253][ T107] usb 3-1: Using ep0 maxpacket: 16 [ 69.403730][ T1827] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 69.424872][ T1853] fuse: Bad value for 'fd' [ 69.442694][ T1827] F2FS-fs (loop0): Found nat_bits in checkpoint [ 69.522764][ T1827] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 69.529611][ T1827] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 69.555528][ T1854] attempt to access beyond end of device [ 69.555528][ T1854] loop0: rw=2049, want=45104, limit=40427 [ 69.570196][ T107] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 69.587150][ T107] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 69.597083][ T107] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 69.609844][ T107] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 69.625304][ T107] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.663422][ T107] usb 3-1: config 0 descriptor?? [ 69.925843][ T1868] EXT4-fs (loop1): corrupt root inode, run e2fsck [ 69.932248][ T1868] EXT4-fs (loop1): mount failed [ 70.170234][ T107] usbhid 3-1:0.0: can't add hid device: -71 [ 70.176867][ T107] usbhid: probe of 3-1:0.0 failed with error -71 [ 70.187474][ T107] usb 3-1: USB disconnect, device number 6 [ 70.484320][ T18] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 70.790116][ T18] usb 5-1: Using ep0 maxpacket: 8 [ 70.910176][ T18] usb 5-1: config 135 has an invalid interface number: 230 but max is 0 [ 70.916912][ T1902] process 'syz.2.497' launched './file0' with NULL argv: empty string added [ 70.921429][ T18] usb 5-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 70.952523][ T18] usb 5-1: config 135 has no interface number 0 [ 70.964874][ T18] usb 5-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 70.982041][ T1904] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 70.991334][ T1904] ext4 filesystem being mounted at /root/syzkaller.EoDMZr/9/file0 supports timestamps until 2038 (0x7fffffff) [ 71.087823][ T23] audit: type=1400 audit(1719396495.630:248): avc: denied { setattr } for pid=1903 comm="syz.2.498" path="/root/syzkaller.EoDMZr/9/file0/bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 71.150212][ T18] usb 5-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 71.162988][ T1904] EXT4-fs error (device loop2) in ext4_do_update_inode:5534: error 27 [ 71.167032][ T18] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 71.180216][ T1904] EXT4-fs error (device loop2) in ext4_do_update_inode:5534: error 27 [ 71.198583][ T1904] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2962: inode #19: comm syz.2.498: mark inode dirty (error -27) [ 71.198621][ T18] usb 5-1: Product: syz [ 71.216893][ T1904] EXT4-fs warning (device loop2): ext4_evict_inode:321: xattr delete (err -27) [ 71.225014][ T18] usb 5-1: Manufacturer: syz [ 71.241672][ T18] usb 5-1: SerialNumber: syz [ 71.271776][ T1923] EXT4-fs warning (device sda1): ext4_group_extend:1835: need to use ext2online to resize further [ 71.281192][ T18] uvcvideo: Found UVC 0.00 device syz (18ec:3288) [ 71.290130][ T18] uvcvideo: No valid video chain found. [ 71.505135][ T18] usb 5-1: USB disconnect, device number 7 [ 71.944449][ T1953] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.963388][ T1953] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.975455][ T1944] F2FS-fs (loop2): Corrupted extension count (64 + 1 > 64) [ 71.977566][ T1953] device bridge_slave_0 entered promiscuous mode [ 72.005790][ T1953] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.007952][ T1944] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 72.021732][ T1953] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.036792][ T1953] device bridge_slave_1 entered promiscuous mode [ 72.052555][ T1944] F2FS-fs (loop2): Found nat_bits in checkpoint [ 72.150347][ T1953] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.157213][ T1953] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.164377][ T1953] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.171221][ T1953] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.181913][ T1944] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 72.194140][ T1944] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 72.217760][ T1683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.233688][ T1683] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.253696][ T1683] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.281923][ T1958] attempt to access beyond end of device [ 72.281923][ T1958] loop2: rw=2049, want=45104, limit=40427 [ 72.318630][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.330132][ T23] audit: type=1400 audit(1719396496.860:249): avc: denied { write } for pid=1965 comm="syz.4.521" name="event0" dev="devtmpfs" ino=889 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 72.330390][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.359799][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.660207][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.678557][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.685426][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.742528][ T1683] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 72.751886][ T1683] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 72.770652][ T23] audit: type=1400 audit(1719396497.320:250): avc: denied { remount } for pid=1965 comm="syz.4.521" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 72.814035][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 72.822876][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 72.827761][ T1966] EXT4-fs warning (device sda1): ext4_group_extend:1835: need to use ext2online to resize further [ 72.841784][ T179] device bridge_slave_1 left promiscuous mode [ 72.847719][ T179] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.867635][ T179] device bridge_slave_0 left promiscuous mode [ 72.873736][ T179] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.976264][ T1683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 72.987637][ T1683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 73.024448][ T1683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 73.042334][ T1683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 73.067086][ T1983] fuse: Bad value for 'fd' [ 73.085130][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 73.097487][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 73.106714][ T1983] fuse: Bad value for 'fd' [ 73.119341][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 73.128477][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 73.193489][ T1996] netlink: 'syz.1.533': attribute type 22 has an invalid length. [ 73.278133][ T1993] FAT-fs (loop0): Directory bread(block 64) failed [ 73.291967][ T1993] FAT-fs (loop0): Directory bread(block 65) failed [ 73.298354][ T1993] FAT-fs (loop0): Directory bread(block 66) failed [ 73.309584][ T1993] FAT-fs (loop0): Directory bread(block 67) failed [ 73.316604][ T1993] FAT-fs (loop0): Directory bread(block 68) failed [ 73.323776][ T1993] FAT-fs (loop0): Directory bread(block 69) failed [ 73.330628][ T1993] FAT-fs (loop0): Directory bread(block 70) failed [ 73.337875][ T1993] FAT-fs (loop0): Directory bread(block 71) failed [ 73.345358][ T1993] FAT-fs (loop0): Directory bread(block 72) failed [ 73.352367][ T1993] FAT-fs (loop0): Directory bread(block 73) failed [ 73.428544][ T2003] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 73.464870][ T2003] ext4 filesystem being mounted at /root/syzkaller.EoDMZr/17/file0 supports timestamps until 2038 (0x7fffffff) [ 73.553753][ T179] attempt to access beyond end of device [ 73.553753][ T179] loop0: rw=1, want=1236, limit=256 [ 73.595505][ T2003] EXT4-fs error (device loop2) in ext4_do_update_inode:5534: error 27 [ 73.613879][ T2003] EXT4-fs error (device loop2) in ext4_do_update_inode:5534: error 27 [ 73.631065][ T2003] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2962: inode #19: comm syz.2.536: mark inode dirty (error -27) [ 73.650327][ T2003] EXT4-fs warning (device loop2): ext4_evict_inode:321: xattr delete (err -27) [ 73.801282][ T1987] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 73.809082][ T1987] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 73.831884][ T1987] F2FS-fs (loop4): invalid crc value [ 73.895676][ T1987] F2FS-fs (loop4): Found nat_bits in checkpoint [ 73.980351][ T1987] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 73.987211][ T1987] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 74.032298][ T1987] attempt to access beyond end of device [ 74.032298][ T1987] loop4: rw=2049, want=78344, limit=40427 [ 74.073598][ T179] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 74.083977][ T179] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 74.314558][ T2046] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.321558][ T2046] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.329056][ T2046] device bridge_slave_0 entered promiscuous mode [ 74.337352][ T2046] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.344679][ T2046] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.353869][ T2046] device bridge_slave_1 entered promiscuous mode [ 74.415766][ T2046] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.422636][ T2046] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.429830][ T2046] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.436607][ T2046] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.508990][ T2056] fuse: Bad value for 'fd' [ 74.709580][ T1683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 74.721868][ T1683] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.729043][ T1683] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.746001][ T2059] netlink: 'syz.4.546': attribute type 22 has an invalid length. [ 74.759790][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 74.768096][ T341] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.774956][ T341] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.782370][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 74.791070][ T341] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.797977][ T341] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.817068][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 74.825119][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 74.833638][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 74.842471][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 74.866722][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 74.875318][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 74.905601][ T1683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 74.913606][ T1683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 74.922599][ T2067] fuse: Bad value for 'fd' [ 74.928145][ T2069] netlink: 'syz.4.558': attribute type 10 has an invalid length. [ 74.936273][ T2069] netlink: 132 bytes leftover after parsing attributes in process `syz.4.558'. [ 74.941503][ T2067] fuse: Bad value for 'fd' [ 74.952082][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 74.963832][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.973016][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 74.982695][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.992811][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 75.001125][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 75.057174][ T2071] EXT4-fs warning (device sda1): ext4_group_extend:1835: need to use ext2online to resize further [ 75.220578][ T7] device bridge_slave_1 left promiscuous mode [ 75.226564][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.250518][ T7] device bridge_slave_0 left promiscuous mode [ 75.259583][ T23] audit: type=1400 audit(1719396499.800:251): avc: denied { write } for pid=2085 comm="syz.1.565" name="/" dev="incremental-fs" ino=1991 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 75.266644][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.326913][ T23] audit: type=1400 audit(1719396499.830:252): avc: denied { remove_name } for pid=2085 comm="syz.1.565" name="file0" dev="incremental-fs" ino=2010 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 75.362943][ T2098] netlink: 'syz.4.568': attribute type 10 has an invalid length. [ 75.376715][ T2098] netlink: 132 bytes leftover after parsing attributes in process `syz.4.568'. [ 75.385961][ T23] audit: type=1400 audit(1719396499.830:253): avc: denied { unlink } for pid=2085 comm="syz.1.565" name="file0" dev="incremental-fs" ino=2010 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 75.544599][ T23] audit: type=1400 audit(1719396499.840:254): avc: denied { write } for pid=2091 comm="syz.2.567" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 76.079327][ T2121] fuse: Bad value for 'fd' [ 77.065020][ T2142] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 77.084504][ T2142] ext4 filesystem being mounted at /root/syzkaller.nuqX8w/41/file0 supports timestamps until 2038 (0x7fffffff) [ 77.195400][ T2142] EXT4-fs error (device loop4) in ext4_do_update_inode:5534: error 27 [ 77.210709][ T2142] EXT4-fs error (device loop4) in ext4_do_update_inode:5534: error 27 [ 77.229065][ T2142] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2962: inode #19: comm syz.4.584: mark inode dirty (error -27) [ 77.259629][ T2142] EXT4-fs warning (device loop4): ext4_evict_inode:321: xattr delete (err -27) [ 77.270568][ T2156] FAT-fs (loop2): Directory bread(block 64) failed [ 77.296059][ T2156] FAT-fs (loop2): Directory bread(block 65) failed [ 77.314408][ T2156] FAT-fs (loop2): Directory bread(block 66) failed [ 77.334566][ T2156] FAT-fs (loop2): Directory bread(block 67) failed [ 77.340977][ T2156] FAT-fs (loop2): Directory bread(block 68) failed [ 77.354523][ T2156] FAT-fs (loop2): Directory bread(block 69) failed [ 77.370163][ T2156] FAT-fs (loop2): Directory bread(block 70) failed [ 77.381848][ T2156] FAT-fs (loop2): Directory bread(block 71) failed [ 77.408115][ T2156] FAT-fs (loop2): Directory bread(block 72) failed [ 77.414746][ T2156] FAT-fs (loop2): Directory bread(block 73) failed [ 77.519167][ T2166] fuse: Bad value for 'fd' [ 77.775778][ T911] attempt to access beyond end of device [ 77.775778][ T911] loop2: rw=1, want=1236, limit=256 [ 77.994447][ T2187] tipc: Failed to remove local publication {66,0,0}/423092381 [ 78.250112][ T388] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 78.613928][ T388] usb 5-1: Using ep0 maxpacket: 8 [ 79.020247][ T388] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 79.029807][ T388] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.042710][ T388] usb 5-1: config 0 descriptor?? [ 79.073302][ T23] audit: type=1400 audit(1719396503.620:255): avc: denied { create } for pid=2207 comm="syz.1.609" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 79.137929][ T23] audit: type=1400 audit(1719396503.640:256): avc: denied { ioctl } for pid=2207 comm="syz.1.609" path="socket:[24448]" dev="sockfs" ino=24448 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 79.192842][ T23] audit: type=1400 audit(1719396503.640:257): avc: denied { setopt } for pid=2207 comm="syz.1.609" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 79.232378][ T23] audit: type=1400 audit(1719396503.640:258): avc: denied { bind } for pid=2207 comm="syz.1.609" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 79.260753][ T2219] SELinux: inode_doinit_use_xattr: getxattr returned 95 for dev=overlay ino=24479 [ 79.272344][ T2221] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2221 comm=syz.2.615 [ 79.274175][ T23] audit: type=1400 audit(1719396503.730:259): avc: denied { mount } for pid=2218 comm="syz.3.614" name="/" dev="ramfs" ino=24465 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 79.290159][ T2219] SELinux: inode_doinit_use_xattr: getxattr returned 95 for dev=overlay ino=24479 [ 79.358746][ T2219] SELinux: Context $ is not valid (left unmapped). [ 79.375671][ T23] audit: type=1400 audit(1719396503.920:260): avc: denied { relabelto } for pid=2218 comm="syz.3.614" name="file0" dev="overlay" ino=24479 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="$" [ 79.432354][ T23] audit: type=1400 audit(1719396503.920:261): avc: denied { setattr } for pid=2218 comm="syz.3.614" name="#2011" dev="sda1" ino=2011 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 79.455299][ T23] audit: type=1400 audit(1719396503.920:262): avc: denied { link } for pid=2218 comm="syz.3.614" name="#2011" dev="sda1" ino=2011 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 79.530247][ T388] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 79.544347][ T388] asix 5-1:0.0 (unnamed net_device) (uninitialized): Error reading PHYID register: ffffffe0 [ 79.569048][ T23] audit: type=1400 audit(1719396504.110:263): avc: denied { unmount } for pid=1600 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 79.619139][ T23] audit: type=1400 audit(1719396504.130:264): avc: denied { unlink } for pid=1600 comm="syz-executor" name="file0" dev="sda1" ino=2011 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="$" [ 79.748089][ T2248] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2248 comm=syz.2.627 [ 80.743495][ T2279] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 80.772838][ T2286] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 80.778458][ T2279] EXT4-fs (loop2): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,grpid,nomblk_io_submit,stripe=0x000000000004ffff,norecovery,errors=remount-ro,bsddf, [ 80.785706][ T2286] ext4 filesystem being mounted at /root/syzkaller.5PoHBR/13/file0 supports timestamps until 2038 (0x7fffffff) [ 81.048098][ T2279] fuse: Unknown parameter 'fowner>00000000000000000000' [ 81.080194][ T388] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 81.090117][ T388] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 81.104744][ T388] asix: probe of 5-1:0.0 failed with error -71 [ 81.119467][ T388] usb 5-1: USB disconnect, device number 8 [ 81.126649][ T2297] EXT4-fs error (device loop2): ext4_read_inline_dir:1594: inode #12: block 5: comm syz.2.639: path /root/syzkaller.sWZJFY/23/file1/file0: bad entry in directory: directory entry overrun - offset=24, inode=13, rec_len=7952, size=80 fake=0 [ 81.153148][ T2297] EXT4-fs (loop2): Remounting filesystem read-only [ 81.175565][ T2286] EXT4-fs error (device loop0) in ext4_do_update_inode:5534: error 27 [ 81.184136][ T2286] EXT4-fs error (device loop0) in ext4_do_update_inode:5534: error 27 [ 81.192665][ T2286] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2962: inode #19: comm syz.0.640: mark inode dirty (error -27) [ 81.206894][ T2286] EXT4-fs warning (device loop0): ext4_evict_inode:321: xattr delete (err -27) [ 81.692184][ T2307] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 82) [ 81.701505][ T2316] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 81.802589][ T2307] FAT-fs (loop4): Filesystem has been set read-only [ 82.110262][ T2326] EXT4-fs (loop2): Mount option "noacl" will be removed by 3.5 [ 82.110262][ T2326] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 82.110262][ T2326] [ 82.126512][ T2325] fuse: Bad value for 'fd' [ 82.158356][ T2326] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 82.183607][ T2326] EXT4-fs (loop2): 1 truncate cleaned up [ 82.189406][ T2326] EXT4-fs (loop2): mounted filesystem without journal. Opts: nogrpid,resgid=0x000000000000ee00,noacl,noload,data_err=ignore,block_validity,,errors=continue [ 82.815016][ T2334] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.822069][ T2334] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.829477][ T2334] device bridge_slave_0 entered promiscuous mode [ 82.844822][ T2334] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.851762][ T2334] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.859232][ T2334] device bridge_slave_1 entered promiscuous mode [ 83.290277][ T1683] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 83.370606][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 83.378464][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 83.400895][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 83.409807][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 83.419541][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.426408][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.434061][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 83.442436][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.450948][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.457795][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.490170][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 83.497764][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 83.522618][ T2358] mmap: syz.1.666 (2358) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 83.522642][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 83.542684][ T1683] usb 1-1: Using ep0 maxpacket: 32 [ 83.558388][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 83.570678][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 83.582458][ T179] device bridge_slave_1 left promiscuous mode [ 83.588523][ T179] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.599721][ T179] device bridge_slave_0 left promiscuous mode [ 83.611239][ T179] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.660693][ T1683] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 83.850588][ T1683] usb 1-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 83.874011][ T1683] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.920185][ T1683] usb 1-1: Product: syz [ 83.936103][ T1683] usb 1-1: Manufacturer: syz [ 83.959290][ T1683] usb 1-1: SerialNumber: syz [ 83.965466][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 83.974506][ T1683] usb 1-1: config 0 descriptor?? [ 83.979733][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 84.007219][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 84.010172][ T2344] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 84.031249][ T2364] FAT-fs (loop2): error, fat_bmap_cluster: request beyond EOF (i_pos 82) [ 84.042309][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 84.043012][ T2364] FAT-fs (loop2): Filesystem has been set read-only [ 84.054933][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 84.079462][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 84.087770][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 84.127092][ T23] kauditd_printk_skb: 10 callbacks suppressed [ 84.127101][ T23] audit: type=1326 audit(1719396508.670:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2370 comm="syz.3.671" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0e71437ae9 code=0x0 [ 84.286050][ T124] usb 1-1: USB disconnect, device number 7 [ 84.413699][ T2380] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.420608][ T2380] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.428071][ T2380] device bridge_slave_0 entered promiscuous mode [ 84.437765][ T2380] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.444686][ T2380] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.452557][ T2380] device bridge_slave_1 entered promiscuous mode [ 84.820249][ T23] audit: type=1400 audit(1719396509.373:276): avc: denied { listen } for pid=2395 comm="syz.4.680" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 84.837591][ T2380] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.841276][ T23] audit: type=1400 audit(1719396509.383:277): avc: denied { accept } for pid=2395 comm="syz.4.680" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 84.846722][ T2380] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.873377][ T2380] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.880141][ T2380] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.939388][ T1683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 84.950414][ T1683] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.958911][ T1683] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.992089][ T1683] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 85.009581][ T1683] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.016556][ T1683] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.021221][ T23] audit: type=1400 audit(1719396509.563:278): avc: denied { create } for pid=2405 comm="syz.3.684" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 85.025263][ T1683] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 85.056209][ T1683] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.061262][ T23] audit: type=1400 audit(1719396509.593:279): avc: denied { read } for pid=2405 comm="syz.3.684" name="file0" dev="sda1" ino=2016 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 85.063181][ T1683] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.085172][ T23] audit: type=1400 audit(1719396509.593:280): avc: denied { open } for pid=2405 comm="syz.3.684" path="/root/syzkaller.SRWtqO/72/file0" dev="sda1" ino=2016 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 85.124053][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 85.152600][ T1683] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 85.158520][ T23] audit: type=1400 audit(1719396509.593:281): avc: denied { ioctl } for pid=2405 comm="syz.3.684" path="/root/syzkaller.SRWtqO/72/file0" dev="sda1" ino=2016 ioctlcmd=0x1271 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 85.226874][ T1683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 85.233405][ T23] audit: type=1326 audit(1719396509.603:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2406 comm="syz.0.685" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa769cbfae9 code=0x0 [ 85.242741][ T179] device bridge_slave_1 left promiscuous mode [ 85.275037][ T179] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.282864][ T179] device bridge_slave_0 left promiscuous mode [ 85.302876][ T179] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.319320][ T23] audit: type=1400 audit(1719396509.603:283): avc: denied { unlink } for pid=1600 comm="syz-executor" name="file0" dev="sda1" ino=2016 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 85.341753][ T23] audit: type=1326 audit(1719396509.663:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2406 comm="syz.0.685" exe="/root/syz-executor" sig=31 arch=c000003e syscall=436 compat=0 ip=0x7fa769cbfae9 code=0x0 [ 85.517610][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 85.530451][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 85.546204][ T2429] fuse: Bad value for 'fd' [ 85.571449][ T1683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 85.582175][ T1683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 85.601053][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 85.609435][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 85.618005][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 85.626692][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 86.200103][ T341] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 86.893007][ T341] usb 5-1: not running at top speed; connect to a high speed hub [ 87.118999][ T2494] futex_wake_op: syz.1.723 tries to shift op by -1; fix this program [ 87.140256][ T341] usb 5-1: config 1 interface 0 has no altsetting 0 [ 87.300238][ T341] usb 5-1: New USB device found, idVendor=056a, idProduct=033c, bcdDevice= 0.40 [ 87.314650][ T341] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 87.325599][ T341] usb 5-1: Product: 栏ᛆ曇娬㍬⯰琨⮦熮뤭鑇尅哛拓⢣镸ᜬꇆ쒈늏쇕酺乐늁ᦖ颧㍄蹥往臤➓Ξ篠䪸⺨郉蘴ᚍ雷訍淰쳹魕ꆸ쀞쑃䮶㨾ᄉ淍쨒쉀䴶䬏굪蕇县㢒᳘劆颗 [ 87.347372][ T341] usb 5-1: Manufacturer: ц [ 87.351911][ T341] usb 5-1: SerialNumber: ࠝ [ 88.030171][ T341] usbhid 5-1:1.0: can't add hid device: -71 [ 88.043448][ T341] usbhid: probe of 5-1:1.0 failed with error -71 [ 88.067443][ T341] usb 5-1: USB disconnect, device number 9 [ 88.611640][ T2571] fuse: Bad value for 'fd' [ 88.805173][ T2587] EXT4-fs (loop2): Ignoring removed orlov option [ 88.811655][ T2587] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 88.823695][ T2587] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue [ 88.911693][ T2587] EXT4-fs error (device loop2): get_max_inline_xattr_value_size:68: inode #12: comm syz.2.762: corrupt xattr in inline inode [ 88.939109][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 88.947813][ T2587] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2221: inode #12: comm syz.2.762: corrupted in-inode xattr [ 88.951160][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 88.968966][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 88.983206][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 88.990956][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 88.998328][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.006056][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.013533][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.020925][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.028358][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.035740][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.043297][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.050889][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.064480][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.072103][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.082049][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.089409][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.096829][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.104422][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.111829][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.119023][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.126742][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.134335][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.142227][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.149537][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.153114][ T23] kauditd_printk_skb: 17 callbacks suppressed [ 89.153127][ T23] audit: type=1326 audit(1719396513.693:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2610 comm="syz.2.767" exe="/root/syz-executor" sig=31 arch=c000003e syscall=436 compat=0 ip=0x7f2bd6e15ae9 code=0x0 [ 89.157219][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.195750][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.203618][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.211297][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.218715][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.226461][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.226917][ T23] audit: type=1400 audit(1719396513.773:303): avc: denied { bind } for pid=2618 comm="syz.3.774" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 89.234469][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.263222][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.274427][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.284200][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.292399][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.296932][ T23] audit: type=1400 audit(1719396513.773:304): avc: denied { node_bind } for pid=2618 comm="syz.3.774" saddr=172.20.20.170 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 89.299707][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.328779][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.336331][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.344026][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.351253][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.358434][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.366625][ T341] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 89.379455][ T341] hid-generic 0000:0000:0000.000D: hidraw0: HID v0.00 Device [syz0] on syz0 [ 90.038641][ T23] audit: type=1400 audit(1719396514.583:305): avc: denied { relabelfrom } for pid=2651 comm="syz.1.788" name="" dev="pipefs" ino=26838 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 90.092391][ T2645] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 90.104342][ T2645] ext4 filesystem being mounted at /root/syzkaller.5PoHBR/26/file0 supports timestamps until 2038 (0x7fffffff) [ 90.203722][ T2645] EXT4-fs error (device loop0) in ext4_do_update_inode:5534: error 27 [ 90.348711][ T2645] EXT4-fs error (device loop0) in ext4_do_update_inode:5534: error 27 [ 90.439902][ T2645] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2962: inode #19: comm syz.0.784: mark inode dirty (error -27) [ 90.460305][ T2645] EXT4-fs warning (device loop0): ext4_evict_inode:321: xattr delete (err -27) [ 90.681696][ T2678] EXT4-fs (loop0): Ignoring removed orlov option [ 90.687961][ T2678] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 90.721389][ T2678] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue [ 90.847156][ T2678] EXT4-fs error (device loop0): get_max_inline_xattr_value_size:68: inode #12: comm syz.0.793: corrupt xattr in inline inode [ 90.886058][ T2678] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2221: inode #12: comm syz.0.793: corrupted in-inode xattr [ 91.604421][ T2731] EXT4-fs (loop4): Ignoring removed orlov option [ 91.631155][ T2731] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 91.650357][ T2735] loop2: unable to read partition table [ 91.656285][ T2735] loop2: partition table beyond EOD, truncated [ 91.663209][ T2731] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue [ 91.664924][ T2735] loop_reread_partitions: partition scan of loop2 () failed (rc=-5) [ 91.704230][ T2731] EXT4-fs error (device loop4): get_max_inline_xattr_value_size:68: inode #12: comm syz.4.821: corrupt xattr in inline inode [ 91.717201][ T2731] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2221: inode #12: comm syz.4.821: corrupted in-inode xattr [ 91.738232][ T2334] ================================================================== [ 91.746133][ T2334] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xc1f/0xc30 [ 91.753918][ T2334] Read of size 4 at addr ffff8881d9182000 by task syz-executor/2334 [ 91.761732][ T2334] [ 91.763913][ T2334] CPU: 1 PID: 2334 Comm: syz-executor Not tainted 5.4.274-syzkaller-00002-g6f97bd951d82 #0 [ 91.773710][ T2334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 91.782757][ T2737] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.783620][ T2334] Call Trace: [ 91.790569][ T2737] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.793590][ T2334] dump_stack+0x1d8/0x241 [ 91.793609][ T2334] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 91.802090][ T2737] device bridge_slave_0 entered promiscuous mode [ 91.804610][ T2334] ? printk+0xd1/0x111 [ 91.804629][ T2334] ? ext4_xattr_delete_inode+0xc1f/0xc30 [ 91.811762][ T2737] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.816513][ T2334] print_address_description+0x8c/0x600 [ 91.816532][ T2334] ? ext4_xattr_delete_inode+0xc1f/0xc30 [ 91.820749][ T2737] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.825887][ T2334] __kasan_report+0xf3/0x120 [ 91.825899][ T2334] ? ext4_xattr_delete_inode+0xc1f/0xc30 [ 91.825914][ T2334] kasan_report+0x30/0x60 [ 91.833892][ T2737] device bridge_slave_1 entered promiscuous mode [ 91.838132][ T2334] ext4_xattr_delete_inode+0xc1f/0xc30 [ 91.838153][ T2334] ? check_preemption_disabled+0x9f/0x320 [ 91.881710][ T2334] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 91.887605][ T2334] ? __ext4_journal_start_sb+0x295/0x460 [ 91.893069][ T2334] ext4_evict_inode+0x1378/0x1ac0 [ 91.897931][ T2334] ? ext4_truncate_restart_trans+0xe0/0xe0 [ 91.903571][ T2334] ? wb_io_lists_depopulated+0x85/0x170 [ 91.908950][ T2334] ? ext4_truncate_restart_trans+0xe0/0xe0 [ 91.914591][ T2334] evict+0x29b/0x6a0 [ 91.918322][ T2334] vfs_rmdir+0x24b/0x3c0 [ 91.922404][ T2334] do_rmdir+0x2c1/0x580 [ 91.926395][ T2334] ? d_delete_notify+0xc0/0xc0 [ 91.930997][ T2334] ? _raw_spin_unlock_irq+0x4a/0x60 [ 91.936028][ T2334] do_syscall_64+0xca/0x1c0 [ 91.937066][ T2737] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.940368][ T2334] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 91.940393][ T2334] RIP: 0033:0x7f3b2adef167 [ 91.947232][ T2737] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.952952][ T2334] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.952959][ T2334] RSP: 002b:00007ffcb5ab2178 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 91.957313][ T2737] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.964224][ T2334] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f3b2adef167 [ 91.964232][ T2334] RDX: 0000000000000200 RSI: 00007ffcb5ab3320 RDI: 00000000ffffff9c [ 91.964244][ T2334] RBP: 00007f3b2ae5d64a R08: 0000000000000000 R09: 0000000000000000 [ 91.983695][ T2737] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.991999][ T2334] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffcb5ab3320 [ 91.992006][ T2334] R13: 00007f3b2ae5d64a R14: 0000000000016599 R15: 00007ffcb5ab5500 [ 91.992016][ T2334] [ 92.029465][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 92.037133][ T2334] Allocated by task 467: [ 92.037158][ T2334] __kasan_kmalloc+0x171/0x210 [ 92.037168][ T2334] kmem_cache_alloc+0xd9/0x250 [ 92.037185][ T2334] mempool_alloc+0x11f/0x530 [ 92.071855][ T2334] bio_alloc_bioset+0x1e0/0x650 [ 92.076536][ T2334] submit_bh_wbc+0x1de/0x850 [ 92.080962][ T2334] block_read_full_page+0x9bf/0xbe0 [ 92.085996][ T2334] generic_file_read_iter+0xcd5/0x21f0 [ 92.091291][ T2334] blkdev_read_iter+0x12a/0x180 [ 92.095975][ T2334] __vfs_read+0x5cd/0x730 [ 92.100141][ T2334] vfs_read+0x148/0x360 [ 92.104140][ T2334] ksys_read+0x199/0x2c0 [ 92.108215][ T2334] do_syscall_64+0xca/0x1c0 [ 92.112555][ T2334] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 92.118279][ T2334] [ 92.120452][ T2334] Freed by task 17: [ 92.124100][ T2334] __kasan_slab_free+0x1b5/0x270 [ 92.128869][ T2334] kmem_cache_free+0x10b/0x2c0 [ 92.133558][ T2334] blk_update_request+0x37f/0xe40 [ 92.138418][ T2334] blk_mq_end_request+0x3a/0x70 [ 92.143103][ T2334] blk_done_softirq+0x2f3/0x390 [ 92.147797][ T2334] __do_softirq+0x23b/0x6b7 [ 92.152125][ T2334] [ 92.154300][ T2334] The buggy address belongs to the object at ffff8881d9182000 [ 92.154300][ T2334] which belongs to the cache bio-0 of size 216 [ 92.167668][ T2334] The buggy address is located 0 bytes inside of [ 92.167668][ T2334] 216-byte region [ffff8881d9182000, ffff8881d91820d8) [ 92.180725][ T2334] The buggy address belongs to the page: [ 92.186205][ T2334] page:ffffea0007646080 refcount:1 mapcount:0 mapping:ffff8881f33eca00 index:0x0 [ 92.195126][ T2334] flags: 0x8000000000000200(slab) [ 92.199990][ T2334] raw: 8000000000000200 dead000000000100 dead000000000122 ffff8881f33eca00 [ 92.208406][ T2334] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000 [ 92.216823][ T2334] page dumped because: kasan: bad access detected [ 92.223076][ T2334] page_owner tracks the page as allocated [ 92.228634][ T2334] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192800(GFP_NOWAIT|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL) [ 92.243299][ T2334] prep_new_page+0x18f/0x370 [ 92.247725][ T2334] get_page_from_freelist+0x2d13/0x2d90 [ 92.253110][ T2334] __alloc_pages_nodemask+0x393/0x840 [ 92.258319][ T2334] alloc_slab_page+0x39/0x3c0 [ 92.262824][ T2334] new_slab+0x97/0x440 [ 92.266729][ T2334] ___slab_alloc+0x2fe/0x490 [ 92.271157][ T2334] __slab_alloc+0x62/0xa0 [ 92.275322][ T2334] kmem_cache_alloc+0x109/0x250 [ 92.280010][ T2334] mempool_alloc+0x11f/0x530 [ 92.284464][ T2334] bio_alloc_bioset+0x1e0/0x650 [ 92.289124][ T2334] submit_bh_wbc+0x1de/0x850 [ 92.293552][ T2334] block_read_full_page+0x9bf/0xbe0 [ 92.298585][ T2334] generic_file_read_iter+0xcd5/0x21f0 [ 92.303879][ T2334] blkdev_read_iter+0x12a/0x180 [ 92.308566][ T2334] __vfs_read+0x5cd/0x730 [ 92.312728][ T2334] vfs_read+0x148/0x360 [ 92.316717][ T2334] page last free stack trace: [ 92.321238][ T2334] free_unref_page_prepare+0x297/0x380 [ 92.326531][ T2334] __free_pages+0xaf/0x140 [ 92.330796][ T2334] __vunmap+0x75b/0x890 [ 92.334776][ T2334] kcov_close+0x27/0x50 [ 92.338766][ T2334] __fput+0x262/0x680 [ 92.342586][ T2334] task_work_run+0x140/0x170 [ 92.347011][ T2334] do_exit+0xcaf/0x2bc0 [ 92.351006][ T2334] do_group_exit+0x138/0x300 [ 92.355432][ T2334] __x64_sys_exit_group+0x3b/0x40 [ 92.360293][ T2334] do_syscall_64+0xca/0x1c0 [ 92.364632][ T2334] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 92.370353][ T2334] [ 92.372525][ T2334] Memory state around the buggy address: [ 92.377994][ T2334] ffff8881d9181f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.385899][ T2334] ffff8881d9181f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.393995][ T2334] >ffff8881d9182000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 92.401973][ T2334] ^ [ 92.405881][ T2334] ffff8881d9182080: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc [ 92.413868][ T2334] ffff8881d9182100: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 92.421766][ T2334] ================================================================== [ 92.429678][ T2334] Disabling lock debugging due to kernel taint [ 92.437479][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.452188][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.492521][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 92.504136][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.511013][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.518155][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 92.526939][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.533814][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.550126][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 92.557974][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 92.566176][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 92.575315][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 92.590002][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 92.598203][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 92.622459][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 92.630894][ T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 92.661499][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 92.669545][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 92.677637][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 92.687102][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 92.695753][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 92.703968][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 92.731623][ T408] print_req_error: 13 callbacks suppressed [ 92.731639][ T408] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 92.731868][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 92.737632][ T408] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 92.749284][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 92.760021][ T408] buffer_io_error: 68 callbacks suppressed [ 92.760035][ T408] Buffer I/O error on dev loop3p4, logical block 1, async page read [ 92.770017][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 92.802089][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 92.812729][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 92.821074][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 92.831749][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 92.839598][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 92.850410][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 92.858314][ T467] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 92.868948][ T467] Buffer I/O error on dev loop3p1, logical block 0, async page read [ 92.920791][ T179] device bridge_slave_1 left promiscuous mode [ 92.926787][ T179] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.934137][ T179] device bridge_slave_0 left promiscuous mode [ 92.940209][ T179] bridge0: port 1(bridge_slave_0) entered disabled state