last executing test programs: 932.779147ms ago: executing program 3 (id=6678): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=@newlink={0x78, 0x10, 0x1, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x10424}, [@IFLA_IFNAME={0x14, 0x3, 'veth1_to_bond\x00'}, @IFLA_VFINFO_LIST={0x3c, 0x16, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN={0x10, 0x2, {0x0, 0x242, 0xfffffff8}}, @IFLA_VF_TRUST={0xc, 0x9, {0x5, 0x4}}, @IFLA_VF_SPOOFCHK={0xc, 0x4, {0x8, 0x10000}}, @IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0xa, 0x3}}]}]}, @IFLA_LINKMODE={0x5, 0x11, 0x9}]}, 0x78}, 0x1, 0x0, 0x0, 0x801}, 0x60000090) 902.32187ms ago: executing program 3 (id=6682): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000500)=0x4, 0x4) 865.311654ms ago: executing program 3 (id=6685): r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$sock(r0, &(0x7f0000000340)=[{{&(0x7f0000000280)=@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x80, 0x0, 0x0, &(0x7f0000000180)=[@timestamping={{0x14, 0x1, 0x25, 0x2}}], 0x18}}], 0x1, 0x0) 826.588668ms ago: executing program 3 (id=6688): open(&(0x7f0000000000)='./bus\x00', 0x4427e, 0x92) setxattr$system_posix_acl(&(0x7f00000000c0)='./bus\x00', &(0x7f0000000180)='system.posix_acl_default\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="0200000001"], 0xff3c, 0x1) 793.323731ms ago: executing program 3 (id=6691): io_setup(0x7d, &(0x7f0000000600)=0x0) io_submit(r0, 0x0, 0x0) 697.616121ms ago: executing program 3 (id=6698): r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) 430.986577ms ago: executing program 4 (id=6720): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000001900010928bd700000000000021880000040ff000010000008000100ac1414"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 396.93621ms ago: executing program 4 (id=6723): r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f00000000c0)="1c0000001d005f0214fffffffffffff8070000000d00000040870600", 0x1c) 373.847993ms ago: executing program 4 (id=6725): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=@newqdisc={0x74, 0x10, 0x1, 0x0, 0x10000000, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe, 0x10}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x2}, @TCA_STAB={0x48, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}, {{0x1c, 0x1, {0x6, 0x0, 0xe03, 0x2, 0x0, 0x954, 0x20f}}, {0x4}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x80}, 0x0) 331.354197ms ago: executing program 4 (id=6729): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000001c0)={'lo\x00', {0x2, 0x0, @private=0xa010101}}) 285.005312ms ago: executing program 4 (id=6732): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000001340)=@newtaction={0x898, 0x30, 0x12f, 0x0, 0x0, {}, [{0x884, 0x1, [@m_police={0x880, 0x1, 0x0, 0x0, {{0xb}, {0x854, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404}], [@TCA_POLICE_RATE={0x404}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7}}}, @TCA_POLICE_RATE64={0xc, 0x8, 0xfffffffffffffff9}], []]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x898}}, 0x0) 251.576315ms ago: executing program 4 (id=6735): add_key$keyring(0x0, &(0x7f0000000340)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffa) syz_usb_connect(0x3, 0x8c6, &(0x7f0000000300)=ANY=[@ANYBLOB="1201500236e47e2082055c2955d4010203010902b408048006a00309047f0e01ff2dde700a2401010080020102081305052f"], &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0}) 235.904237ms ago: executing program 0 (id=6736): r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp\x00') lseek(r0, 0x96, 0x1) 188.621611ms ago: executing program 2 (id=6739): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000001d00)=@newtaction={0x490, 0x30, 0x12f, 0x0, 0x0, {}, [{0x47c, 0x1, [@m_police={0x478, 0x1, 0x0, 0x0, {{0xb}, {0x44c, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffff, 0x0, 0xffffffff, 0xfffffffe, 0xb84, 0x3, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x100, 0x0, 0x0, 0x4c74, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, 0x0, 0x0, 0x3, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x100, 0x5, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x1, 0x100, 0x0, 0x7, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0xffffffff, 0xfffffffd, 0x0, 0x0, 0x0, 0xfffff002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0xa, 0x3, 0xfffffffe, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x200, 0x1, 0x0, 0xffffffff, 0x0, 0x7, 0x3, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0xfffffffc, 0x6, 0x0, 0x8, 0xffffffff, 0xf, 0xf, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x4529d476, 0x0, 0xffffffff, 0x0, 0x0, 0x1, 0x507aae8d, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x100000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xfffffffc, 0x1, 0x0, 0xffffffff]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xdc, 0x10000000, 0x7fffffff, 0x6, 0xfffffffd, {0x6, 0x2, 0x1, 0x401, 0x1, 0xc}, {0x9a, 0x0, 0x40, 0x5, 0x400}, 0x5, 0x2, 0x81}}], [@TCA_POLICE_RESULT={0x8, 0x5, 0x101}]]}, {0x4}, {0xc, 0xb, {0x0, 0x1}}, {0xc, 0xa, {0x1}}}}]}]}, 0x490}}, 0xc0) 181.209232ms ago: executing program 0 (id=6740): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x44, &(0x7f0000000000)={0x0, 0x0}, 0x10) 168.702443ms ago: executing program 1 (id=6741): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000010c0)={0x24, 0x2d, 0x1, 0x0, 0x0, "", [@nested={0x14, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @uid=0xee00}, @typed={0x8, 0x0, 0x0, 0x0, @u32}]}]}, 0x24}], 0x1}, 0x0) 161.647474ms ago: executing program 2 (id=6742): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) 154.485695ms ago: executing program 0 (id=6743): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@nat={'nat\x00', 0x62, 0x5, 0x410, 0x2d0, 0x2d0, 0xffffffff, 0x0, 0x1a8, 0x378, 0x378, 0xffffffff, 0x378, 0x378, 0x5, 0x0, {[{{@uncond, 0x0, 0xc8, 0x100, 0x0, {0x22e}, [@common=@inet=@hashlimit1={{0x58}, {'team0\x00', {0x4, 0x80000000, 0x81, 0xc, 0x2, 0x80000000, 0x27e3, 0x0, 0x40}, {0x67a}}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x25, {0x3, @local, @broadcast}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @dev={0xac, 0x14, 0x14, 0x41}, @empty, @gre_key, @gre_key}}}}, {{@uncond, 0x0, 0xf0, 0x128, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00'}}, @common=@addrtype={{0x30}, {0x0, 0x102, 0x1}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @multicast1, @dev={0xac, 0x14, 0x14, 0x14}, @gre_key, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @local, @broadcast, @port=0x4e22, @icmp_id=0x67}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x470) 133.217647ms ago: executing program 1 (id=6744): request_key(&(0x7f0000000140)='syzkaller\x00', &(0x7f00000001c0)={'syz', 0x1}, 0x0, 0xffffffffffffffff) keyctl$set_reqkey_keyring(0xe, 0x1) 125.208228ms ago: executing program 2 (id=6745): r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff81054e22f000000058000b480400945f64009400050038925a01000000000000008000f0fffeffe809000000fff5dd000000100001000a080800418e00000a04fcff", 0x58}], 0x1) 110.714659ms ago: executing program 0 (id=6746): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x9, [@enum64={0x4, 0x2, 0x0, 0x13, 0x1, 0x1, [{0x7, 0x1, 0x7fffffff}, {0x6, 0xffff, 0x5}]}]}, {0x0, [0x5f, 0x30, 0x0, 0x2e, 0x5f, 0x5f, 0x5f]}}, &(0x7f0000001f40)=""/4073, 0x45, 0xfe9, 0x1}, 0x28) 100.8656ms ago: executing program 1 (id=6747): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000e00)=@newtaction={0x488, 0x30, 0x12f, 0x3c, 0x0, {}, [{0x474, 0x1, [@m_police={0x470, 0x1, 0x0, 0x0, {{0xb}, {0x444, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xffffffff, 0x0, 0x0, 0x4, 0x0, 0xb, 0x4, 0x0, 0x8d, 0x0, 0x7ff, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xa4f, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1000, 0x10, 0xfffffffd, 0x3, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xb4, 0x0, 0x0, 0x1, 0x8000000, 0x0, 0x0, 0x11, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x3, 0xb2e4, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x100, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x934, 0x7, 0x0, 0x7, 0x0, 0x0, 0x0, 0x9, 0x0, 0x10000000, 0x0, 0x7, 0x0, 0x81, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2000, 0x0, 0x0, 0x7, 0x3, 0x8, 0xfffffffe, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0xffff3bac, 0xd, 0x2, 0x2000, 0x3, 0x0, 0x0, 0xfffffffe, 0xffffffd1, 0x480000, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9a3, 0x0, 0x6, 0x7ff, 0x4, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x713b, 0x0, 0x0, 0x0, 0xffff, 0x1000000, 0xffffffff, 0x2, 0xfffffffd, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce2, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x2000000, 0xfffffff9, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x10000000, 0x7, 0xff, 0x0, 0x7]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x1, 0x0, 0x0, 0x0, {0x3, 0x0, 0x0, 0x0, 0x3, 0xbed}, {0x0, 0xf6c5d7a4e5a498ca, 0x1000, 0x8}}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x0, 0x3}}}}]}]}, 0x488}, 0x1, 0x0, 0x0, 0x4044840}, 0x44004) 96.642721ms ago: executing program 2 (id=6748): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc1fff}]}) setregid(0xffffffffffffffff, 0x0) 79.593602ms ago: executing program 0 (id=6749): r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount_setattr(r0, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0x8f, 0x0, 0x100000}, 0x20) 67.063344ms ago: executing program 1 (id=6750): r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000b80)={'filter\x00', 0x4, "25cf96f2"}, &(0x7f0000000bc0)=0x2c) 53.579615ms ago: executing program 2 (id=6751): capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000280)) mlock(&(0x7f0000ffe000/0x1000)=nil, 0xffffffffdf001fff) 50.774685ms ago: executing program 1 (id=6752): r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_int(r0, 0x0, 0xb, 0x0, &(0x7f0000000140)) 39.802576ms ago: executing program 0 (id=6753): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/warn_count', 0x2000, 0x8) utimensat(r0, 0x0, &(0x7f0000000040)={{0x0, 0x3ffffffe}, {0x0, 0x3fffffff}}, 0x0) 10.938489ms ago: executing program 2 (id=6754): rt_sigaction(0x40, &(0x7f0000000080)={0x0, 0xc8000000, 0x0, {[0x5]}}, 0x0, 0x8, &(0x7f0000000540)) syz_clone3(&(0x7f00000006c0)={0x101102380, 0x0, 0x0, 0x0, {0x40}, 0x0, 0x0, 0x0, 0x0}, 0x58) 0s ago: executing program 1 (id=6755): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080), 0x4) kernel console output (not intermixed with test programs): lid indirect mapped block 4294967295 (level 1) [ 139.645570][ T6670] loop2: detected capacity change from 0 to 512 [ 139.652144][ T6655] EXT4-fs (loop1): 1 orphan inode deleted [ 139.658074][ T6670] EXT4-fs: Ignoring removed mblk_io_submit option [ 139.668074][ T6655] EXT4-fs (loop1): 1 truncate cleaned up [ 139.673856][ T6655] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 139.674035][ T6670] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13 [ 139.691502][ T6670] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.3032: attempt to clear invalid blocks 2 len 1 [ 139.704598][ T6670] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 139.705033][ T287] EXT4-fs (loop1): unmounting filesystem. [ 139.719209][ T6670] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.3032: invalid indirect mapped block 1819239214 (level 0) [ 139.749685][ T6670] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.3032: invalid indirect mapped block 1819239214 (level 1) [ 139.757750][ T6675] loop1: detected capacity change from 0 to 256 [ 139.771491][ T6675] exFAT-fs (loop1): Invalid exboot-signature(sector = 2): 0x1119abd0 [ 139.775702][ T6670] EXT4-fs (loop2): 1 truncate cleaned up [ 139.779690][ T6675] exFAT-fs (loop1): Invalid exboot-signature(sector = 5): 0x1119abd0 [ 139.785312][ T6670] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 139.793485][ T6675] exFAT-fs (loop1): Invalid exboot-signature(sector = 6): 0x00000000 [ 139.810319][ T6675] exFAT-fs (loop1): Invalid exboot-signature(sector = 7): 0x00000000 [ 139.818564][ T6675] exFAT-fs (loop1): Invalid exboot-signature(sector = 8): 0x00000000 [ 139.826924][ T6675] exFAT-fs (loop1): Invalid boot checksum (boot checksum : 0x00000000, checksum : 0x13a8bc6e) [ 139.837319][ T6675] exFAT-fs (loop1): invalid boot region [ 139.842935][ T6675] exFAT-fs (loop1): failed to recognize exfat type [ 139.843522][ T284] EXT4-fs (loop2): unmounting filesystem. [ 140.145119][ T6717] loop3: detected capacity change from 0 to 2048 [ 140.161273][ T6717] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 140.169769][ T6717] ext4 filesystem being mounted at /594/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 140.187806][ T283] EXT4-fs (loop3): unmounting filesystem. [ 140.203513][ T309] usb 2-1: new full-speed USB device number 69 using dummy_hcd [ 140.232157][ T6727] loop3: detected capacity change from 0 to 512 [ 140.241723][ T6727] EXT4-fs (loop3): orphan cleanup on readonly fs [ 140.248252][ T5990] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 140.252952][ T6727] EXT4-fs warning (device loop3): ext4_xattr_inode_get:509: inode #11: comm syz.3.3059: EA inode hash validation failed [ 140.268387][ T6727] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2818: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 140.282207][ T6727] ------------[ cut here ]------------ [ 140.287671][ T6727] EA inode 11 ref_count=-1 [ 140.287761][ T6727] WARNING: CPU: 0 PID: 6727 at fs/ext4/xattr.c:1016 ext4_xattr_inode_update_ref+0x476/0x570 [ 140.302266][ T6727] Modules linked in: [ 140.306146][ T6727] CPU: 0 PID: 6727 Comm: syz.3.3059 Not tainted syzkaller #0 [ 140.313542][ T6727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 140.323619][ T6727] RIP: 0010:ext4_xattr_inode_update_ref+0x476/0x570 [ 140.330207][ T6727] Code: 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 f7 e8 7c 18 bb ff 49 8b 36 48 c7 c7 e0 e2 94 85 4c 89 e2 e8 aa e0 47 ff <0f> 0b 48 8b 5c 24 10 4c 8b 7c 24 18 4c 8d 6c 24 60 e9 af fe ff ff [ 140.349816][ T6727] RSP: 0018:ffffc9001207f180 EFLAGS: 00010246 [ 140.355897][ T6727] RAX: 0c48c8ee2ae6be00 RBX: 00000000ffffffff RCX: 0000000000080000 [ 140.363863][ T6727] RDX: ffffc90001ebc000 RSI: 0000000000028f40 RDI: 0000000000028f41 [ 140.371848][ T6727] RBP: ffffc9001207f270 R08: dffffc0000000000 R09: ffffed103ee04eb4 [ 140.379835][ T6727] R10: ffffed103ee04eb4 R11: 1ffff1103ee04eb3 R12: ffffffffffffffff [ 140.387815][ T6727] R13: ffffc9001207f1e0 R14: ffff888134c829b0 R15: 0000000000000001 [ 140.395779][ T6727] FS: 00007f768cc8c6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 140.404705][ T6727] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 140.411295][ T6727] CR2: 00007fb41a749000 CR3: 000000011e304000 CR4: 00000000003506b0 [ 140.419264][ T6727] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 140.427237][ T6727] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 140.435217][ T6727] Call Trace: [ 140.438481][ T6727] [ 140.441397][ T6727] ? ext4_xattr_block_csum+0x500/0x500 [ 140.446863][ T6727] ? kasan_save_alloc_info+0x25/0x30 [ 140.452155][ T6727] ? __kasan_kmalloc+0x95/0xb0 [ 140.456916][ T6727] ? ext4_xattr_inode_dec_ref_all+0x423/0xfe0 [ 140.462989][ T6727] ? kmalloc_trace+0x40/0xb0 [ 140.467581][ T6727] ext4_xattr_inode_dec_ref_all+0xa91/0xfe0 [ 140.473477][ T6727] ? errseq_check+0x41/0x80 [ 140.474120][ T5990] usb 3-1: Using ep0 maxpacket: 32 [ 140.477996][ T6727] ? ext4_xattr_delete_inode+0xbb0/0xbb0 [ 140.484691][ T5990] usb 3-1: unable to get BOS descriptor or descriptor too short [ 140.488706][ T6727] ? __cfi___ext4_journal_get_write_access+0x10/0x10 [ 140.497244][ T5990] usb 3-1: config 11 has an invalid interface number: 230 but max is 0 [ 140.502982][ T6727] ? __kasan_check_write+0x14/0x20 [ 140.503005][ T6727] ext4_xattr_delete_inode+0x9f1/0xbb0 [ 140.511455][ T5990] usb 3-1: config 11 has no interface number 0 [ 140.516323][ T6727] ? ext4_truncate+0xbde/0xf90 [ 140.521918][ T5990] usb 3-1: config 11 interface 230 has no altsetting 0 [ 140.527928][ T6727] ? __cfi_ext4_xattr_delete_inode+0x10/0x10 [ 140.527957][ T6727] ext4_evict_inode+0xe58/0x1460 [ 140.535099][ T5990] usb 3-1: string descriptor 0 read error: -22 [ 140.539528][ T6727] ? _raw_spin_unlock+0x4c/0x70 [ 140.560336][ T5990] usb 3-1: New USB device found, idVendor=3923, idProduct=7825, bcdDevice=86.d1 [ 140.561423][ T6727] ? __cfi_ext4_evict_inode+0x10/0x10 [ 140.561446][ T6727] ? unlock_new_inode+0x97/0xc0 [ 140.561465][ T6727] ? __cfi_ext4_evict_inode+0x10/0x10 [ 140.561480][ T6727] evict+0x493/0x890 [ 140.570558][ T5990] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.575852][ T6727] ? proc_nr_inodes+0x2f0/0x2f0 [ 140.575877][ T6727] ? __kasan_check_write+0x14/0x20 [ 140.596295][ T5990] plusb: probe of 3-1:11.230 failed with error -22 [ 140.597899][ T6727] iput+0x620/0x670 [ 140.618114][ T6727] ext4_process_orphan+0x2b1/0x320 [ 140.623224][ T6727] ext4_orphan_cleanup+0xb02/0x1210 [ 140.628451][ T6727] ? __cfi_ext4_orphan_cleanup+0x10/0x10 [ 140.634083][ T6727] ? ext4_register_sysfs+0x285/0x2c0 [ 140.639398][ T6727] ? errseq_check_and_advance+0x66/0x130 [ 140.645038][ T6727] ext4_fill_super+0x7439/0x7970 [ 140.650012][ T6727] ? __cfi_ext4_fill_super+0x10/0x10 [ 140.655296][ T6727] ? snprintf+0xd7/0x120 [ 140.659586][ T6727] ? set_blocksize+0x1df/0x360 [ 140.664360][ T6727] ? sb_set_blocksize+0xaa/0xf0 [ 140.669233][ T6727] get_tree_bdev+0x444/0x680 [ 140.673823][ T6727] ? __cfi_ext4_fill_super+0x10/0x10 [ 140.679150][ T6727] ext4_get_tree+0x1c/0x20 [ 140.683583][ T6727] vfs_get_tree+0x9a/0x270 [ 140.687980][ T6727] do_new_mount+0x25a/0xa20 [ 140.692487][ T6727] path_mount+0x675/0x1010 [ 140.696899][ T6727] ? user_path_at_empty+0x161/0x1c0 [ 140.702103][ T6727] __se_sys_mount+0x318/0x380 [ 140.706780][ T6727] ? do_mkdirat+0x459/0x4c0 [ 140.711291][ T6727] ? __x64_sys_mount+0xd0/0xd0 [ 140.716058][ T6727] ? do_user_addr_fault+0x9ac/0x1050 [ 140.721349][ T6727] __x64_sys_mount+0xbf/0xd0 [ 140.725937][ T6727] x64_sys_call+0x65d/0x9a0 [ 140.730416][ T6727] do_syscall_64+0x4c/0xa0 [ 140.734826][ T6727] ? clear_bhb_loop+0x30/0x80 [ 140.739500][ T6727] ? clear_bhb_loop+0x30/0x80 [ 140.744177][ T6727] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 140.750061][ T6727] RIP: 0033:0x7f768bd90e6a [ 140.754486][ T6727] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.774104][ T6727] RSP: 002b:00007f768cc8be68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 140.782514][ T6727] RAX: ffffffffffffffda RBX: 00007f768cc8bef0 RCX: 00007f768bd90e6a [ 140.790490][ T6727] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f768cc8beb0 [ 140.798459][ T6727] RBP: 0000200000000180 R08: 00007f768cc8bef0 R09: 000000000080078b [ 140.806427][ T6727] R10: 000000000080078b R11: 0000000000000246 R12: 00002000000001c0 [ 140.814430][ T6727] R13: 00007f768cc8beb0 R14: 0000000000000473 R15: 0000200000000680 [ 140.822426][ T6727] [ 140.825439][ T6727] ---[ end trace 0000000000000000 ]--- [ 140.831040][ T6727] EXT4-fs error (device loop3): ext4_do_update_inode:5256: inode #15: comm syz.3.3059: corrupted inode contents [ 140.843263][ T6727] EXT4-fs error (device loop3): ext4_dirty_inode:6121: inode #15: comm syz.3.3059: mark_inode_dirty error [ 140.850843][ T344] usb 3-1: USB disconnect, device number 64 [ 140.854965][ T6727] EXT4-fs error (device loop3): ext4_do_update_inode:5256: inode #15: comm syz.3.3059: corrupted inode contents [ 140.872454][ T6727] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2963: inode #15: comm syz.3.3059: mark_inode_dirty error [ 140.884598][ T6727] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2966: inode #15: comm syz.3.3059: mark inode dirty (error -117) [ 140.897358][ T6727] EXT4-fs warning (device loop3): ext4_evict_inode:299: xattr delete (err -117) [ 140.906547][ T19] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 140.906585][ T6727] EXT4-fs (loop3): 1 orphan inode deleted [ 140.919862][ T6727] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 140.937792][ T283] EXT4-fs (loop3): unmounting filesystem. [ 140.946647][ T5990] usb 1-1: new high-speed USB device number 70 using dummy_hcd [ 140.958515][ T309] usb 2-1: config 0 has an invalid interface number: 46 but max is 0 [ 140.975357][ T309] usb 2-1: config 0 has no interface number 0 [ 140.985606][ T309] usb 2-1: config 0 interface 46 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 140.998561][ T309] usb 2-1: New USB device found, idVendor=045a, idProduct=5210, bcdDevice= 1.01 [ 141.008017][ T309] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.016139][ T309] usb 2-1: Product: syz [ 141.020375][ T309] usb 2-1: Manufacturer: syz [ 141.025175][ T309] usb 2-1: SerialNumber: syz [ 141.030356][ T309] usb 2-1: config 0 descriptor?? [ 141.035746][ T6687] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 141.045416][ T309] ums-karma 2-1:0.46: USB Mass Storage device detected [ 141.048108][ T28] audit: type=1400 audit(1763505168.536:231): avc: denied { create } for pid=6753 comm="syz.3.3072" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 141.094258][ T6762] sit: non-ECT from 0.0.0.0 with TOS=0x1 [ 141.107753][ T19] usb 5-1: Using ep0 maxpacket: 16 [ 141.114742][ T309] ums-karma: probe of 2-1:0.46 failed with error -5 [ 141.122229][ T19] usb 5-1: config 2 has an invalid interface number: 4 but max is 0 [ 141.131146][ T19] usb 5-1: config 2 has no interface number 0 [ 141.137235][ T19] usb 5-1: config 2 interface 4 altsetting 0 has a duplicate endpoint with address 0x1, skipping [ 141.144849][ T5990] usb 1-1: config 255 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 0 [ 141.155293][ T6768] loop3: detected capacity change from 0 to 512 [ 141.160288][ T5990] usb 1-1: config 255 has an invalid descriptor of length 0, skipping remainder of the config [ 141.169243][ T19] usb 5-1: New USB device found, idVendor=0499, idProduct=1018, bcdDevice=b2.da [ 141.177999][ T5990] usb 1-1: config 255 has no interfaces? [ 141.192110][ T5990] usb 1-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 141.201297][ T5990] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.201361][ T19] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.210704][ T6768] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 141.217727][ T19] usb 5-1: Product: syz [ 141.231523][ T19] usb 5-1: Manufacturer: syz [ 141.236127][ T19] usb 5-1: SerialNumber: syz [ 141.238790][ T6768] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2818: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 141.244442][ T19] snd-usb-audio: probe of 5-1:2.4 failed with error -2 [ 141.254174][ T6768] EXT4-fs (loop3): 1 truncate cleaned up [ 141.266350][ T6768] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 141.274892][ T341] udevd[341]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:2.4/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 141.276841][ T24] usb 2-1: USB disconnect, device number 69 [ 141.306476][ T283] EXT4-fs (loop3): unmounting filesystem. [ 141.455635][ T5990] usb 1-1: string descriptor 0 read error: -71 [ 141.470144][ T5990] usb 1-1: USB disconnect, device number 70 [ 141.471532][ T19] usb 5-1: USB disconnect, device number 67 [ 141.489364][ T28] audit: type=1400 audit(1763505168.946:232): avc: denied { unmount } for pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 141.859364][ T24] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 141.880788][ T344] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 142.054041][ T24] usb 3-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 0 [ 142.074077][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 142.085065][ T344] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 142.093081][ T344] usb 4-1: config 0 has no interface number 0 [ 142.095003][ T24] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 142.109991][ T344] usb 4-1: New USB device found, idVendor=5bd3, idProduct=317c, bcdDevice= 4.5e [ 142.132016][ T344] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.135069][ T24] usb 3-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 142.149841][ T344] usb 4-1: config 0 descriptor?? [ 142.160092][ T19] usb 2-1: new full-speed USB device number 70 using dummy_hcd [ 142.167902][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.176470][ T344] usb 4-1: bad CDC descriptors [ 142.187116][ T24] usb 3-1: Product: syz [ 142.191295][ T24] usb 3-1: Manufacturer: syz [ 142.208376][ T24] usb 3-1: SerialNumber: syz [ 142.216564][ T24] usb 3-1: config 0 descriptor?? [ 142.231350][ T6846] loop0: detected capacity change from 0 to 40427 [ 142.233085][ T24] usb-storage 3-1:0.0: USB Mass Storage device detected [ 142.256006][ T6846] F2FS-fs (loop0): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288) [ 142.268537][ T6846] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 142.277432][ T6846] F2FS-fs (loop0): invalid crc value [ 142.277728][ T24] usb-storage 3-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 142.292116][ T6846] F2FS-fs (loop0): Found nat_bits in checkpoint [ 142.314305][ T6848] loop4: detected capacity change from 0 to 40427 [ 142.324944][ T6848] F2FS-fs (loop4): fault_injection options not supported [ 142.334297][ T6846] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 142.338049][ T6848] F2FS-fs (loop4): group quota file already specified [ 142.341348][ T6846] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 142.356739][ T19] usb 2-1: config 1 has an invalid interface number: 128 but max is 1 [ 142.365285][ T19] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 142.376743][ T19] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 142.385658][ T19] usb 2-1: config 1 has no interface number 0 [ 142.391789][ T19] usb 2-1: config 1 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 142.399722][ T347] usb 4-1: USB disconnect, device number 71 [ 142.415913][ T19] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 142.448113][ T19] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.467036][ T19] usb 2-1: Product: syz [ 142.471231][ T19] usb 2-1: Manufacturer: syz [ 142.475992][ T19] usb 2-1: SerialNumber: syz [ 142.495257][ T19] cdc_wdm 2-1:1.128: skipping garbage [ 142.500644][ T19] cdc_wdm: probe of 2-1:1.128 failed with error -22 [ 142.527165][ T19] usb 3-1: USB disconnect, device number 65 [ 142.570572][ T6864] loop0: detected capacity change from 0 to 2048 [ 142.577626][ T6864] EXT4-fs: Ignoring removed nomblk_io_submit option [ 142.601467][ T6864] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 142.646490][ T6870] futex_wake_op: syz.0.3125 tries to shift op by -1; fix this program [ 142.712528][ T344] usb 2-1: USB disconnect, device number 70 [ 142.765241][ T6861] loop4: detected capacity change from 0 to 40427 [ 142.776583][ T6861] F2FS-fs (loop4): invalid crc value [ 142.808984][ T6861] F2FS-fs (loop4): invalid journal entries nats 0 sits 518 [ 142.822329][ T6861] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-22) [ 142.972504][ T6903] loop3: detected capacity change from 0 to 512 [ 143.009460][ T6903] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 143.010308][ T6908] loop4: detected capacity change from 0 to 512 [ 143.042775][ T6908] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 143.067417][ T286] EXT4-fs (loop4): unmounting filesystem. [ 143.075214][ T6913] loop2: detected capacity change from 0 to 512 [ 143.081925][ T283] EXT4-fs (loop3): unmounting filesystem. [ 143.095704][ T6915] loop4: detected capacity change from 0 to 512 [ 143.099428][ T6913] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 143.133132][ T284] EXT4-fs (loop2): unmounting filesystem. [ 143.143544][ T6915] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 143.175052][ T286] EXT4-fs (loop4): unmounting filesystem. [ 143.213291][ T6926] loop2: detected capacity change from 0 to 4096 [ 143.237276][ T6926] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 143.311277][ T284] EXT4-fs (loop2): unmounting filesystem. [ 143.317649][ T6931] loop1: detected capacity change from 0 to 2048 [ 143.366539][ T6931] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 143.395138][ T6931] ext4 filesystem being mounted at /615/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.416823][ T347] usb 4-1: new low-speed USB device number 72 using dummy_hcd [ 143.424692][ T287] EXT4-fs (loop1): unmounting filesystem. [ 143.610925][ T347] usb 4-1: config index 0 descriptor too short (expected 1307, got 27) [ 143.630037][ T347] usb 4-1: config 0 has an invalid interface number: 0 but max is -1 [ 143.651632][ T347] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 143.671357][ T347] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 143.703790][ T347] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 143.724547][ T347] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 143.734455][ T5990] usb 2-1: new high-speed USB device number 71 using dummy_hcd [ 143.749597][ T347] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 143.772994][ T347] usb 4-1: string descriptor 0 read error: -22 [ 143.790061][ T347] usb 4-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 143.800805][ T347] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.823047][ T347] usb 4-1: config 0 descriptor?? [ 143.829625][ T347] hub 4-1:0.0: bad descriptor, ignoring hub [ 143.846169][ T347] hub: probe of 4-1:0.0 failed with error -5 [ 143.857863][ T347] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input18 [ 143.932128][ T5990] usb 2-1: Using ep0 maxpacket: 8 [ 143.938951][ T5990] usb 2-1: unable to get BOS descriptor or descriptor too short [ 143.960388][ T5990] usb 2-1: config 3 has an invalid interface number: 107 but max is 0 [ 143.981290][ T5990] usb 2-1: config 3 has no interface number 0 [ 143.992101][ T5990] usb 2-1: config 3 interface 107 has no altsetting 0 [ 144.015109][ T5990] usb 2-1: New USB device found, idVendor=0b05, idProduct=171f, bcdDevice=22.f2 [ 144.028857][ T5990] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.050313][ T5990] usb 2-1: Product: syz [ 144.054485][ T5990] usb 2-1: Manufacturer: syz [ 144.074193][ T5990] usb 2-1: SerialNumber: syz [ 144.079241][ T347] usb 4-1: USB disconnect, device number 72 [ 144.322059][ T5990] rndis_host 2-1:3.107: More than one union descriptor, skipping ... [ 144.329577][ T6770] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 2: invalid block bitmap [ 144.340755][ T5990] usb 2-1: bad CDC descriptors [ 144.350947][ T5990] usb 2-1: USB disconnect, device number 71 [ 144.362943][ T6934] loop2: detected capacity change from 0 to 131072 [ 144.387304][ T6928] loop4: detected capacity change from 0 to 131072 [ 144.423700][ T6934] F2FS-fs (loop2): Found nat_bits in checkpoint [ 144.434489][ T6928] F2FS-fs (loop4): Found nat_bits in checkpoint [ 144.492954][ T6934] F2FS-fs (loop2): Mounted with checkpoint version = 1b41e955 [ 144.501443][ T6928] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 144.643900][ T6948] loop3: detected capacity change from 0 to 512 [ 144.724120][ T6948] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 144.737896][ T6948] ext4 filesystem being mounted at /635/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 144.832360][ T283] EXT4-fs (loop3): unmounting filesystem. [ 144.887360][ T6958] loop1: detected capacity change from 0 to 128 [ 145.014372][ T6962] loop1: detected capacity change from 0 to 256 [ 145.077647][ T6964] loop1: detected capacity change from 0 to 512 [ 145.145996][ T344] usb 4-1: new low-speed USB device number 73 using dummy_hcd [ 145.155030][ T6966] loop1: detected capacity change from 0 to 256 [ 145.198948][ T6968] loop1: detected capacity change from 0 to 512 [ 145.217168][ T6968] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 145.273912][ T287] EXT4-fs (loop1): unmounting filesystem. [ 145.351844][ T344] usb 4-1: config 1 interface 0 altsetting 6 endpoint 0x81 has invalid maxpacket 16, setting to 8 [ 145.382328][ T344] usb 4-1: config 1 interface 0 has no altsetting 0 [ 145.394884][ T344] usb 4-1: string descriptor 0 read error: -22 [ 145.411894][ T344] usb 4-1: New USB device found, idVendor=057e, idProduct=2017, bcdDevice= 0.40 [ 145.433457][ T344] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.447577][ T6956] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 145.685402][ T344] usbhid 4-1:1.0: can't add hid device: -71 [ 145.691355][ T344] usbhid: probe of 4-1:1.0 failed with error -71 [ 145.708691][ T344] usb 4-1: USB disconnect, device number 73 [ 145.738423][ T6971] loop1: detected capacity change from 0 to 40427 [ 145.761237][ T6971] F2FS-fs (loop1): heap/no_heap options were deprecated [ 145.811913][ T6971] F2FS-fs (loop1): invalid crc value [ 145.817360][ T6971] F2FS-fs (loop1): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root and reserve_node [ 145.849372][ T6971] F2FS-fs (loop1): Found nat_bits in checkpoint [ 145.904491][ T6971] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 146.030034][ T6954] loop4: detected capacity change from 0 to 131072 [ 146.058155][ T6980] loop1: detected capacity change from 0 to 128 [ 146.080699][ T334] usb 1-1: new high-speed USB device number 71 using dummy_hcd [ 146.100616][ T6954] F2FS-fs (loop4): Found nat_bits in checkpoint [ 146.134756][ T6985] loop1: detected capacity change from 0 to 128 [ 146.178800][ T6988] loop1: detected capacity change from 0 to 128 [ 146.189116][ T6954] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 146.247348][ T6992] loop3: detected capacity change from 0 to 256 [ 146.284788][ T334] usb 1-1: Using ep0 maxpacket: 32 [ 146.293421][ T334] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 146.315819][ T334] usb 1-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 146.326632][ T6990] loop1: detected capacity change from 0 to 8192 [ 146.333003][ T334] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.341365][ T334] usb 1-1: Product: syz [ 146.345524][ T334] usb 1-1: Manufacturer: syz [ 146.354176][ T334] usb 1-1: SerialNumber: syz [ 146.377370][ T334] usb 1-1: config 0 descriptor?? [ 146.393993][ T334] usb 1-1: bad CDC descriptors [ 146.398958][ T334] usb 1-1: unsupported MDLM descriptors [ 146.400714][ T6996] loop1: detected capacity change from 0 to 512 [ 146.519343][ T6998] loop1: detected capacity change from 0 to 8192 [ 146.553491][ T347] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 146.604524][ T5990] usb 1-1: USB disconnect, device number 71 [ 146.681406][ T6952] loop2: detected capacity change from 0 to 262144 [ 146.721166][ T6952] F2FS-fs (loop2): Found nat_bits in checkpoint [ 146.732971][ T7002] loop1: detected capacity change from 0 to 32768 [ 146.746811][ T347] usb 4-1: Using ep0 maxpacket: 16 [ 146.751218][ T6952] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 146.753126][ T347] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 146.772714][ T347] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 146.781714][ T347] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 146.804838][ T347] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 146.821001][ T347] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.829569][ T334] usb 5-1: new low-speed USB device number 68 using dummy_hcd [ 146.842113][ T347] usb 4-1: Product: syz [ 146.846931][ T7010] netlink: 'syz.1.3180': attribute type 15 has an invalid length. [ 146.847197][ T347] usb 4-1: Manufacturer: syz [ 146.859474][ T347] usb 4-1: SerialNumber: syz [ 146.884754][ T7012] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3181'. [ 146.977996][ T7024] loop1: detected capacity change from 0 to 512 [ 147.029258][ T334] usb 5-1: unable to get BOS descriptor or descriptor too short [ 147.048374][ T334] usb 5-1: config 7 has an invalid interface number: 67 but max is 0 [ 147.055293][ T7026] loop1: detected capacity change from 0 to 2048 [ 147.067322][ T334] usb 5-1: config 7 has no interface number 0 [ 147.078544][ T334] usb 5-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=6b.16 [ 147.084084][ T7026] loop1: p2 p3 p7 [ 147.089375][ T334] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.099771][ T347] cdc_ncm 4-1:1.0: skipping garbage [ 147.105872][ T347] cdc_ncm 4-1:1.0: skipping garbage [ 147.111342][ T347] cdc_ncm 4-1:1.0: skipping garbage [ 147.116606][ T334] usb 5-1: Product: 㯑 [ 147.122264][ T347] cdc_ncm 4-1:1.0: invalid descriptor buffer length [ 147.130138][ T347] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found [ 147.138051][ T347] cdc_ncm 4-1:1.0: bind() failure [ 147.145594][ T103] loop1: p2 p3 p7 [ 147.151530][ T347] usb 4-1: USB disconnect, device number 74 [ 147.218102][ T287] __loop_clr_fd: partition scan of loop1 failed (rc=-16) [ 147.225240][ T341] I/O error, dev loop1, sector 608 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 147.235043][ T408] I/O error, dev loop1, sector 408 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 147.238579][ T7034] netlink: 'syz.0.3192': attribute type 29 has an invalid length. [ 147.252775][ T588] I/O error, dev loop1, sector 208 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 147.252937][ T408] I/O error, dev loop1, sector 408 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 147.273568][ T341] I/O error, dev loop1, sector 608 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 147.282771][ T7032] loop2: detected capacity change from 0 to 2048 [ 147.282869][ T341] buffer_io_error: 5 callbacks suppressed [ 147.282880][ T341] Buffer I/O error on dev loop1p2, logical block 8, async page read [ 147.289305][ T588] I/O error, dev loop1, sector 208 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 147.295613][ T28] audit: type=1326 audit(1763505174.355:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7035 comm="syz.1.3189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f6018f6c9 code=0x7ffc0000 [ 147.302981][ T7034] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3192'. [ 147.323223][ T28] audit: type=1326 audit(1763505174.373:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7035 comm="syz.1.3189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f6018f6c9 code=0x7ffc0000 [ 147.344281][ T588] Buffer I/O error on dev loop1p3, logical block 8, async page read [ 147.375982][ T408] Buffer I/O error on dev loop1p7, logical block 8, async page read [ 147.388781][ T334] usb 5-1: USB disconnect, device number 68 [ 147.390998][ T341] I/O error, dev loop1, sector 609 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 147.398160][ T408] I/O error, dev loop1, sector 409 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 147.427965][ T341] Buffer I/O error on dev loop1p2, logical block 9, async page read [ 147.431613][ T7034] netlink: 'syz.0.3192': attribute type 29 has an invalid length. [ 147.445161][ T341] I/O error, dev loop1, sector 610 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 147.448255][ T408] Buffer I/O error on dev loop1p7, logical block 9, async page read [ 147.462500][ T341] Buffer I/O error on dev loop1p2, logical block 10, async page read [ 147.464142][ T588] I/O error, dev loop1, sector 209 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 147.471826][ T341] Buffer I/O error on dev loop1p2, logical block 11, async page read [ 147.480335][ T7034] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3192'. [ 147.497124][ T408] Buffer I/O error on dev loop1p7, logical block 10, async page read [ 147.502425][ T28] audit: type=1326 audit(1763505174.373:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7035 comm="syz.1.3189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=264 compat=0 ip=0x7f2f6018f6c9 code=0x7ffc0000 [ 147.505238][ T588] Buffer I/O error on dev loop1p3, logical block 9, async page read [ 147.542901][ T408] Buffer I/O error on dev loop1p7, logical block 11, async page read [ 147.586621][ T340] udevd[340]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 147.591890][ T7046] loop2: detected capacity change from 0 to 1024 [ 147.605182][ T341] udevd[341]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 147.616481][ T587] udevd[587]: inotify_add_watch(7, /dev/loop1p7, 10) failed: No such file or directory [ 147.619626][ T28] audit: type=1326 audit(1763505174.373:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7035 comm="syz.1.3189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f6018f6c9 code=0x7ffc0000 [ 147.653750][ T7046] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 147.669203][ T28] audit: type=1326 audit(1763505174.373:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7035 comm="syz.1.3189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f6018f6c9 code=0x7ffc0000 [ 147.669936][ T284] EXT4-fs (loop2): unmounting filesystem. [ 147.708207][ T341] udevd[341]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 147.720116][ T587] udevd[587]: inotify_add_watch(7, /dev/loop1p7, 10) failed: No such file or directory [ 147.736542][ T340] udevd[340]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 147.782348][ T341] udevd[341]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 147.793317][ T587] udevd[587]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 147.804016][ T588] udevd[588]: inotify_add_watch(7, /dev/loop1p7, 10) failed: No such file or directory [ 147.805837][ T7051] loop3: detected capacity change from 0 to 2048 [ 147.943123][ T28] audit: type=1400 audit(1763505174.960:238): avc: denied { write } for pid=7074 comm="syz.2.3210" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 147.977764][ T7080] device bridge_slave_1 left promiscuous mode [ 148.000033][ T7080] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.009287][ T7080] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 148.039561][ T28] audit: type=1400 audit(1763505175.053:239): avc: denied { create } for pid=7090 comm="syz.3.3218" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 148.073972][ T7097] xt_TCPMSS: Only works on TCP SYN packets [ 148.080008][ T28] audit: type=1400 audit(1763505175.071:240): avc: denied { write } for pid=7090 comm="syz.3.3218" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 148.152449][ T28] audit: type=1400 audit(1763505175.071:241): avc: denied { nlmsg_write } for pid=7090 comm="syz.3.3218" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 148.229787][ T28] audit: type=1400 audit(1763505175.108:242): avc: denied { mounton } for pid=7092 comm="syz.4.3220" path="/588/file0" dev="tmpfs" ino=3013 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 148.248309][ T7038] loop1: detected capacity change from 0 to 65536 [ 148.473874][ T7166] device batadv_slave_0 entered promiscuous mode [ 148.495280][ T7166] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3256'. [ 148.506848][ T7166] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 148.622542][ T7201] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3274'. [ 148.656679][ T7201] netlink: 7 bytes leftover after parsing attributes in process `syz.1.3274'. [ 148.753169][ T7234] loop2: detected capacity change from 0 to 128 [ 148.826268][ T7250] netlink: 96 bytes leftover after parsing attributes in process `syz.1.3298'. [ 148.909186][ T7266] netlink: 3260 bytes leftover after parsing attributes in process `syz.0.3306'. [ 148.936675][ T7268] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 149.188992][ T7246] loop4: detected capacity change from 0 to 32768 [ 149.195512][ T7317] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3331'. [ 149.251724][ T7325] loop2: detected capacity change from 0 to 512 [ 149.259621][ T7327] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 149.265799][ T7329] device veth1_macvtap left promiscuous mode [ 149.279903][ T7325] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 149.296352][ T7329] device macsec0 entered promiscuous mode [ 149.324373][ T7337] xt_l2tp: v2 doesn't support IP mode [ 149.338088][ T7325] EXT4-fs (loop2): 1 truncate cleaned up [ 149.343745][ T7325] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 149.396140][ T7348] loop1: detected capacity change from 0 to 256 [ 149.406843][ T7348] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 149.426979][ T7325] incfs: Can't find or create .index dir in ./file0 [ 149.492643][ T7325] incfs: mount failed -31 [ 149.500167][ T7357] xt_TPROXY: Can be used only with -p tcp or -p udp [ 149.532241][ T284] EXT4-fs (loop2): unmounting filesystem. [ 149.560219][ T7366] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.432715][ C0] sched: RT throttling activated [ 151.487732][ T7382] xt_ecn: cannot match TCP bits for non-tcp packets [ 151.522317][ T7392] ip6t_REJECT: ECHOREPLY is not supported [ 151.525948][ T7390] loop2: detected capacity change from 0 to 2048 [ 151.560940][ T7396] netlink: 'syz.3.3369': attribute type 28 has an invalid length. [ 151.616900][ T7408] netlink: 'syz.1.3375': attribute type 2 has an invalid length. [ 151.779194][ T7449] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3393'. [ 151.874788][ T7475] loop2: detected capacity change from 0 to 16 [ 151.892671][ T7475] erofs: (device loop2): mounted with root inode @ nid 36. [ 151.973595][ T7499] netlink: 'syz.4.3418': attribute type 5 has an invalid length. [ 152.055987][ T7520] netlink: 'syz.1.3425': attribute type 5 has an invalid length. [ 152.090085][ T7520] device ip6erspan0 entered promiscuous mode [ 152.165310][ T7547] device veth1_macvtap left promiscuous mode [ 152.195020][ T7547] device macsec0 entered promiscuous mode [ 152.280763][ T7570] device vlan0 entered promiscuous mode [ 152.288514][ T7572] __nla_validate_parse: 6 callbacks suppressed [ 152.288530][ T7572] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3455'. [ 152.359935][ T7588] loop3: detected capacity change from 0 to 512 [ 152.385026][ T7588] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 152.408382][ T7588] EXT4-fs (loop3): 1 truncate cleaned up [ 152.415401][ T7588] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 152.442930][ T7588] incfs: Can't find or create .index dir in ./file0 [ 152.454669][ T7588] incfs: mount failed -31 [ 152.475954][ T283] EXT4-fs (loop3): unmounting filesystem. [ 152.675853][ T7657] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3497'. [ 152.689281][ T7661] netlink: 6164 bytes leftover after parsing attributes in process `syz.4.3498'. [ 152.702453][ T7665] device xfrm0 entered promiscuous mode [ 152.703484][ T7664] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7664 comm=syz.0.3499 [ 152.729117][ T7664] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=17 sclass=netlink_tcpdiag_socket pid=7664 comm=syz.0.3499 [ 152.788898][ T7680] Zero length message leads to an empty skb [ 152.981659][ T7727] A link change request failed with some changes committed already. Interface xfrm0 may have been left with an inconsistent configuration, please check. [ 153.174517][ T28] kauditd_printk_skb: 41 callbacks suppressed [ 153.174532][ T28] audit: type=1400 audit(1763505179.825:284): avc: denied { setopt } for pid=7762 comm="syz.4.3549" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 153.217916][ T7769] netlink: 'syz.3.3552': attribute type 4 has an invalid length. [ 153.235405][ T7769] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.3552'. [ 153.245224][ T28] audit: type=1400 audit(1763505179.862:285): avc: denied { read } for pid=7764 comm="syz.0.3550" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 153.264714][ T7773] netlink: 'syz.1.3553': attribute type 46 has an invalid length. [ 153.283602][ T7773] netlink: 'syz.1.3553': attribute type 28 has an invalid length. [ 153.356890][ T7786] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3560'. [ 153.377532][ T7786] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3560'. [ 153.401322][ T7786] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3560'. [ 153.424141][ T7786] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3560'. [ 153.444482][ T7786] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3560'. [ 153.464986][ T7786] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3560'. [ 154.797956][ T7822] sock: sock_timestamping_bind_phc: sock not bind to device [ 154.815791][ T28] audit: type=1400 audit(1763505181.350:286): avc: denied { sqpoll } for pid=7820 comm="syz.3.3579" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 154.984912][ T7838] loop1: detected capacity change from 0 to 4096 [ 155.054809][ T7838] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 155.155825][ T287] EXT4-fs (loop1): unmounting filesystem. [ 155.240907][ T7868] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 155.290563][ T7876] x_tables: unsorted underflow at hook 4 [ 155.402924][ T7889] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.429680][ T28] audit: type=1326 audit(1763505181.917:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7894 comm="syz.1.3613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f6018f6c9 code=0x7ffc0000 [ 155.455588][ T7889] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.498629][ T28] audit: type=1326 audit(1763505181.917:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7894 comm="syz.1.3613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f6018f6c9 code=0x7ffc0000 [ 155.541767][ T7902] device vti0 entered promiscuous mode [ 155.572662][ T28] audit: type=1326 audit(1763505181.945:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7894 comm="syz.1.3613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7f2f6018f6c9 code=0x7ffc0000 [ 155.637574][ T28] audit: type=1326 audit(1763505181.945:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7894 comm="syz.1.3613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f6018f6c9 code=0x7ffc0000 [ 155.695706][ T28] audit: type=1326 audit(1763505181.945:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7894 comm="syz.1.3613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f6018f6c9 code=0x7ffc0000 [ 155.712266][ T7923] xt_l2tp: unknown flags: 17 [ 155.728565][ T7924] xt_SECMARK: invalid mode: 2 [ 155.937437][ T28] audit: type=1400 audit(1763505182.384:292): avc: denied { getopt } for pid=7953 comm="syz.1.3640" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 156.016255][ T7966] mmap: syz.4.3644 (7966): VmData 167489536 exceed data ulimit 9. Update limits or use boot option ignore_rlimit_data. [ 156.298120][ T28] audit: type=1400 audit(1763505182.726:293): avc: denied { nlmsg_read } for pid=8010 comm="syz.1.3668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 156.457464][ T8035] SELinux: policydb magic number 0x20766264 does not match expected magic number 0xf97cff8c [ 156.494638][ T8035] SELinux: failed to load policy [ 156.615413][ T8059] IPv6: NLM_F_CREATE should be specified when creating new route [ 156.624194][ T8058] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 156.828070][ T8099] loop1: detected capacity change from 0 to 256 [ 156.848399][ T8099] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 156.864915][ T8106] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 156.887207][ T8099] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 156.975263][ T8126] device vcan0 entered promiscuous mode [ 156.994007][ T8126] A link change request failed with some changes committed already. Interface vcan0 may have been left with an inconsistent configuration, please check. [ 157.046181][ T8138] loop1: detected capacity change from 0 to 256 [ 157.064501][ T8138] FAT-fs (loop1): Directory bread(block 64) failed [ 157.076419][ T8141] netlink: 'syz.4.3733': attribute type 12 has an invalid length. [ 157.084230][ T8138] FAT-fs (loop1): Directory bread(block 65) failed [ 157.096294][ T8138] FAT-fs (loop1): Directory bread(block 66) failed [ 157.103057][ T8138] FAT-fs (loop1): Directory bread(block 67) failed [ 157.117934][ T8138] FAT-fs (loop1): Directory bread(block 68) failed [ 157.125058][ T8138] FAT-fs (loop1): Directory bread(block 69) failed [ 157.142592][ T8138] FAT-fs (loop1): Directory bread(block 70) failed [ 157.149398][ T8138] FAT-fs (loop1): Directory bread(block 71) failed [ 157.161185][ T8138] FAT-fs (loop1): Directory bread(block 72) failed [ 157.175800][ T8138] FAT-fs (loop1): Directory bread(block 73) failed [ 157.474694][ T8189] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.482075][ T8193] capability: warning: `syz.2.3758' uses deprecated v2 capabilities in a way that may be insecure [ 157.494042][ T8189] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.576606][ T8202] netlink: 'syz.4.3762': attribute type 5 has an invalid length. [ 157.640660][ T7831] loop3: detected capacity change from 0 to 262144 [ 157.704469][ T7831] F2FS-fs (loop3): Found nat_bits in checkpoint [ 157.761394][ T8232] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.769942][ T7831] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 157.771391][ T8232] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.840246][ T8244] xt_bpf: check failed: parse error [ 157.986316][ T8270] bridge2: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms) [ 158.010007][ T8275] __nla_validate_parse: 27 callbacks suppressed [ 158.010023][ T8275] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3797'. [ 158.031153][ T8275] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 158.068557][ T8280] x_tables: duplicate entry at hook 2 [ 158.224901][ T8309] xt_policy: output policy not valid in PREROUTING and INPUT [ 158.330138][ T8323] loop1: detected capacity change from 0 to 512 [ 158.332089][ T8319] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3819'. [ 158.369347][ T8323] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 158.403736][ T8323] EXT4-fs (loop1): orphan cleanup on readonly fs [ 158.413607][ T8323] EXT4-fs error (device loop1): mb_free_blocks:1810: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 158.432601][ T8323] EXT4-fs (loop1): Remounting filesystem read-only [ 158.440221][ T8323] EXT4-fs error (device loop1): ext4_do_update_inode:5256: inode #11: comm syz.1.3820: corrupted inode contents [ 158.479862][ T8323] EXT4-fs (loop1): Remounting filesystem read-only [ 158.486573][ T8323] EXT4-fs error (device loop1): ext4_dirty_inode:6121: inode #11: comm syz.1.3820: mark_inode_dirty error [ 158.488844][ T8350] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3833'. [ 158.498556][ T8323] EXT4-fs (loop1): Remounting filesystem read-only [ 158.515340][ T8352] netlink: 'syz.2.3831': attribute type 3 has an invalid length. [ 158.516644][ T8323] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.3820: invalid indirect mapped block 327680 (level 0) [ 158.539281][ T8323] EXT4-fs (loop1): Remounting filesystem read-only [ 158.545929][ T8323] EXT4-fs error (device loop1): ext4_do_update_inode:5256: inode #11: comm syz.1.3820: corrupted inode contents [ 158.570205][ T8323] EXT4-fs (loop1): Remounting filesystem read-only [ 158.579716][ T8323] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 158.604487][ T8323] EXT4-fs (loop1): Remounting filesystem read-only [ 158.615609][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 158.625258][ T8323] EXT4-fs error (device loop1): ext4_do_update_inode:5256: inode #11: comm syz.1.3820: corrupted inode contents [ 158.653517][ T8323] EXT4-fs (loop1): Remounting filesystem read-only [ 158.667795][ T8323] EXT4-fs error (device loop1): ext4_truncate:4314: inode #11: comm syz.1.3820: mark_inode_dirty error [ 158.688379][ T8323] EXT4-fs (loop1): Remounting filesystem read-only [ 158.705525][ T8323] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 158.735765][ T8323] EXT4-fs (loop1): Remounting filesystem read-only [ 158.751180][ T8323] EXT4-fs (loop1): 1 truncate cleaned up [ 158.756920][ T8381] loop2: detected capacity change from 0 to 4096 [ 158.767378][ T8381] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 158.776381][ T8323] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 158.805979][ T284] EXT4-fs (loop2): unmounting filesystem. [ 158.902015][ T287] EXT4-fs (loop1): unmounting filesystem. [ 158.961712][ T8425] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3870'. [ 158.989180][ T8427] loop1: detected capacity change from 0 to 512 [ 159.016905][ T8423] loop4: detected capacity change from 0 to 4096 [ 159.048672][ T8423] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 159.067200][ T8427] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 159.075187][ T8427] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 159.075235][ T8427] System zones: 0-1, 15-15, 18-18, 34-34 [ 159.075671][ T8427] EXT4-fs (loop1): orphan cleanup on readonly fs [ 159.075705][ T8427] __quota_error: 10 callbacks suppressed [ 159.075715][ T8427] Quota error (device loop1): v2_read_header: Failed header read: expected=8 got=0 [ 159.075746][ T8427] EXT4-fs warning (device loop1): ext4_enable_quotas:7055: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 159.075770][ T8427] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 159.077892][ T8427] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.3867: bg 0: block 40: padding at end of block bitmap is not set [ 159.080272][ T8427] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6165: Corrupt filesystem [ 159.080399][ T8427] EXT4-fs (loop1): 1 truncate cleaned up [ 159.080418][ T8427] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 159.081958][ T8427] EXT4-fs error (device loop1): ext4_encrypted_get_link:46: inode #16: comm syz.1.3867: bad symlink. [ 159.096005][ T287] EXT4-fs (loop1): unmounting filesystem. [ 159.114774][ T286] EXT4-fs (loop4): unmounting filesystem. [ 159.249417][ T8468] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3891'. [ 159.380681][ T8484] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3899'. [ 159.404206][ T8488] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3900'. [ 159.413317][ T8484] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3899'. [ 159.435416][ T8484] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3899'. [ 159.450864][ T8484] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3899'. [ 159.472115][ T28] audit: type=1400 audit(1763505185.662:304): avc: denied { node_bind } for pid=8490 comm="syz.2.3902" saddr=fe80::aa src=9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 159.494517][ T8484] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 159.528075][ T28] audit: type=1326 audit(1763505185.708:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8495 comm="syz.0.3904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcee358f6c9 code=0x7ffc0000 [ 159.559947][ T28] audit: type=1326 audit(1763505185.708:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8495 comm="syz.0.3904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=263 compat=0 ip=0x7fcee358f6c9 code=0x7ffc0000 [ 159.612221][ T28] audit: type=1326 audit(1763505185.708:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8495 comm="syz.0.3904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcee358f6c9 code=0x7ffc0000 [ 159.656942][ T28] audit: type=1326 audit(1763505185.819:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8512 comm="syz.3.3909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768bd8f6c9 code=0x7ffc0000 [ 159.692337][ T28] audit: type=1326 audit(1763505185.819:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8512 comm="syz.3.3909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768bd8f6c9 code=0x7ffc0000 [ 159.735576][ T28] audit: type=1326 audit(1763505185.819:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8512 comm="syz.3.3909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7f768bd8f6c9 code=0x7ffc0000 [ 159.804586][ T28] audit: type=1326 audit(1763505185.819:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8512 comm="syz.3.3909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768bd8f6c9 code=0x7ffc0000 [ 159.865686][ T28] audit: type=1326 audit(1763505185.819:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8512 comm="syz.3.3909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f768bd8f6c9 code=0x7ffc0000 [ 160.065041][ T8591] sock: sock_timestamping_bind_phc: sock not bind to device [ 160.196167][ T8613] device vlan0 entered promiscuous mode [ 160.216080][ T8617] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 160.551750][ T8657] ipt_REJECT: ECHOREPLY no longer supported. [ 160.615701][ T8665] IPv6: Can't replace route, no match found [ 160.637901][ T8470] loop1: detected capacity change from 0 to 131072 [ 160.660634][ T60] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 160.672242][ T8470] F2FS-fs (loop1): Test dummy encryption mode enabled [ 160.686626][ T8671] netlink: 'syz.0.3991': attribute type 1 has an invalid length. [ 160.734311][ T8470] F2FS-fs (loop1): Found nat_bits in checkpoint [ 160.781656][ T8688] netlink: 'syz.3.3998': attribute type 7 has an invalid length. [ 160.789402][ T8688] netlink: 'syz.3.3998': attribute type 8 has an invalid length. [ 160.820246][ T8470] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [ 160.838420][ T8470] F2FS-fs (loop1): access invalid blkaddr:660992 [ 160.852991][ T8470] CPU: 0 PID: 8470 Comm: syz.1.3892 Tainted: G W syzkaller #0 [ 160.861868][ T8470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 160.871926][ T8470] Call Trace: [ 160.875198][ T8470] [ 160.878125][ T8470] __dump_stack+0x21/0x24 [ 160.882459][ T8470] dump_stack_lvl+0xee/0x150 [ 160.887050][ T8470] ? __cfi_dump_stack_lvl+0x8/0x8 [ 160.892072][ T8470] ? __cfi_f2fs_get_dnode_of_data+0x10/0x10 [ 160.897972][ T8470] dump_stack+0x15/0x24 [ 160.902126][ T8470] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 160.907671][ T8470] f2fs_is_valid_blkaddr+0x23/0x30 [ 160.909779][ T60] usb 3-1: Using ep0 maxpacket: 16 [ 160.912781][ T8470] f2fs_get_read_data_page+0x4e2/0x840 [ 160.912806][ T8470] ? __cfi_f2fs_get_read_data_page+0x10/0x10 [ 160.925553][ T60] usb 3-1: config 0 has no interfaces? [ 160.929285][ T8470] f2fs_find_data_page+0x198/0x3a0 [ 160.939824][ T8470] f2fs_empty_dir+0x146/0x2e0 [ 160.944508][ T8470] ? __cfi_f2fs_empty_dir+0x10/0x10 [ 160.945330][ T60] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 160.949705][ T8470] fscrypt_ioctl_set_policy+0x3cd/0x480 [ 160.949733][ T8470] ? __cfi_fscrypt_ioctl_set_policy+0x10/0x10 [ 160.970281][ T8470] __f2fs_ioctl+0x293f/0xbd50 [ 160.971334][ T60] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.974961][ T8470] ? avc_has_extended_perms+0x95f/0xdc0 [ 160.974990][ T8470] ? __cfi____update_load_sum+0x10/0x10 [ 160.993970][ T8470] ? __cfi_avc_has_extended_perms+0x10/0x10 [ 160.995580][ T60] usb 3-1: Product: syz [ 160.999862][ T8470] ? __update_load_avg_cfs_rq+0xaf/0x2f0 [ 160.999888][ T8470] ? __kasan_check_write+0x14/0x20 [ 161.010480][ T60] usb 3-1: Manufacturer: syz [ 161.014699][ T8470] ? __switch_to+0x51f/0xe30 [ 161.023827][ T8470] ? f2fs_ioctl+0x240/0x240 [ 161.028335][ T8470] ? __cfi___switch_to+0x10/0x10 [ 161.030220][ T60] usb 3-1: SerialNumber: syz [ 161.033265][ T8470] ? __kasan_check_write+0x14/0x20 [ 161.042929][ T8470] ? finish_task_switch+0x209/0x7b0 [ 161.048121][ T8470] ? __switch_to_asm+0x3a/0x60 [ 161.052877][ T8470] ? __schedule+0xb8f/0x14e0 [ 161.057463][ T8470] ? __sched_text_start+0x8/0x8 [ 161.062303][ T8470] ? security_file_free+0xd8/0xf0 [ 161.067321][ T8470] ? do_futex+0x2dc/0x420 [ 161.071645][ T8470] ? __kasan_check_read+0x11/0x20 [ 161.076671][ T8470] ? preempt_schedule_irq+0xbb/0x110 [ 161.081957][ T8470] ? __cfi_preempt_schedule_irq+0x10/0x10 [ 161.083185][ T60] r8152-cfgselector 3-1: config 0 descriptor?? [ 161.087670][ T8470] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 161.099335][ T8470] ? raw_irqentry_exit_cond_resched+0x29/0x30 [ 161.105412][ T8470] ? irqentry_exit+0x37/0x40 [ 161.110010][ T8470] ? sysvec_reschedule_ipi+0x78/0x80 [ 161.115295][ T8470] ? __cfi_f2fs_ioctl+0x10/0x10 [ 161.120151][ T8470] f2fs_ioctl+0x149/0x240 [ 161.124484][ T8470] ? __cfi_f2fs_ioctl+0x10/0x10 [ 161.129335][ T8470] __se_sys_ioctl+0x12f/0x1b0 [ 161.134009][ T8470] __x64_sys_ioctl+0x7b/0x90 [ 161.138596][ T8470] x64_sys_call+0x58b/0x9a0 [ 161.143098][ T8470] do_syscall_64+0x4c/0xa0 [ 161.147513][ T8470] ? clear_bhb_loop+0x30/0x80 [ 161.152187][ T8470] ? clear_bhb_loop+0x30/0x80 [ 161.156861][ T8470] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 161.162749][ T8470] RIP: 0033:0x7f2f6018f6c9 [ 161.167154][ T8470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.186758][ T8470] RSP: 002b:00007f2f61059038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 161.195171][ T8470] RAX: ffffffffffffffda RBX: 00007f2f603e5fa0 RCX: 00007f2f6018f6c9 [ 161.203139][ T8470] RDX: 0000200000000040 RSI: 00000000800c6613 RDI: 0000000000000003 [ 161.211109][ T8470] RBP: 00007f2f60211f91 R08: 0000000000000000 R09: 0000000000000000 [ 161.219076][ T8470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 161.227054][ T8470] R13: 00007f2f603e6038 R14: 00007f2f603e5fa0 R15: 00007ffd33642fb8 [ 161.235026][ T8470] [ 161.258214][ T8701] tmpfs: Bad value for 'size' [ 162.417034][ T8719] IPv6: sit1: Disabled Multicast RS [ 162.550705][ T8728] xt_hashlimit: max too large, truncated to 1048576 [ 162.577702][ T8728] xt_hashlimit: invalid interval [ 162.578161][ T60] usb 3-1: USB disconnect, device number 66 [ 163.069966][ T8804] netlink: 'syz.3.4054': attribute type 11 has an invalid length. [ 163.112700][ T8810] loop1: detected capacity change from 0 to 1024 [ 163.151668][ T8810] EXT4-fs: Ignoring removed nomblk_io_submit option [ 163.162313][ T8810] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 163.206349][ T8810] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 163.217005][ T8810] System zones: 0-1, 3-36 [ 163.238132][ T8810] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 163.266217][ T287] EXT4-fs (loop1): unmounting filesystem. [ 163.524389][ T8876] netlink: 'syz.3.4087': attribute type 30 has an invalid length. [ 165.482604][ T8921] loop3: detected capacity change from 0 to 2048 [ 165.529017][ T8921] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 165.539973][ T8921] ext4 filesystem being mounted at /805/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 166.682947][ T8924] device vlan0 entered promiscuous mode [ 166.688879][ T283] EXT4-fs (loop3): unmounting filesystem. [ 166.716442][ T28] kauditd_printk_skb: 13 callbacks suppressed [ 166.716456][ T28] audit: type=1326 audit(1763505192.346:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8934 comm="syz.0.4119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcee358f6c9 code=0x7ffc0000 [ 166.764698][ T28] audit: type=1326 audit(1763505192.346:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8934 comm="syz.0.4119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcee358f6c9 code=0x7ffc0000 [ 166.828925][ T28] audit: type=1326 audit(1763505192.374:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8934 comm="syz.0.4119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fcee358f6c9 code=0x7ffc0000 [ 166.890319][ T28] audit: type=1326 audit(1763505192.374:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8934 comm="syz.0.4119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcee358f6c9 code=0x7ffc0000 [ 166.963811][ T28] audit: type=1326 audit(1763505192.374:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8934 comm="syz.0.4119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcee358f6c9 code=0x7ffc0000 [ 167.000095][ T28] audit: type=1400 audit(1763505192.438:331): avc: denied { write } for pid=8961 comm="syz.2.4130" name="usbmon4" dev="devtmpfs" ino=171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 167.022514][ T9002] device ip6gre1 entered promiscuous mode [ 167.039335][ T28] audit: type=1400 audit(1763505192.438:332): avc: denied { ioctl } for pid=8961 comm="syz.2.4130" path="/dev/usbmon4" dev="devtmpfs" ino=171 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 167.077750][ T28] audit: type=1400 audit(1763505192.475:333): avc: denied { getopt } for pid=8969 comm="syz.3.4134" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 167.141756][ T9025] xt_limit: Overflow, try lower: 2147483649/3300 [ 167.284333][ T9060] netlink: 'syz.4.4179': attribute type 2 has an invalid length. [ 167.368878][ T9082] __nla_validate_parse: 49 callbacks suppressed [ 167.368897][ T9082] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4190'. [ 167.387770][ T9084] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4192'. [ 167.423751][ T9090] netlink: 'syz.0.4193': attribute type 11 has an invalid length. [ 167.443891][ T9096] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4197'. [ 167.458800][ T9096] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4197'. [ 167.567009][ T9120] netlink: 'syz.0.4210': attribute type 5 has an invalid length. [ 167.683502][ T28] audit: type=1400 audit(1763505193.242:334): avc: denied { getopt } for pid=9147 comm="syz.0.4223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 167.719780][ T9152] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4225'. [ 167.733802][ T28] audit: type=1400 audit(1763505193.269:335): avc: denied { bind } for pid=9157 comm="syz.4.4228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 167.915348][ T9207] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4254'. [ 167.962639][ T9218] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4256'. [ 167.995140][ T9218] device vlan0 entered promiscuous mode [ 168.157576][ T9263] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4278'. [ 168.325492][ T9293] xt_TCPMSS: Only works on TCP SYN packets [ 168.427320][ T9321] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 168.476714][ T9332] loop3: detected capacity change from 0 to 256 [ 168.513105][ T9332] FAT-fs (loop3): Directory bread(block 64) failed [ 168.534166][ T9343] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4320'. [ 168.545284][ T9332] FAT-fs (loop3): Directory bread(block 65) failed [ 168.560347][ T9332] FAT-fs (loop3): Directory bread(block 66) failed [ 168.566991][ T9332] FAT-fs (loop3): Directory bread(block 67) failed [ 168.576244][ T9332] FAT-fs (loop3): Directory bread(block 68) failed [ 168.586708][ T9332] FAT-fs (loop3): Directory bread(block 69) failed [ 168.595035][ T9332] FAT-fs (loop3): Directory bread(block 70) failed [ 168.603426][ T9357] x_tables: unsorted underflow at hook 3 [ 168.607584][ T9332] FAT-fs (loop3): Directory bread(block 71) failed [ 168.615745][ T9332] FAT-fs (loop3): Directory bread(block 72) failed [ 168.623168][ T9332] FAT-fs (loop3): Directory bread(block 73) failed [ 168.629231][ T9361] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4329'. [ 168.644974][ T9364] x_tables: unsorted underflow at hook 2 [ 168.658623][ T9361] device vlan0 entered promiscuous mode [ 168.677102][ T9367] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 168.711749][ T9372] loop4: detected capacity change from 0 to 512 [ 168.718755][ T9373] netlink: 'syz.3.4335': attribute type 6 has an invalid length. [ 168.728583][ T9373] netlink: 'syz.3.4335': attribute type 7 has an invalid length. [ 168.741344][ T9373] netlink: 'syz.3.4335': attribute type 8 has an invalid length. [ 168.756212][ T9372] [EXT4 FS bs=4096, gc=1, bpg=95, ipg=32, mo=e040e01c, mo2=0000] [ 168.764090][ T9379] netlink: 'syz.1.4338': attribute type 12 has an invalid length. [ 168.785880][ T9372] System zones: 0-2, 18-18, 34-34 [ 168.803012][ T9372] EXT4-fs error (device loop4): ext4_do_update_inode:5256: inode #3: comm syz.4.4336: corrupted inode contents [ 168.815906][ T9372] EXT4-fs error (device loop4): ext4_dirty_inode:6121: inode #3: comm syz.4.4336: mark_inode_dirty error [ 168.827804][ T9372] EXT4-fs error (device loop4): ext4_do_update_inode:5256: inode #3: comm syz.4.4336: corrupted inode contents [ 168.843907][ T9372] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #3: comm syz.4.4336: mark_inode_dirty error [ 168.878217][ T9372] EXT4-fs error (device loop4): ext4_acquire_dquot:6803: comm syz.4.4336: Failed to acquire dquot type 0 [ 168.889519][ T334] usb 3-1: new low-speed USB device number 67 using dummy_hcd [ 168.903619][ T9372] EXT4-fs (loop4): 1 orphan inode deleted [ 168.909515][ T9372] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 168.923632][ T10] EXT4-fs error (device loop4): ext4_release_dquot:6839: comm kworker/u4:1: Failed to release dquot type 1 [ 168.926072][ T9372] ext4 filesystem being mounted at /792/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 168.984108][ T9410] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 168.995213][ T286] EXT4-fs (loop4): unmounting filesystem. [ 169.087534][ T9430] tipc: Trying to set illegal importance in message [ 169.095399][ T334] usb 3-1: unable to get BOS descriptor or descriptor too short [ 169.109819][ T334] usb 3-1: config 1 has an invalid interface number: 4 but max is 2 [ 169.123691][ T9434] syz.3.4363 uses obsolete (PF_INET,SOCK_PACKET) [ 169.123867][ T334] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 169.163987][ T334] usb 3-1: config 1 has no interface number 1 [ 169.170081][ T334] usb 3-1: config 1 interface 4 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 14 [ 170.886051][ T334] usb 3-1: config 1 interface 4 has no altsetting 0 [ 170.905600][ T334] usb 3-1: string descriptor 0 read error: -22 [ 170.912994][ T334] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 170.926698][ T334] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.947079][ T334] usb 3-1: unknown interface protocol 0x2, assuming v1 [ 170.956643][ T334] usb 3-1: cannot find UAC_HEADER [ 170.972007][ T334] snd-usb-audio: probe of 3-1:1.2 failed with error -22 [ 171.058659][ T309] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 171.092906][ T9453] x_tables: unsorted entry at hook 2 [ 171.142453][ T9464] xt_hashlimit: max too large, truncated to 1048576 [ 171.159255][ T344] usb 3-1: USB disconnect, device number 67 [ 171.260083][ T9488] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 171.271022][ T9494] netlink: 'syz.1.4394': attribute type 1 has an invalid length. [ 171.283529][ T309] usb 5-1: Using ep0 maxpacket: 32 [ 171.287868][ T9488] syz.0.4392 (9488) used greatest stack depth: 20808 bytes left [ 171.295227][ T309] usb 5-1: config 0 has an invalid interface number: 151 but max is 0 [ 171.313866][ T309] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 171.335049][ T309] usb 5-1: config 0 has no interface number 0 [ 171.345965][ T309] usb 5-1: config 0 interface 151 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 171.364695][ T9506] xt_TPROXY: Can be used only with -p tcp or -p udp [ 171.366572][ T9504] xt_TCPMSS: Only works on TCP SYN packets [ 171.377875][ T309] usb 5-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 171.394000][ T309] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.402316][ T309] usb 5-1: Product: syz [ 171.414297][ T309] usb 5-1: Manufacturer: syz [ 171.419041][ T309] usb 5-1: SerialNumber: syz [ 171.424268][ T309] usb 5-1: config 0 descriptor?? [ 171.560512][ T9546] ip6tnl0: mtu less than device minimum [ 171.705824][ T9579] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 171.713086][ T9579] IPv6: NLM_F_CREATE should be set when creating new route [ 171.720307][ T9579] IPv6: NLM_F_CREATE should be set when creating new route [ 171.802697][ T9597] device ipip0 entered promiscuous mode [ 171.822141][ T9601] sock: sock_timestamping_bind_phc: sock not bind to device [ 171.868457][ T309] usb 5-1: USB disconnect, device number 69 [ 171.874503][ T340] udevd[340]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.151/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 171.904465][ T9615] device bridge2 entered promiscuous mode [ 171.982485][ T9634] netlink: 'syz.2.4462': attribute type 15 has an invalid length. [ 172.038581][ T9646] loop3: detected capacity change from 0 to 512 [ 172.046171][ T9646] EXT4-fs: Ignoring removed mblk_io_submit option [ 172.052620][ T9646] EXT4-fs: Ignoring removed nomblk_io_submit option [ 172.097981][ T9646] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 172.109109][ T9646] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 172.131228][ T334] usb 2-1: new high-speed USB device number 72 using dummy_hcd [ 172.161631][ T9646] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3836: comm syz.3.4468: Allocating blocks 41-42 which overlap fs metadata [ 172.177776][ T9646] __quota_error: 19 callbacks suppressed [ 172.177790][ T9646] Quota error (device loop3): write_blk: dquota write failed [ 172.201430][ T9646] Quota error (device loop3): find_free_dqentry: Can't write quota data block 5 [ 172.214715][ T9646] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 172.224818][ T9646] EXT4-fs error (device loop3): ext4_acquire_dquot:6803: comm syz.3.4468: Failed to acquire dquot type 1 [ 172.240416][ T9646] EXT4-fs error (device loop3): mb_free_blocks:1810: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 172.255016][ T9646] EXT4-fs error (device loop3): ext4_do_update_inode:5256: inode #12: comm syz.3.4468: corrupted inode contents [ 172.266918][ T28] audit: type=1400 audit(1763505197.461:352): avc: denied { getopt } for pid=9686 comm="syz.2.4487" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 172.283093][ T9646] EXT4-fs error (device loop3): ext4_dirty_inode:6121: inode #12: comm syz.3.4468: mark_inode_dirty error [ 172.310230][ T9646] EXT4-fs error (device loop3): ext4_do_update_inode:5256: inode #12: comm syz.3.4468: corrupted inode contents [ 172.332569][ T9646] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #12: comm syz.3.4468: mark_inode_dirty error [ 172.348619][ T9646] EXT4-fs error (device loop3): ext4_do_update_inode:5256: inode #12: comm syz.3.4468: corrupted inode contents [ 172.348677][ T334] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 172.362788][ T9646] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 172.380112][ T334] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 172.384452][ T9646] EXT4-fs error (device loop3): ext4_do_update_inode:5256: inode #12: comm syz.3.4468: corrupted inode contents [ 172.399890][ T334] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 172.405166][ T9646] EXT4-fs error (device loop3): ext4_truncate:4314: inode #12: comm syz.3.4468: mark_inode_dirty error [ 172.429831][ T334] usb 2-1: config 220 has no interface number 2 [ 172.436332][ T334] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 172.452836][ T9646] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 172.471071][ T334] usb 2-1: config 220 interface 0 has no altsetting 0 [ 172.473354][ T9646] EXT4-fs (loop3): 1 truncate cleaned up [ 172.499564][ T334] usb 2-1: config 220 interface 76 has no altsetting 0 [ 172.499829][ T9646] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 172.516175][ T334] usb 2-1: config 220 interface 1 has no altsetting 0 [ 172.539009][ T334] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 172.579983][ T334] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.593363][ T28] audit: type=1400 audit(1763505197.765:353): avc: denied { remount } for pid=9641 comm="syz.3.4468" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 172.612992][ T9646] EXT4-fs (loop3): re-mounted. Quota mode: writeback. [ 172.614404][ T334] usb 2-1: Product: syz [ 172.625171][ T9728] A link change request failed with some changes committed already. Interface veth1_to_batadv may have been left with an inconsistent configuration, please check. [ 172.628713][ T334] usb 2-1: Manufacturer: syz [ 172.646271][ T28] audit: type=1326 audit(1763505197.784:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9726 comm="syz.4.4507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138b38f6c9 code=0x7ffc0000 [ 172.672078][ T334] usb 2-1: SerialNumber: syz [ 172.672452][ T283] EXT4-fs (loop3): unmounting filesystem. [ 172.688058][ T28] audit: type=1326 audit(1763505197.784:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9726 comm="syz.4.4507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=149 compat=0 ip=0x7f138b38f6c9 code=0x7ffc0000 [ 172.713233][ T28] audit: type=1326 audit(1763505197.839:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9726 comm="syz.4.4507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138b38f6c9 code=0x7ffc0000 [ 172.775847][ T28] audit: type=1326 audit(1763505197.839:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9726 comm="syz.4.4507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138b38f6c9 code=0x7ffc0000 [ 172.800700][ T9746] __nla_validate_parse: 8 callbacks suppressed [ 172.800717][ T9746] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4516'. [ 172.834768][ T9750] netlink: 'syz.4.4518': attribute type 4 has an invalid length. [ 172.845442][ T9750] netlink: 'syz.4.4518': attribute type 5 has an invalid length. [ 172.862329][ T9750] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.4518'. [ 172.917667][ T9768] netlink: 76 bytes leftover after parsing attributes in process `syz.2.4527'. [ 172.931036][ T334] usb 2-1: selecting invalid altsetting 0 [ 172.939284][ T9771] loop3: detected capacity change from 0 to 512 [ 172.946404][ T334] usb 2-1: Found UVC 7.01 device syz (8086:0b07) [ 172.952751][ T334] usb 2-1: No valid video chain found. [ 172.968480][ T9771] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 172.989938][ T334] usb 2-1: USB disconnect, device number 72 [ 173.013714][ T9771] EXT4-fs error (device loop3): ext4_orphan_get:1400: inode #17: comm syz.3.4528: iget: bad i_size value: -6917529027641081756 [ 173.043221][ T9771] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.4528: couldn't read orphan inode 17 (err -117) [ 173.057248][ T9771] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 173.064067][ T28] audit: type=1400 audit(1763505198.199:358): avc: denied { write } for pid=9789 comm="syz.2.4537" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 173.127797][ T283] EXT4-fs (loop3): unmounting filesystem. [ 173.191175][ T9810] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4546'. [ 173.272369][ T9826] xt_TPROXY: Can be used only with -p tcp or -p udp [ 173.619943][ T9901] IPv6: sit1: Disabled Multicast RS [ 173.812514][ T9953] xt_socket: unknown flags 0x40 [ 173.867054][ T9963] netlink: 'syz.2.4622': attribute type 12 has an invalid length. [ 174.011581][ T9993] netlink: 'syz.2.4638': attribute type 3 has an invalid length. [ 174.012898][ T9991] xt_TCPMSS: Only works on TCP SYN packets [ 174.030426][ T9995] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4639'. [ 174.077927][ T9995] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4639'. [ 174.364707][T10045] xt_limit: Overflow, try lower: 65536/2147483648 [ 174.600268][T10095] loop2: detected capacity change from 0 to 512 [ 174.672802][T10095] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 174.683436][T10095] ext4 filesystem being mounted at /951/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 174.718133][T10114] netlink: 'syz.0.4696': attribute type 7 has an invalid length. [ 174.761357][ T284] EXT4-fs (loop2): unmounting filesystem. [ 174.775544][T10124] netlink: 'syz.3.4703': attribute type 3 has an invalid length. [ 174.783379][T10124] netlink: 'syz.3.4703': attribute type 3 has an invalid length. [ 174.870245][T10142] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4709'. [ 174.892597][T10142] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4709'. [ 174.987721][T10165] netlink: 'syz.4.4722': attribute type 3 has an invalid length. [ 175.018934][T10170] device vlan0 left promiscuous mode [ 175.028580][T10170] device macsec0 left promiscuous mode [ 175.034500][T10170] device ip6erspan0 left promiscuous mode [ 175.051605][T10170] device vti0 left promiscuous mode [ 175.211265][T10220] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4749'. [ 175.262092][T10231] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4754'. [ 175.394584][T10264] loop4: detected capacity change from 0 to 256 [ 175.431437][T10264] FAT-fs (loop4): Directory bread(block 64) failed [ 175.446215][T10264] FAT-fs (loop4): Directory bread(block 65) failed [ 175.476607][T10264] FAT-fs (loop4): Directory bread(block 66) failed [ 175.488244][T10285] netlink: 'syz.0.4780': attribute type 15 has an invalid length. [ 175.491548][T10264] FAT-fs (loop4): Directory bread(block 67) failed [ 175.508083][T10264] FAT-fs (loop4): Directory bread(block 68) failed [ 175.513015][T10291] netlink: 'syz.0.4784': attribute type 5 has an invalid length. [ 175.521045][T10264] FAT-fs (loop4): Directory bread(block 69) failed [ 175.538825][T10264] FAT-fs (loop4): Directory bread(block 70) failed [ 175.546111][T10264] FAT-fs (loop4): Directory bread(block 71) failed [ 175.552855][T10264] FAT-fs (loop4): Directory bread(block 72) failed [ 175.559979][T10264] FAT-fs (loop4): Directory bread(block 73) failed [ 175.672859][T10318] bridge0: port 3(veth0) entered blocking state [ 175.679214][T10318] bridge0: port 3(veth0) entered disabled state [ 175.687688][T10318] device veth0 entered promiscuous mode [ 175.695294][T10320] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 175.860249][T10358] sit0: mtu greater than device maximum [ 175.890728][ T309] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 176.015129][T10396] device ip6gre1 entered promiscuous mode [ 176.097609][ T309] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 176.100652][T10400] loop4: detected capacity change from 0 to 8192 [ 176.121382][ T309] usb 3-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 176.172233][ T309] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 176.199776][ T309] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.216424][ T309] usb 3-1: Product: syz [ 176.226645][ T309] usb 3-1: Manufacturer: syz [ 176.236047][ T309] usb 3-1: SerialNumber: syz [ 176.253113][ T309] cdc_ncm 3-1:1.0: skipping garbage [ 176.273931][ T309] cdc_ncm 3-1:1.0: NCM or ECM functional descriptors missing [ 176.297952][ T309] cdc_ncm 3-1:1.0: bind() failure [ 176.305517][T10444] loop4: detected capacity change from 0 to 256 [ 176.317432][ T309] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 176.337488][T10444] FAT-fs (loop4): Directory bread(block 64) failed [ 176.342004][ T309] cdc_ncm 3-1:1.1: bind() failure [ 176.351727][T10444] FAT-fs (loop4): Directory bread(block 65) failed [ 176.359095][T10444] FAT-fs (loop4): Directory bread(block 66) failed [ 176.370878][T10444] FAT-fs (loop4): Directory bread(block 67) failed [ 176.378022][T10444] FAT-fs (loop4): Directory bread(block 68) failed [ 176.386813][T10444] FAT-fs (loop4): Directory bread(block 69) failed [ 176.393854][T10444] FAT-fs (loop4): Directory bread(block 70) failed [ 176.407961][T10444] FAT-fs (loop4): Directory bread(block 71) failed [ 176.438132][T10444] FAT-fs (loop4): Directory bread(block 72) failed [ 176.441337][T10466] device bridge3 entered promiscuous mode [ 176.457915][T10444] FAT-fs (loop4): Directory bread(block 73) failed [ 176.472683][ T309] usb 3-1: USB disconnect, device number 68 [ 176.524120][T10481] loop1: detected capacity change from 0 to 512 [ 176.578939][T10481] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 176.603905][T10481] ext4 filesystem being mounted at /921/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 176.631222][ T287] EXT4-fs (loop1): unmounting filesystem. [ 176.813995][T10547] tc_dump_action: action bad kind [ 176.887463][ T344] usb 1-1: new high-speed USB device number 72 using dummy_hcd [ 176.913380][T10571] xt_hashlimit: size too large, truncated to 1048576 [ 176.920404][T10571] xt_hashlimit: invalid rate [ 177.060773][ T19] usb 2-1: new high-speed USB device number 73 using dummy_hcd [ 177.082451][ T344] usb 1-1: Using ep0 maxpacket: 32 [ 177.089144][ T344] usb 1-1: unable to get BOS descriptor or descriptor too short [ 177.097573][ T344] usb 1-1: config 128 has an invalid interface number: 127 but max is 3 [ 177.105963][ T344] usb 1-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 177.116912][ T344] usb 1-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 177.126072][ T344] usb 1-1: config 128 has no interface number 0 [ 177.132360][ T344] usb 1-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 177.143744][ T344] usb 1-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0 [ 177.154565][ T344] usb 1-1: config 128 interface 127 has no altsetting 0 [ 177.163201][ T344] usb 1-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 177.172426][ T344] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.180552][ T344] usb 1-1: Product: syz [ 177.184763][ T344] usb 1-1: Manufacturer: syz [ 177.189390][ T344] usb 1-1: SerialNumber: syz [ 177.246106][T10644] loop3: detected capacity change from 0 to 256 [ 177.262244][T10644] FAT-fs (loop3): Directory bread(block 64) failed [ 177.267756][ T19] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 177.268912][T10644] FAT-fs (loop3): Directory bread(block 65) failed [ 177.278767][ T19] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 177.284011][T10644] FAT-fs (loop3): Directory bread(block 66) failed [ 177.292808][ T19] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 177.299020][T10644] FAT-fs (loop3): Directory bread(block 67) failed [ 177.310012][ T19] usb 2-1: config 220 has no interface number 2 [ 177.315787][T10644] FAT-fs (loop3): Directory bread(block 68) failed [ 177.322389][ T309] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 177.328562][T10644] FAT-fs (loop3): Directory bread(block 69) failed [ 177.336053][ T19] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 177.342664][T10644] FAT-fs (loop3): Directory bread(block 70) failed [ 177.355910][ T19] usb 2-1: config 220 interface 0 has no altsetting 0 [ 177.362517][T10644] FAT-fs (loop3): Directory bread(block 71) failed [ 177.369004][ T19] usb 2-1: config 220 interface 76 has no altsetting 0 [ 177.375789][T10644] FAT-fs (loop3): Directory bread(block 72) failed [ 177.382454][ T19] usb 2-1: config 220 interface 1 has no altsetting 0 [ 177.388929][T10644] FAT-fs (loop3): Directory bread(block 73) failed [ 177.397145][ T19] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 177.411080][ T19] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.429020][ T344] usb 1-1: USB disconnect, device number 72 [ 177.435045][ T19] usb 2-1: Product: syz [ 177.439241][ T19] usb 2-1: Manufacturer: syz [ 177.444477][ T19] usb 2-1: SerialNumber: syz [ 177.447249][ T340] udevd[340]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:128.127/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 177.550211][T10662] loop3: detected capacity change from 0 to 256 [ 177.561973][T10662] FAT-fs (loop3): Directory bread(block 64) failed [ 177.568594][T10662] FAT-fs (loop3): Directory bread(block 65) failed [ 177.575188][T10662] FAT-fs (loop3): Directory bread(block 66) failed [ 177.581745][ T309] usb 5-1: Using ep0 maxpacket: 16 [ 177.582083][T10662] FAT-fs (loop3): Directory bread(block 67) failed [ 177.587958][ T309] usb 5-1: config 0 has no interfaces? [ 177.593972][T10662] FAT-fs (loop3): Directory bread(block 68) failed [ 177.600507][ T309] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 177.606939][T10662] FAT-fs (loop3): Directory bread(block 69) failed [ 177.614763][ T309] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.621084][T10662] FAT-fs (loop3): Directory bread(block 70) failed [ 177.628909][ T309] usb 5-1: Product: syz [ 177.635559][T10662] FAT-fs (loop3): Directory bread(block 71) failed [ 177.639539][ T309] usb 5-1: Manufacturer: syz [ 177.646157][T10662] FAT-fs (loop3): Directory bread(block 72) failed [ 177.650642][ T309] usb 5-1: SerialNumber: syz [ 177.657297][T10662] FAT-fs (loop3): Directory bread(block 73) failed [ 177.662585][ T309] r8152-cfgselector 5-1: config 0 descriptor?? [ 177.685924][ T19] usb 2-1: selecting invalid altsetting 0 [ 177.692102][ T19] usb 2-1: Found UVC 7.01 device syz (8086:0b07) [ 177.698534][ T19] usb 2-1: No valid video chain found. [ 177.716185][ T19] usb 2-1: USB disconnect, device number 73 [ 177.785927][ T28] kauditd_printk_skb: 16 callbacks suppressed [ 177.785940][ T28] audit: type=1400 audit(1763505202.556:374): avc: denied { audit_write } for pid=10676 comm="syz.3.4974" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 177.835278][T10681] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.903066][ T309] r8152-cfgselector 5-1: Unknown version 0x0000 [ 178.010664][ T28] audit: type=1400 audit(1763505202.768:375): avc: denied { setcurrent } for pid=10689 comm="syz.2.4981" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 178.120884][T10717] xt_SECMARK: invalid security context 'unconfined' [ 178.144588][ T60] r8152-cfgselector 5-1: USB disconnect, device number 70 [ 178.180354][ T28] audit: type=1400 audit(1763505202.925:376): avc: denied { write } for pid=10727 comm="syz.0.4999" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 178.287445][T10750] validate_nla: 3 callbacks suppressed [ 178.287462][T10750] netlink: 'syz.0.5011': attribute type 1 has an invalid length. [ 178.297966][T10752] xt_policy: input policy not valid in POSTROUTING and OUTPUT [ 178.348111][T10759] loop1: detected capacity change from 0 to 16 [ 178.357177][T10759] erofs: (device loop1): erofs_init_device: empty device tag @ pos 0 [ 178.412516][T10772] __nla_validate_parse: 9 callbacks suppressed [ 178.412530][T10772] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5020'. [ 178.605909][T10816] x_tables: ip6_tables: icmp6 match: only valid for protocol 58 [ 178.613673][T10817] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5042'. [ 178.690932][T10836] device ip6gretap2 entered promiscuous mode [ 178.699742][T10837] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 178.706960][T10837] IPv6: NLM_F_CREATE should be set when creating new route [ 178.748800][T10845] loop2: detected capacity change from 0 to 256 [ 178.761428][T10847] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5056'. [ 178.972649][T10903] device bridge4 entered promiscuous mode [ 178.996445][T10909] loop1: detected capacity change from 0 to 256 [ 179.067804][T10909] FAT-fs (loop1): Directory bread(block 64) failed [ 179.089697][T10909] FAT-fs (loop1): Directory bread(block 65) failed [ 179.107783][T10933] netlink: 188 bytes leftover after parsing attributes in process `syz.2.5101'. [ 179.125970][T10909] FAT-fs (loop1): Directory bread(block 66) failed [ 179.148571][T10909] FAT-fs (loop1): Directory bread(block 67) failed [ 179.176062][T10909] FAT-fs (loop1): Directory bread(block 68) failed [ 179.201756][T10909] FAT-fs (loop1): Directory bread(block 69) failed [ 179.219922][T10909] FAT-fs (loop1): Directory bread(block 70) failed [ 179.238508][T10909] FAT-fs (loop1): Directory bread(block 71) failed [ 179.252834][T10909] FAT-fs (loop1): Directory bread(block 72) failed [ 179.271032][T10909] FAT-fs (loop1): Directory bread(block 73) failed [ 179.350326][T10984] loop2: detected capacity change from 0 to 256 [ 179.361970][T10984] FAT-fs (loop2): Directory bread(block 64) failed [ 179.372549][T10984] FAT-fs (loop2): Directory bread(block 65) failed [ 179.395317][T10984] FAT-fs (loop2): Directory bread(block 66) failed [ 179.397739][T10993] syz.0.5129 (10993): /proc/10993/oom_adj is deprecated, please use /proc/10993/oom_score_adj instead. [ 179.408499][T10984] FAT-fs (loop2): Directory bread(block 67) failed [ 179.442523][T10999] netlink: 'syz.4.5133': attribute type 12 has an invalid length. [ 179.446297][T10984] FAT-fs (loop2): Directory bread(block 68) failed [ 179.476096][T10984] FAT-fs (loop2): Directory bread(block 69) failed [ 179.489700][T11007] loop1: detected capacity change from 0 to 512 [ 179.508964][T10984] FAT-fs (loop2): Directory bread(block 70) failed [ 179.521659][T10984] FAT-fs (loop2): Directory bread(block 71) failed [ 179.531632][T11007] EXT4-fs: Ignoring removed nobh option [ 179.547295][T10984] FAT-fs (loop2): Directory bread(block 72) failed [ 179.560534][T10984] FAT-fs (loop2): Directory bread(block 73) failed [ 179.567442][T11007] EXT4-fs warning (device loop1): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 179.583003][T11007] EXT4-fs warning (device loop1): dx_probe:881: Enable large directory feature to access it [ 179.598029][T11007] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.5136: Corrupt directory, running e2fsck is recommended [ 179.611592][T11007] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 179.620427][T11007] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2195: inode #15: comm syz.1.5136: corrupted in-inode xattr [ 179.632681][T11007] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.5136: couldn't read orphan inode 15 (err -117) [ 179.645155][T11007] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 179.645362][T11026] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5144'. [ 179.672160][T11007] EXT4-fs (loop1): re-mounted. Quota mode: writeback. [ 179.675946][T11026] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5144'. [ 179.725926][T11037] cgroup: name respecified [ 179.745401][ T287] EXT4-fs (loop1): unmounting filesystem. [ 180.196527][T11163] netlink: 'syz.3.5210': attribute type 5 has an invalid length. [ 180.208809][ T28] audit: type=1400 audit(1763505204.798:377): avc: denied { map } for pid=11162 comm="syz.2.5212" path="socket:[49459]" dev="sockfs" ino=49459 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 180.386434][T11207] IPv6: NLM_F_CREATE should be specified when creating new route [ 180.457190][ T28] audit: type=1326 audit(1763505205.029:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz.4.5242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138b38f6c9 code=0x7ffc0000 [ 180.480960][ T60] usb 2-1: new high-speed USB device number 74 using dummy_hcd [ 180.531555][ T28] audit: type=1326 audit(1763505205.029:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz.4.5242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138b38f6c9 code=0x7ffc0000 [ 180.578220][ T28] audit: type=1326 audit(1763505205.029:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz.4.5242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=23 compat=0 ip=0x7f138b38f6c9 code=0x7ffc0000 [ 180.593256][T11251] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5255'. [ 180.606501][ T28] audit: type=1326 audit(1763505205.029:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz.4.5242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138b38f6c9 code=0x7ffc0000 [ 180.634116][T11251] netlink: 'syz.3.5255': attribute type 1 has an invalid length. [ 180.668255][ T28] audit: type=1326 audit(1763505205.029:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11224 comm="syz.4.5242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f138b38f6c9 code=0x7ffc0000 [ 180.691920][ T60] usb 2-1: Using ep0 maxpacket: 8 [ 180.693303][T11266] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 180.707965][ T28] audit: type=1400 audit(1763505205.057:383): avc: denied { compute_member } for pid=11228 comm="syz.0.5244" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 180.747870][ T60] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 180.760274][ T60] usb 2-1: config 179 has no interface number 0 [ 180.773936][ T60] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 180.789665][ T60] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 180.807757][ T60] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 180.822882][T11287] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 180.834480][ T60] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 180.838502][T11286] loop4: detected capacity change from 0 to 512 [ 180.852666][ T60] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 180.858650][T11287] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 180.870489][ T60] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 180.878562][T11286] EXT4-fs: Ignoring removed nomblk_io_submit option [ 180.897769][T11286] EXT4-fs (loop4): Test dummy encryption mode enabled [ 180.900313][ T60] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.932506][T11157] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 180.932839][T11286] EXT4-fs (loop4): 1 truncate cleaned up [ 180.967158][T11286] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 181.057573][ T286] EXT4-fs (loop4): unmounting filesystem. [ 181.073177][T11320] xt_hashlimit: overflow, rate too high: 0 [ 181.105895][T11325] xt_TCPMSS: Only works on TCP SYN packets [ 181.140541][T11331] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.401880][T11368] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 181.404150][ T19] usb 2-1: USB disconnect, device number 74 [ 181.409325][ C1] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 181.424275][ C1] dummy_hcd dummy_hcd.1: timer fired with no URBs pending? [ 181.431753][T11368] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 181.447111][T11368] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.454141][T11368] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.467347][T11368] device veth1_macvtap entered promiscuous mode [ 181.507945][T11368] syz.0.5313 (11368) used greatest stack depth: 20224 bytes left [ 181.526020][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 181.548449][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 181.568469][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 181.592225][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 181.600845][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 181.609147][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 181.617901][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 181.630397][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 181.638840][ T343] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 181.647757][ T6] ip6_tunnel: K xmit: Local address not yet configured! [ 181.723409][T11404] netlink: 76 bytes leftover after parsing attributes in process `syz.4.5330'. [ 181.741840][T11404] netlink: 72 bytes leftover after parsing attributes in process `syz.4.5330'. [ 181.752014][T11404] netlink: 'syz.4.5330': attribute type 3 has an invalid length. [ 181.759796][T11404] netlink: 11 bytes leftover after parsing attributes in process `syz.4.5330'. [ 181.769571][T11409] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 181.796669][T11411] 8021q: VLANs not supported on lo [ 182.001218][ T1686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 182.040684][T11461] netlink: 'syz.2.5357': attribute type 5 has an invalid length. [ 182.261669][T11503] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 182.265693][T11504] loop1: detected capacity change from 0 to 16 [ 182.280749][T11504] erofs: (device loop1): mounted with root inode @ nid 36. [ 182.318511][T11504] erofs: (device loop1): erofs_find_target_block: corrupted dir block 8200 @ nid 36 [ 182.462852][T11550] netlink: 'syz.0.5403': attribute type 1 has an invalid length. [ 182.526266][T11567] SELinux: security_context_str_to_sid (defcontext) failed with errno=-22 [ 182.603193][T11585] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.642179][T11594] loop2: detected capacity change from 0 to 128 [ 182.664853][T11600] IPv6: NLM_F_CREATE should be specified when creating new route [ 182.689029][T11594] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 182.699481][T11609] loop1: detected capacity change from 0 to 256 [ 182.716365][T11594] ext4 filesystem being mounted at /1109/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 182.735122][T11609] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 182.761190][T11594] EXT4-fs error (device loop2): __ext4_find_entry:1696: inode #2: comm syz.2.5424: checksumming directory block 0 [ 182.785072][ T284] EXT4-fs (loop2): unmounting filesystem. [ 182.875152][T11645] IPv6: NLM_F_REPLACE set, but no existing node found! [ 183.065403][T11697] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 183.218064][ T28] kauditd_printk_skb: 12 callbacks suppressed [ 183.218079][ T28] audit: type=1400 audit(1763505207.577:396): avc: denied { append } for pid=11734 comm="syz.0.5495" name="loop9" dev="devtmpfs" ino=127 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 183.231065][T11733] loop1: detected capacity change from 0 to 256 [ 183.304199][ T28] audit: type=1400 audit(1763505207.660:397): avc: denied { accept } for pid=11750 comm="syz.2.5504" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 183.340498][T11757] IPv6: NLM_F_CREATE should be specified when creating new route [ 183.348685][T11733] FAT-fs (loop1): Directory bread(block 64) failed [ 183.360714][T11733] FAT-fs (loop1): Directory bread(block 65) failed [ 183.369686][ T28] audit: type=1326 audit(1763505207.715:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11760 comm="syz.2.5508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f051378f6c9 code=0x7ffc0000 [ 183.374726][T11733] FAT-fs (loop1): Directory bread(block 66) failed [ 183.400862][T11733] FAT-fs (loop1): Directory bread(block 67) failed [ 183.408850][ T28] audit: type=1326 audit(1763505207.752:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11760 comm="syz.2.5508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f051378f6c9 code=0x7ffc0000 [ 183.419990][T11733] FAT-fs (loop1): Directory bread(block 68) failed [ 183.439091][ T60] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 183.474704][T11733] FAT-fs (loop1): Directory bread(block 69) failed [ 183.489473][ T28] audit: type=1326 audit(1763505207.752:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11760 comm="syz.2.5508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f051378f6c9 code=0x7ffc0000 [ 183.496762][T11733] FAT-fs (loop1): Directory bread(block 70) failed [ 183.523807][ T28] audit: type=1400 audit(1763505207.789:401): avc: denied { validate_trans } for pid=11764 comm="syz.0.5510" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 183.537478][T11733] FAT-fs (loop1): Directory bread(block 71) failed [ 183.551907][T11733] FAT-fs (loop1): Directory bread(block 72) failed [ 183.565122][T11733] FAT-fs (loop1): Directory bread(block 73) failed [ 183.620716][ T28] audit: type=1400 audit(1763505207.946:402): avc: granted { setsecparam } for pid=11792 comm="syz.3.5524" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 183.649510][ T60] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 183.661915][ T60] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 183.674999][ T28] audit: type=1400 audit(1763505207.946:403): avc: granted { setsecparam } for pid=11792 comm="syz.3.5524" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 183.700927][ T60] usb 5-1: config 1 has no interface number 0 [ 183.717674][ T60] usb 5-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 183.766342][T11819] loop1: detected capacity change from 0 to 512 [ 183.773268][ T60] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 183.789010][ T60] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.803224][T11819] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 183.807852][ T60] usb 5-1: Product: syz [ 183.819536][ T60] usb 5-1: Manufacturer: syz [ 183.842903][ T60] usb 5-1: SerialNumber: syz [ 183.860559][ T60] cdc_ncm 5-1:1.1: NCM or ECM functional descriptors missing [ 183.879035][ T60] cdc_ncm 5-1:1.1: bind() failure [ 183.884568][T11819] EXT4-fs (loop1): warning: maximal mount count reached, running e2fsck is recommended [ 183.914986][T11819] EXT4-fs error (device loop1): ext4_orphan_get:1400: comm syz.1.5538: inode #15: comm syz.1.5538: iget: illegal inode # [ 183.922771][T11838] kernel read not supported for file /policy (pid: 11838 comm: syz.3.5547) [ 183.927641][ T28] audit: type=1400 audit(1763505208.223:404): avc: denied { module_load } for pid=11837 comm="syz.3.5547" path="/selinux/policy" dev="selinuxfs" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=system permissive=1 [ 183.960728][T11819] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.5538: couldn't read orphan inode 15 (err -117) [ 183.978651][T11819] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 183.996195][ T28] audit: type=1400 audit(1763505208.287:405): avc: denied { read write } for pid=11818 comm="syz.1.5538" name="loop1" dev="devtmpfs" ino=119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 183.999308][T11819] EXT4-fs error (device loop1): ext4_lookup:1858: comm syz.1.5538: inode #15: comm syz.1.5538: iget: illegal inode # [ 184.080406][ T60] usb 5-1: USB disconnect, device number 71 [ 184.165295][ T287] EXT4-fs (loop1): unmounting filesystem. [ 184.299107][T11880] loop1: detected capacity change from 0 to 256 [ 184.332727][T11880] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d) [ 184.401114][T11890] netlink: 'syz.2.5571': attribute type 11 has an invalid length. [ 184.669218][T11913] netlink: 'syz.2.5580': attribute type 4 has an invalid length. [ 184.676978][T11913] __nla_validate_parse: 7 callbacks suppressed [ 184.676990][T11913] netlink: 17 bytes leftover after parsing attributes in process `syz.2.5580'. [ 184.919870][T11946] loop3: detected capacity change from 0 to 1024 [ 184.937808][T11946] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 185.016460][T11946] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 185.105242][T11968] device veth1_macvtap entered promiscuous mode [ 185.123916][ T283] EXT4-fs (loop3): unmounting filesystem. [ 185.141505][T11977] SELinux: Context system_u:object_r:iptables_conf_t:s0 is not valid (left unmapped). [ 185.154161][T11967] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 185.219992][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.240784][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.247845][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.284788][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 185.294522][T11991] xt_hashlimit: max too large, truncated to 1048576 [ 185.326406][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.332415][T11991] xt_hashlimit: overflow, try lower: 0/0 [ 185.348709][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 185.385426][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.417372][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.457828][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 185.482950][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.507471][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 185.663315][ C0] ip6_tunnel: K xmit: Local address not yet configured! [ 186.117167][T12066] IPv6: sit1: Disabled Multicast RS [ 186.296688][T12090] netlink: 'syz.2.5669': attribute type 1 has an invalid length. [ 186.393731][T12106] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5674'. [ 186.543060][T12128] ipt_REJECT: TCP_RESET invalid for non-tcp [ 186.733136][ T1686] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 186.757715][ T1686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.788961][ T1686] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 186.823484][ T1686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.850842][ T1686] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.868825][ T1686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.878993][ T1686] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.897902][ T1686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.921740][T12173] device vlan0 left promiscuous mode [ 186.928739][T12173] device ip6gretap2 left promiscuous mode [ 187.085375][T12201] netlink: 10 bytes leftover after parsing attributes in process `syz.3.5724'. [ 187.452479][T12248] netlink: 'syz.3.5745': attribute type 6 has an invalid length. [ 187.788321][T12279] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5762'. [ 188.167580][T12310] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.370666][T12339] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5792'. [ 188.429398][T12351] x_tables: unsorted underflow at hook 2 [ 188.440829][T12353] xt_l2tp: invalid flags combination: 4 [ 188.648559][ T28] kauditd_printk_skb: 890 callbacks suppressed [ 188.648573][ T28] audit: type=1400 audit(1763505212.589:1296): avc: denied { read write } for pid=285 comm="syz-executor" name="loop0" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 188.686542][ T28] audit: type=1400 audit(1763505212.598:1297): avc: denied { read write } for pid=284 comm="syz-executor" name="loop2" dev="devtmpfs" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 188.745821][T12424] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5835'. [ 188.777431][T12429] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5838'. [ 188.778733][ T28] audit: type=1400 audit(1763505212.598:1298): avc: denied { read write } for pid=284 comm="syz-executor" name="loop2" dev="devtmpfs" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 188.837855][ T28] audit: type=1400 audit(1763505212.625:1299): avc: denied { read write } for pid=283 comm="syz-executor" name="loop3" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 188.908134][ T28] audit: type=1400 audit(1763505212.625:1300): avc: denied { read write } for pid=284 comm="syz-executor" name="loop2" dev="devtmpfs" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 188.970821][ T28] audit: type=1400 audit(1763505212.625:1301): avc: denied { bpf } for pid=12414 comm="syz.2.5831" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=0 [ 189.025210][ T28] audit: type=1400 audit(1763505212.625:1302): avc: denied { prog_load } for pid=12414 comm="syz.2.5831" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 189.051064][ T28] audit: type=1400 audit(1763505212.653:1303): avc: denied { bpf } for pid=12414 comm="syz.2.5831" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=0 [ 189.072803][ T28] audit: type=1400 audit(1763505212.662:1305): avc: denied { read write } for pid=287 comm="syz-executor" name="loop1" dev="devtmpfs" ino=119 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 189.144627][ T28] audit: type=1400 audit(1763505212.662:1306): avc: denied { read write } for pid=284 comm="syz-executor" name="loop2" dev="devtmpfs" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 189.199184][T12506] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5875'. [ 189.382496][T12549] xt_CONNSECMARK: invalid mode: 66 [ 189.641199][T12610] device vcan0 left promiscuous mode [ 189.658481][T12610] device vlan0 left promiscuous mode [ 189.669138][T12610] device ip6gre1 left promiscuous mode [ 189.797345][T12645] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 189.832447][T12647] device xfrm0 left promiscuous mode [ 189.849290][T12647] device vlan0 left promiscuous mode [ 189.858263][T12647] device ipip0 left promiscuous mode [ 189.921067][T12668] netlink: 37 bytes leftover after parsing attributes in process `syz.2.5954'. [ 189.928762][T12671] netlink: 1 bytes leftover after parsing attributes in process `syz.4.5956'. [ 189.944017][T12668] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 189.951243][T12668] IPv6: NLM_F_CREATE should be set when creating new route [ 189.958468][T12668] IPv6: NLM_F_CREATE should be set when creating new route [ 190.006752][T12686] netlink: 'syz.4.5963': attribute type 30 has an invalid length. [ 190.049042][T12693] x_tables: duplicate underflow at hook 2 [ 190.173259][T12724] netlink: 'syz.4.5983': attribute type 6 has an invalid length. [ 190.216276][T12735] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5986'. [ 190.234749][T12735] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5986'. [ 190.268323][T12745] netlink: 64 bytes leftover after parsing attributes in process `syz.4.5993'. [ 190.280841][T12745] netlink: 64 bytes leftover after parsing attributes in process `syz.4.5993'. [ 190.340042][T12761] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6003'. [ 190.357269][T12761] device veth1 entered promiscuous mode [ 190.364152][T12761] netlink: 'syz.4.6003': attribute type 8 has an invalid length. [ 190.374020][T12761] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check. [ 190.535757][T12805] netlink: 'syz.2.6023': attribute type 3 has an invalid length. [ 190.599826][T12823] netlink: 'syz.4.6029': attribute type 11 has an invalid length. [ 190.624895][T12826] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6035'. [ 190.700329][T12847] xt_CT: No such helper "pptp" [ 190.745754][T12856] device sit0 entered promiscuous mode [ 190.770886][T12856] netlink: 'syz.2.6048': attribute type 1 has an invalid length. [ 190.788421][T12856] netlink: 1 bytes leftover after parsing attributes in process `syz.2.6048'. [ 190.824018][T12873] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6058'. [ 190.885447][T12887] netlink: 44 bytes leftover after parsing attributes in process `syz.1.6063'. [ 190.994028][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.023634][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.030705][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.040502][ T347] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 191.054162][ T347] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 191.262145][T12968] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6104'. [ 191.758389][T13042] xt_CT: You must specify a L4 protocol and not use inversions on it [ 191.968861][T13072] netlink: 'syz.3.6156': attribute type 49 has an invalid length. [ 191.991543][T13072] netlink: 'syz.3.6156': attribute type 49 has an invalid length. [ 192.361484][T13145] IPv6: ADDRCONF(NETDEV_CHANGE): wireguard0: link becomes ready [ 192.428167][T13163] netlink: 'syz.0.6201': attribute type 49 has an invalid length. [ 192.604659][T13186] netlink: 'syz.3.6212': attribute type 12 has an invalid length. [ 192.647487][T13191] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 192.765398][T13208] tc_dump_action: action bad kind [ 192.861991][T13223] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 192.922084][T13223] IPv6: ADDRCONF(NETDEV_CHANGE): wireguard0: link becomes ready [ 192.930505][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 192.954347][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.969604][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 192.985429][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.996829][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.021319][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.030265][ T334] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 193.590234][T13378] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 193.723852][T13406] x_tables: duplicate underflow at hook 3 [ 194.068802][T13498] xt_connbytes: Forcing CT accounting to be enabled [ 194.069209][T13499] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 194.077238][ T28] kauditd_printk_skb: 641 callbacks suppressed [ 194.077249][ T28] audit: type=1400 audit(1763505217.600:1947): avc: denied { read write } for pid=286 comm="syz-executor" name="loop4" dev="devtmpfs" ino=122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 194.149173][ T28] audit: type=1400 audit(1763505217.637:1948): avc: denied { read write } for pid=283 comm="syz-executor" name="loop3" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 194.224452][ T28] audit: type=1400 audit(1763505217.647:1949): avc: denied { bpf } for pid=13501 comm="syz.4.6369" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=0 [ 194.250620][ T28] audit: type=1400 audit(1763505217.647:1950): avc: denied { bpf } for pid=13501 comm="syz.4.6369" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=0 [ 194.272628][ T28] audit: type=1400 audit(1763505217.647:1951): avc: denied { module_request } for pid=13497 comm="syz.0.6367" kmod="ipt_osf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=0 [ 194.296311][ T28] audit: type=1400 audit(1763505217.656:1952): avc: denied { read write } for pid=284 comm="syz-executor" name="loop2" dev="devtmpfs" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 194.324067][ T28] audit: type=1400 audit(1763505217.665:1953): avc: denied { bpf } for pid=13501 comm="syz.4.6369" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=0 [ 194.351255][ T28] audit: type=1400 audit(1763505217.665:1954): avc: denied { bpf } for pid=13501 comm="syz.4.6369" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=0 [ 194.363038][T13533] xt_ecn: cannot match TCP bits for non-tcp packets [ 194.372793][ T28] audit: type=1400 audit(1763505217.693:1956): avc: denied { read write } for pid=286 comm="syz-executor" name="loop4" dev="devtmpfs" ino=122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 194.435160][ T28] audit: type=1400 audit(1763505217.693:1955): avc: denied { read write } for pid=283 comm="syz-executor" name="loop3" dev="devtmpfs" ino=121 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 194.698987][T13613] ipt_REJECT: TCP_RESET invalid for non-tcp [ 194.929965][T13662] tc_dump_action: action bad kind [ 195.140330][T13708] xt_l2tp: v2 sid > 0xffff: 4294901760 [ 195.277674][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 195.290955][ T10] bridge0: port 3(veth0) entered blocking state [ 195.297240][ T10] bridge0: port 3(veth0) entered forwarding state [ 195.304278][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 195.316198][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 195.324969][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 195.334368][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 195.343186][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 195.352046][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 195.361359][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 195.369616][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 195.377587][ C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 195.385752][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth3: link becomes ready [ 195.393734][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth2: link becomes ready [ 195.402128][ T19] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 195.457331][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 195.480660][T13765] xt_TCPMSS: Only works on TCP SYN packets [ 195.619825][T13796] device veth5 entered promiscuous mode [ 195.732619][T13823] validate_nla: 8 callbacks suppressed [ 195.732635][T13823] netlink: 'syz.3.6528': attribute type 3 has an invalid length. [ 195.904328][T13849] __nla_validate_parse: 18 callbacks suppressed [ 195.904346][T13849] netlink: 5 bytes leftover after parsing attributes in process `syz.3.6543'. [ 195.932397][T13849] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 196.002832][T13861] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 196.077439][T13873] netlink: 'syz.3.6554': attribute type 13 has an invalid length. [ 196.094102][T13873] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6554'. [ 196.223656][T13901] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 196.243947][T13901] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 196.309392][T13901] IPv6: ADDRCONF(NETDEV_CHANGE): gre2: link becomes ready [ 196.332322][T13915] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check. [ 196.454348][T13946] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6589'. [ 196.476688][T13946] netlink: 52 bytes leftover after parsing attributes in process `syz.3.6589'. [ 196.485967][T13952] IPv6: NLM_F_CREATE should be specified when creating new route [ 196.495051][T13955] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 196.502287][T13955] IPv6: NLM_F_CREATE should be set when creating new route [ 196.551239][T13968] netlink: 'syz.2.6600': attribute type 5 has an invalid length. [ 196.580066][T13973] netlink: 5 bytes leftover after parsing attributes in process `syz.3.6602'. [ 196.613879][T13980] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6606'. [ 196.765093][T14013] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6622'. [ 196.788373][T14013] tc_dump_action: action bad kind [ 196.827212][T14024] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6627'. [ 197.024985][T14065] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6647'. [ 197.213086][T14099] xt_TCPMSS: Only works on TCP SYN packets [ 197.333531][T14125] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check. [ 197.364163][ C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 197.541975][T14163] netlink: 96 bytes leftover after parsing attributes in process `syz.2.6695'. [ 197.909451][T14223] netlink: 'syz.4.6725': attribute type 16 has an invalid length. [ 197.941512][T14226] netlink: 'syz.2.6728': attribute type 4 has an invalid length. [ 198.230970][ T6865] ------------[ cut here ]------------ [ 198.236438][ T6865] kernel BUG at fs/buffer.c:2714! [ 198.250801][ T6865] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 198.256875][ T6865] CPU: 1 PID: 6865 Comm: kmmpd-loop0 Tainted: G W syzkaller #0 [ 198.265805][ T6865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 198.275853][ T6865] RIP: 0010:submit_bh_wbc+0x4c9/0x4f0 [ 198.281231][ T6865] Code: c3 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c bd fe ff ff 48 89 df e8 a8 34 e8 ff e9 b0 fe ff ff e8 6e c1 a3 ff 0f 0b e8 67 c1 a3 ff <0f> 0b e8 60 c1 a3 ff 0f 0b e8 59 c1 a3 ff 0f 0b e8 52 c1 a3 ff 0f [ 198.300837][ T6865] RSP: 0018:ffffc900127afca0 EFLAGS: 00010293 [ 198.306901][ T6865] RAX: ffffffff81cc5e99 RBX: 0000000000000000 RCX: ffff8881194e0000 [ 198.314867][ T6865] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 198.322835][ T6865] RBP: ffffc900127afcf0 R08: dffffc0000000000 R09: ffffed102698c4be [ 198.330805][ T6865] R10: ffffed102698c4be R11: 1ffff1102698c4bd R12: 0000000000000000 [ 198.338777][ T6865] R13: 1ffff1102698c4bd R14: ffff888134c625e8 R15: 0000000000003801 [ 198.346745][ T6865] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 198.355675][ T6865] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.362254][ T6865] CR2: 00002000001d9000 CR3: 00000001205da000 CR4: 00000000003506a0 [ 198.370208][ T6865] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 198.378159][ T6865] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 198.386106][ T6865] Call Trace: [ 198.389363][ T6865] [ 198.392282][ T6865] ? _raw_spin_unlock_irqrestore+0x5a/0x80 [ 198.398069][ T6865] submit_bh+0x1f/0x30 [ 198.402122][ T6865] write_mmp_block_thawed+0x34a/0x4c0 [ 198.407476][ T6865] ? read_mmp_block+0x6d0/0x6d0 [ 198.412304][ T6865] ? __cfi_process_timeout+0x10/0x10 [ 198.417567][ T6865] write_mmp_block+0x138/0x2b0 [ 198.422311][ T6865] kmmpd+0x3ce/0x950 [ 198.426199][ T6865] kthread+0x281/0x320 [ 198.430241][ T6865] ? __cfi_kmmpd+0x10/0x10 [ 198.434632][ T6865] ? __cfi_kthread+0x10/0x10 [ 198.439195][ T6865] ret_from_fork+0x1f/0x30 [ 198.443592][ T6865] [ 198.446602][ T6865] Modules linked in: [ 198.453513][T14288] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 198.466748][ T6865] ---[ end trace 0000000000000000 ]--- [ 198.474115][ T6865] RIP: 0010:submit_bh_wbc+0x4c9/0x4f0 [ 198.479486][ T6865] Code: c3 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c bd fe ff ff 48 89 df e8 a8 34 e8 ff e9 b0 fe ff ff e8 6e c1 a3 ff 0f 0b e8 67 c1 a3 ff <0f> 0b e8 60 c1 a3 ff 0f 0b e8 59 c1 a3 ff 0f 0b e8 52 c1 a3 ff 0f [ 198.499314][ T6865] RSP: 0018:ffffc900127afca0 EFLAGS: 00010293 [ 198.505732][ T6865] RAX: ffffffff81cc5e99 RBX: 0000000000000000 RCX: ffff8881194e0000 [ 198.514052][ T6865] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 198.522055][ T6865] RBP: ffffc900127afcf0 R08: dffffc0000000000 R09: ffffed102698c4be [ 198.530422][ T6865] R10: ffffed102698c4be R11: 1ffff1102698c4bd R12: 0000000000000000 [ 198.538803][ T6865] R13: 1ffff1102698c4bd R14: ffff888134c625e8 R15: 0000000000003801 [ 198.546812][ T6865] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 198.555739][ T6865] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 198.562381][ T6865] CR2: 00002000001d9000 CR3: 000000010fa16000 CR4: 00000000003506a0 [ 198.570370][ T6865] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 198.578406][ T6865] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 198.586372][ T6865] Kernel panic - not syncing: Fatal exception [ 198.592630][ T6865] Kernel Offset: disabled [ 198.596931][ T6865] Rebooting in 86400 seconds..