last executing test programs: 3.051440802s ago: executing program 4 (id=1889): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10) syz_io_uring_setup(0x2de7, &(0x7f0000001600)={0x0, 0x0, 0x7, 0x2503, 0x0, 0x0, 0x0}, 0x0, 0x0) 3.020598584s ago: executing program 4 (id=1890): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000400)=0xffffffff, 0x4d) syz_emit_ethernet(0x6e, &(0x7f00000002c0)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "828bf7", 0x38, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, @mcast2, {[], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "fd9063", 0x0, 0x3a, 0x0, @private1, @empty, [], "1e520b4c951ee12e"}}}}}}}, 0x0) recvmmsg(r0, &(0x7f0000002780)=[{{0x0, 0xfffffffffffffde1, 0x0}}], 0x1, 0x2140, 0x0) 3.005753714s ago: executing program 4 (id=1891): r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'tunl0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_FLAGS={0x6}, @IFLA_IPTUN_ENCAP_TYPE={0x6}]}}}]}, 0x44}}, 0x0) 2.975636766s ago: executing program 4 (id=1892): r0 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000480)={0x0, 0xf00, &(0x7f0000000440)={&(0x7f0000000140)={0x30, r0, 0x1, 0x0, 0x0, {{}, {0x0, 0x4101}, {0x3, 0x17}}}, 0x30}}, 0x0) 2.964143356s ago: executing program 4 (id=1893): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) unshare(0x600) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f00000003c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000035090100000000009500000000000000b7020000000000007d9af8ff00000000c6090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbfa400000000000007040000f0ffffff740200000800000018220000", @ANYRES32=r0, @ANYBLOB="0000000000a4"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 2.934466587s ago: executing program 4 (id=1894): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x0) sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[], 0x1c}}, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r1, 0x800448d2, &(0x7f0000000100)) 2.757935904s ago: executing program 1 (id=1895): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000100)=[{0x30, 0x0, 0x0, 0xfffff034}, {0x80000006}]}, 0x10) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) r2 = socket$igmp6(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'erspan0\x00', 0x0}) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0) sendto$packet(r1, &(0x7f00000002c0)="05040500d3fc030000004788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) 2.757684264s ago: executing program 1 (id=1896): pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x8, &(0x7f0000004200)=0x0) io_submit(r2, 0x5f, &(0x7f0000000900)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f00000000c0)='P', 0x1}]) io_destroy(r2) write$FUSE_GETXATTR(r1, &(0x7f0000000040)={0x18}, 0x18) 2.610025729s ago: executing program 1 (id=1899): r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x2, 0x0, 0x4) 2.570373472s ago: executing program 1 (id=1901): r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'tunl0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_FLAGS={0x6}, @IFLA_IPTUN_ENCAP_TYPE={0x6}]}}}]}, 0x44}}, 0x0) 2.533278003s ago: executing program 1 (id=1903): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) unshare(0x600) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f00000003c0)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000035090100000000009500000000000000b7020000000000007d9af8ff00000000c6090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbfa400000000000007040000f0ffffff740200000800000018220000", @ANYRES32=r0, @ANYBLOB="0000000000a4"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 2.506038473s ago: executing program 1 (id=1904): r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f0100000000000000000006241a00000009057f3700020000000904010000020d00000904010102020d00000905820200020000000905ee020002"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x10, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f008004be0", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = socket$unix(0x1, 0x2, 0x0) bind$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f0000001240)=ANY=[@ANYBLOB="8500000061000000350000000000002085000000070000009500000000000000f4670880271e3503200ffa95b2c8c037c5a142c9a8d76287066c51adde96fcc309926fa3b4b87b3e0cc7444a2391511c97fabd5f9810e81ee0b737136ea6f7be39cd34d5ae35de38dde54704d25c79949c00a7c09cc28d7673294f42a5f0a8761b30d64b741a226de7bad76402320e13822c45c0f8612c10b1f3c075ff1ebb755a2dd5760903000000000000006c6386d7ec7209d031f40f3012e9576e51a7f578602f5807785b92e544fc46c744aeeee4418d6af3e4195cc03710212436a4ff3274cac948d85cec074c6949e1298901ebb39522f6649dd76d067a82f5fe47fe5f17f99ab1e394ab800f4104dbffff0000000000005c6d1d224b64be6c4d7f47ef21eb7e46f9aa4a9779f8555eaea768c1f2c221c410ef4b253d110ee282ab94de93d928cf95846be6277c04b4c5324812696aa89e393c941d9541c86238d0703394a90231ccca9c3499c9a4cd3cd8a4f8070000000b1b2d2747c45b0c52087b5efabf84960ba0e3c4c00322de328c10752a42dca52fb98c1452b6518a6ef7297f7b2744419a2f238f173d0cd46daf2fcb5500f53e7309ecc07d8d3c76e65760ff000000b78863e629b3b200000000000000000000000000008b0000000a449c810d3174c87ee545867a3126af7a8b20744ea9875b9cba735b9594aa904e5a4bb2c3dfa8ea63e3e7000860000000004a2147c1128c697d9966b3c9f0e9e203911a3fac929a4fc6e625247510bc24e20ad88d4fe6a3ae2f7967546c4aae83352106057ab9cd4b3442a5d10451b95e22f30a85f5681ca3000000000000000000000396e7b6e1aa007018f6d93e79fce95d405b809238cca421c82c96f10dfa978bee51f581d124216e8bd9b1855f77138e438bdc037861f07f98c068be4c6155ec27365410866059475714844a3ea4cbe37e0000000000ef6dc4dd63bb928ff58b3bd2a600089d172a884dcdb8b9f9050297815a371deec595838e38068b5e438cbcd585a8cf37c496a8d2dab79d4242a353917ebdf2dc7926d80260898d4e1ca5e3a833f8f65429845bc3c3092af2bc4ee7263d3cbd9cab24eafd961a2d0c7bbfca952475c7e6158bfbb32f187d18f977117101076bad4167d5559ac12ff1c14fab5ccf7117a25a25933bfe309a040034b0cc8f69074670efc8101b89477d23823605dfa8e5945c71a0225b50d18a010ecf3c349cbac4d5191c3d78726b9ab4bff5e05027ca5b338a62e955e514da8ca2846919b7b56c192bb43f7032e485cc664921b7f9133bdbc2ba3cd845997b0dd103c784a53ad0243624566e0dacfe4029ffbe59e7e7751b3a9e619107bde39bfa81791ff0e4577055528aef46891c3c49afda8137d03cf6893db7b0f1fe95f8a096159869db71853b6bb5c08ce5fc61353f1e659d7ac53f54a7e2c94cba21994930a423ac7f84ed873a76b0dda0a4b4c5f87eef3164a0c03bc2a7f08290ddf300b298de3fd9167fb8b9c2f26e27f97cf5e90586ea50b85eb5b420eebe171893782b8326148ef5f5174e7ea5dd7f1caa699e4a241291c2f43e9edbf44c0ffb8ee32a18b6e8f0b61836146e2eab9a767800c2c91190c96cf88466adf775b4cf517dc5e39be99c4ab471f381c3915203cd2f27466c8943a80ba03150699c787696de272affa4e4940e59d8b7c69f804d6d3fa7543176a4df033532e5053d72521d097dda0c7a70bd1278c61513c1b87b01d9a9ec4d5ef793096dab53d3224f245fd5d87984d58dc09d11ba0094ba8c39942be41f362e29bba1cdcf8068a4d8d67d2d6d79aa2d089bc4d475097d7523860ec41dab4fa4b0cfe674c163ad419753bd73882336d42036a179bb33162b31f2a58436ea88fba598fad987a60b1847cc63a77c2bb30477ecbeaaa590cde56be4102d0365987eed64bdf01bbd9aaeb77dde491845e612557f"], &(0x7f0000000140)='GPL\x00', 0x0, 0xe0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffc1a}, 0x15) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xce0, 0x0, &(0x7f0000000100)="b9ff03076044238cb89e14f086dd", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x48) 2.08015498s ago: executing program 3 (id=1911): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) io_setup(0x2, &(0x7f0000000200)=0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000600000000001b0000850000000f000000c5000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000340)='kmem_cache_free\x00', r2}, 0x10) io_submit(r1, 0x1, &(0x7f00000006c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) io_submit(r1, 0x1, &(0x7f0000000140)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) shutdown(r0, 0x0) 2.006949163s ago: executing program 3 (id=1912): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00') seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x16}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000040)="dc", 0x1}], 0x1) 1.593689559s ago: executing program 2 (id=1913): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x6, 0x4, 0x4, 0x9, 0x0, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r2, 0x800c6613, &(0x7f00000001c0)=@v1={0x0, @aes256, 0x0, @auto="f34d0d1e6bc3105d"}) listxattr(&(0x7f0000001e80)='./file0\x00', 0x0, 0x0) 1.581361199s ago: executing program 2 (id=1914): r0 = socket$pppl2tp(0x18, 0x1, 0x1) getsockopt$bt_BT_SECURITY(r0, 0x111, 0x2, 0x0, 0x20001f00) 1.55302096s ago: executing program 2 (id=1915): r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x580000a, 0x13, r0, 0x0) pwritev2(r0, &(0x7f0000000500)=[{&(0x7f0000000340)='\b', 0x1}], 0x1, 0x1ffffff, 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x8, 0x0, &(0x7f0000001640), 0x0, 0x0, 0x0}) 1.531117591s ago: executing program 2 (id=1916): r0 = memfd_create(&(0x7f00000006c0)='\x103q}2\x9a\xce\xaf\x03\x86\xe7\xc0\x14\x8f\xf8\xd28\xf4\x1c\xc0\xf9\x1c\xa6\xab\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xeb\xcd\t\x00\x90k\xd6\x05\r\x84\x87\x1c\b\x8c`\xea\x13A\x90m\xb6\x02\x00\x00\x00A\xc5\xb8_\xd4\x18,\fus\xb2\x99/\xc0\x9a\xf2O\xdb\xc0\x8b\x19\x17\xb7Rvd\xcb:\b0\xc3\x93;\xcc\x14\x02\xc4\xfd{\xbb-\x80\xbf\xab\xbf\xd2\xd3\xe0Cf\xb7\x7f\x93X\'\xf5/\xf9cY\x828\xa2\x00_\xb0#w\xae\xb8L\xeb\xa1\xecF\xbd\xf0\x91$s\xd8\x80\x1a\xc4\xe5=_b\x99\xf9\x84(\xcb,Y\xe6\xf0\x13\x15J\x9f,\xa5\xf2.A\x00\x00S\x94\xe7\x05no\xee\x8b\xb0ciB\x82\t9*\a\x88\xfe\xca\xcb\xe2G\x00\xa9;q\x0f\xb4\xfa\x8e\v\xf7\xc7\x86>wHw]=rW\x01\xe3\xdb\x10G-\xf7\xacD\xd7\xfb\xa0\x96\x85u\xddDv\x9c\x8b\xab\xe3F\x1d\xd2C\xdc\x1f\x80\x005\'y8a\xd3s_\xa6\b\x90\xab\xc9_\xc9\xcb;z\xcc\x9d5\xd2j\x1d\xd9\xe1\xcb\x1c\x156\xc5\xf2d\xfe\x0er\x01\xcdyF\xc1H\r\x94\xa9\x89P|\xcff\x9e\x03\xa4:\x04\v\xfe\x04\x02.\x9e\xf5~\x00\xf2TL\xac\x87<)\x02\xbaq\xae\x87\x1a\xc0\xe5\x90', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ftruncate(r0, 0x80079a0) mmap(&(0x7f00001c3000/0x3000)=nil, 0x3000, 0x4, 0x2012, r0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800008, 0x2) 1.157476335s ago: executing program 3 (id=1919): pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x8, &(0x7f0000004200)=0x0) io_submit(r2, 0x5f, &(0x7f0000000900)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f00000000c0)='P', 0x1}]) io_destroy(r2) write$FUSE_GETXATTR(r1, &(0x7f0000000040)={0x18}, 0x18) 1.011300521s ago: executing program 3 (id=1922): socket(0x0, 0x0, 0x0) unshare(0x40000000) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCADDRT(r0, 0x890c, &(0x7f0000000100)={0x0, {}, {0x2, 0x0, @private=0xa010101}, {0x2, 0x0, @multicast1}, 0x8f}) 961.507633ms ago: executing program 3 (id=1923): creat(&(0x7f0000000240)='./file0\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)='system.posix_acl_default\x00', &(0x7f00000002c0), 0x4, 0x0) 953.331204ms ago: executing program 3 (id=1924): mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x7, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = socket$inet_udp(0x2, 0x2, 0x0) accept(r1, &(0x7f00000003c0)=@ieee802154={0x24, @long}, &(0x7f0000000040)=0x80) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_procfs(0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) fchown(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = socket$inet(0x2, 0x1, 0x0) bind$inet(r6, &(0x7f00000000c0)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r6, 0x0, 0xffffffffffffff7c, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10) close(r6) 602.446467ms ago: executing program 0 (id=1925): r0 = socket$pppl2tp(0x18, 0x1, 0x1) getsockopt$bt_BT_SECURITY(r0, 0x111, 0x2, 0x0, 0x20001f00) 559.276748ms ago: executing program 2 (id=1926): r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x580000a, 0x13, r0, 0x0) pwritev2(r0, &(0x7f0000000500)=[{&(0x7f0000000340)='\b', 0x1}], 0x1, 0x1ffffff, 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x8, 0x0, &(0x7f0000001640), 0x0, 0x0, 0x0}) 557.900888ms ago: executing program 0 (id=1927): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, r1, 0x1, 0x0, 0x0, {{}, {}, {0x5, 0x14, 'syz1\x00'}}}, 0x28}}, 0x0) 533.665009ms ago: executing program 0 (id=1928): r0 = socket(0x1, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000640)={0x3c, r2, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_CHANNELS_RX_COUNT={0x8}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}]}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8}]}, 0x3c}}, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r3, 0x29, 0x5, &(0x7f00000006c0)=0x9, 0x4) bind$inet6(r3, &(0x7f0000000280)={0xa, 0x2, 0x0, @loopback, 0x9}, 0x1c) r4 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0), 0x78}}, 0x0) sendto$inet6(r3, &(0x7f00000000c0)="044aac2f202c5feda71e039a57a93088fdcce4afe28aac61837792741a190670ccbe1a2b00aa77a87d56a3f12c7920ad02928a5dac14e5b896f000fcf6521928480be9af82613a5c661f4110adba358afd8b5b4ef1702051e393ede2698112a1f1bdf1d0f568546ed322ab4c53545bd2cd6e48522f0c154cb3c6864dc30ae921db100f1ee97a234503338f8fdf356472da0c7ab6", 0x94, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) shutdown(r3, 0x1) sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f0000000600), 0xc, &(0x7f0000000900)={&(0x7f00000004c0)=ANY=[@ANYRESOCT=r3, @ANYRESOCT=r4, @ANYRES64=r4], 0x13c}, 0x1, 0x0, 0x0, 0x4}, 0x40448d2) sendmsg$IPVS_CMD_GET_INFO(r4, &(0x7f0000000a40)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x40000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x41517f18f97c4463}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000680)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_DELSET={0x74, 0xb, 0xa, 0x101, 0x0, 0x0, {}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x40}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x10}]}, @NFTA_SET_POLICY={0x8}, @NFTA_SET_EXPR={0x34, 0x11, 0x0, 0x1, @queue={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_QUEUE_NUM={0x6, 0x1, 0x1, 0x0, 0x5}, @NFTA_QUEUE_SREG_QNUM={0x8, 0x4, 0x1, 0x0, 0x10}, @NFTA_QUEUE_TOTAL={0x6, 0x2, 0x1, 0x0, 0x7}, @NFTA_QUEUE_TOTAL={0x6, 0x2, 0x1, 0x0, 0x6}]}}}, @NFTA_SET_KEY_LEN={0x8}, @NFTA_SET_OBJ_TYPE={0x8, 0xf, 0x1, 0x0, 0x6}]}], {0x14}}, 0x9c}, 0x1, 0x0, 0x0, 0x44000}, 0x2004c080) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_HARDIF(r4, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x30cff28cd98764d6}, 0xc, &(0x7f0000000300)={&(0x7f0000000a00)={0x24, r6, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x8080) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x10, 0x803, 0x0) sendmsg$GTP_CMD_DELPDP(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x20}}, 0x0) getsockname$packet(r8, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000540)=0x14) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x4, r9}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f0000001140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x5c, r6, 0x100, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x8}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r9}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x3}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x9ff}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8080}, 0x40000c0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x2c, r6, 0x10, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x400}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4094}, 0x4000000) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000040)={0x77359400}, 0x10) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r10, &(0x7f0000000180), &(0x7f00000000c0)=@tcp6=r0}, 0x20) bind$unix(r0, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e) recvmsg(r0, &(0x7f0000003780)={0x0, 0x0, &(0x7f00000026c0)=[{&(0x7f0000001f00)=""/169, 0xa9}], 0x1}, 0x0) sendmmsg$unix(r0, &(0x7f0000002100)=[{{&(0x7f0000000280)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0) 533.360879ms ago: executing program 2 (id=1929): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00') seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x16}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000040)="dc", 0x1}], 0x1) 414.265554ms ago: executing program 0 (id=1930): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) lstat(0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)=ANY=[@ANYBLOB="980000001000010400"/20, @ANYRES32=r1, @ANYBLOB="00000000000000004c001280110001006272696467655f736c617665000000003400058005001900020000000500090000000000050001"], 0x98}}, 0x0) 362.123106ms ago: executing program 0 (id=1931): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000340), 0x0, 0x0) chdir(&(0x7f0000000080)='./file0\x00') r0 = open$dir(&(0x7f0000000240)='.\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000400)='./file0\x00', r0, &(0x7f0000000440)='./file1\x00') 0s ago: executing program 0 (id=1932): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newsa={0x138, 0x10, 0x1, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, @in6=@loopback}, {@in=@empty, 0x0, 0x3c}, @in6=@loopback, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r4 = openat$cgroup_ro(r1, &(0x7f0000000040)='memory.events\x00', 0x7a05, 0x1700) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r5, 0x0) write$cgroup_int(r5, &(0x7f0000000200), 0x12) ioctl$FS_IOC_RESVSP(r4, 0x40305829, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x9ffffc}) write$cgroup_type(r3, &(0x7f0000000000), 0x182000) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x7c, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x50, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x40, 0x2, 0x0, 0x1, [@IFLA_BR_PRIORITY={0x6, 0x6, 0x7}, @IFLA_BR_MCAST_ROUTER={0x5}, @IFLA_BR_MCAST_STARTUP_QUERY_CNT={0x8, 0x1d, 0x77d}, @IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc, 0x23, 0x8000000000000001}, @IFLA_BR_FORWARD_DELAY={0x8, 0x1, 0x13}, @IFLA_BR_MCAST_STATS_ENABLED={0x5, 0x2a, 0x1}, @IFLA_BR_VLAN_FILTERING={0x5, 0x7, 0x7}]}}}, @IFLA_ADDRESS={0xa, 0x1, @dev}]}, 0x7c}}, 0x0) kernel console output (not intermixed with test programs): entered disabled state [ 129.960140][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 129.968163][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.974999][ T372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 129.982440][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 129.997799][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.004648][ T372] bridge0: port 2(bridge_slave_1) entered forwarding state [ 130.040236][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 130.048516][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 130.079001][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 130.097163][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 130.105272][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 130.114152][ T391] device bridge_slave_1 left promiscuous mode [ 130.120546][ T391] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.127703][ T391] device bridge_slave_0 left promiscuous mode [ 130.133801][ T391] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.203605][ T543] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 130.226686][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 130.569651][ T372] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 131.009624][ T543] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 131.189785][ T372] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 131.200473][ T372] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 131.213451][ T372] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 131.222441][ T372] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.234972][ T372] usb 3-1: config 0 descriptor?? [ 131.379651][ T543] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 131.388078][ T543] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 131.398079][ T543] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 131.406936][ T543] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 131.425772][ T4091] F2FS-fs (loop3): Found nat_bits in checkpoint [ 131.465593][ T4091] F2FS-fs (loop3): Cannot turn on quotas: -2 on 2 [ 131.472691][ T4091] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 131.529698][ T543] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 131.548955][ T543] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 131.557597][ T543] usb 2-1: Product: syz [ 131.562381][ T543] usb 2-1: Manufacturer: syz [ 131.600055][ T543] cdc_wdm 2-1:1.0: skipping garbage [ 131.605046][ T543] cdc_wdm 2-1:1.0: skipping garbage [ 131.611760][ T543] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 131.731303][ T372] plantronics 0003:047F:FFFF.0017: No inputs registered, leaving [ 131.748130][ T372] plantronics 0003:047F:FFFF.0017: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 131.825008][ T592] print_req_error: 233 callbacks suppressed [ 131.825022][ T592] blk_update_request: I/O error, dev loop4, sector 108 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 131.842687][ T372] usb 2-1: USB disconnect, device number 16 [ 131.851144][ T3819] blk_update_request: I/O error, dev loop4, sector 58 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 131.866211][ T652] blk_update_request: I/O error, dev loop4, sector 1008 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 131.870351][ T3819] blk_update_request: I/O error, dev loop4, sector 58 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 131.889265][ T652] blk_update_request: I/O error, dev loop4, sector 1008 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 131.895470][ T592] blk_update_request: I/O error, dev loop4, sector 108 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 131.910556][ T3819] buffer_io_error: 206 callbacks suppressed [ 131.910565][ T3819] Buffer I/O error on dev loop4p2, logical block 8, async page read [ 131.911479][ T592] Buffer I/O error on dev loop4p1, logical block 8, async page read [ 131.920634][ T652] Buffer I/O error on dev loop4p3, logical block 8, async page read [ 131.924982][ T592] blk_update_request: I/O error, dev loop4, sector 109 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 131.932566][ T3819] blk_update_request: I/O error, dev loop4, sector 59 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 131.946348][ T592] Buffer I/O error on dev loop4p1, logical block 9, async page read [ 131.960123][ T652] blk_update_request: I/O error, dev loop4, sector 1009 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 131.969558][ T592] blk_update_request: I/O error, dev loop4, sector 110 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 131.969820][ T592] Buffer I/O error on dev loop4p1, logical block 10, async page read [ 131.969853][ T592] Buffer I/O error on dev loop4p1, logical block 11, async page read [ 131.969880][ T592] Buffer I/O error on dev loop4p1, logical block 12, async page read [ 131.969907][ T592] Buffer I/O error on dev loop4p1, logical block 13, async page read [ 131.969941][ T592] Buffer I/O error on dev loop4p1, logical block 14, async page read [ 131.969968][ T592] Buffer I/O error on dev loop4p1, logical block 15, async page read [ 132.149635][ T124] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 132.538328][ T4136] overlayfs: invalid origin (79004c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 132.600630][ T1730] usb 3-1: USB disconnect, device number 11 [ 132.606815][ T4144] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 132.617908][ T4144] EXT4-fs (loop1): orphan cleanup on readonly fs [ 132.625317][ T4144] EXT4-fs error (device loop1): ext4_map_blocks:731: inode #3: block 3: comm syz.1.1298: lblock 3 mapped to illegal pblock 3 (length 1) [ 132.646096][ T4144] EXT4-fs error (device loop1): ext4_map_blocks:617: inode #3: block 3: comm syz.1.1298: lblock 3 mapped to illegal pblock 3 (length 1) [ 132.660121][ T4144] EXT4-fs error (device loop1): ext4_free_blocks:4799: comm syz.1.1298: Freeing blocks not in datazone - block = 0, count = 4096 [ 132.673917][ T4144] EXT4-fs error (device loop1): ext4_map_blocks:617: inode #3: block 3: comm syz.1.1298: lblock 3 mapped to illegal pblock 3 (length 1) [ 132.687781][ T124] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.698749][ T124] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 132.707921][ T4144] EXT4-fs (loop1): 1 orphan inode deleted [ 132.713561][ T124] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.721945][ T4144] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 132.730978][ T124] usb 5-1: config 0 descriptor?? [ 132.737289][ T4144] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 132.832452][ T4163] overlayfs: invalid origin (79004c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 132.911781][ T4167] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue [ 132.925903][ T4167] ext4 filesystem being mounted at /23/bus supports timestamps until 2038 (0x7fffffff) [ 132.949874][ T4167] ext4 filesystem being mounted at /23/bus/file0 supports timestamps until 2038 (0x7fffffff) [ 132.963882][ T3551] EXT4-fs error (device loop1): ext4_readdir:260: inode #12: block 32: comm syz-executor: path /23/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 133.210700][ T124] keytouch 0003:0926:3333.0018: fixing up Keytouch IEC report descriptor [ 133.222384][ T124] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0018/input/input19 [ 133.259613][ T13] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 133.314102][ T124] keytouch 0003:0926:3333.0018: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 133.445474][ T4187] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 133.454027][ T4187] EXT4-fs (loop2): orphan cleanup on readonly fs [ 133.461854][ T4187] EXT4-fs error (device loop2): ext4_map_blocks:731: inode #3: block 3: comm syz.2.1317: lblock 3 mapped to illegal pblock 3 (length 1) [ 133.476053][ T4187] __quota_error: 45 callbacks suppressed [ 133.476060][ T4187] Quota error (device loop2): write_blk: dquota write failed [ 133.489923][ T4187] Quota error (device loop2): find_free_dqentry: Can't write quota data block 3 [ 133.499141][ T4187] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 133.511873][ T4187] EXT4-fs error (device loop2): ext4_map_blocks:617: inode #3: block 3: comm syz.2.1317: lblock 3 mapped to illegal pblock 3 (length 1) [ 133.526959][ T4187] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 133.537052][ T13] usb 4-1: Using ep0 maxpacket: 16 [ 133.542366][ T4187] EXT4-fs error (device loop2): ext4_free_blocks:4799: comm syz.2.1317: Freeing blocks not in datazone - block = 0, count = 4096 [ 133.556036][ T4187] EXT4-fs error (device loop2): ext4_map_blocks:617: inode #3: block 3: comm syz.2.1317: lblock 3 mapped to illegal pblock 3 (length 1) [ 133.570563][ T4187] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 133.580466][ T4187] EXT4-fs (loop2): 1 orphan inode deleted [ 133.586168][ T4187] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 133.614357][ T4187] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 133.714652][ T4193] overlayfs: invalid origin (79004c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 133.761994][ T4195] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue [ 133.775779][ T4195] ext4 filesystem being mounted at /7/bus supports timestamps until 2038 (0x7fffffff) [ 133.796517][ T4195] ext4 filesystem being mounted at /7/bus/file0 supports timestamps until 2038 (0x7fffffff) [ 133.811844][ T4015] EXT4-fs error (device loop2): ext4_readdir:260: inode #12: block 32: comm syz-executor: path /7/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 133.839761][ T13] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 133.853769][ T13] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.874973][ T13] usb 4-1: Product: syz [ 133.887183][ T13] usb 4-1: Manufacturer: syz [ 133.898899][ T13] usb 4-1: SerialNumber: syz [ 133.915236][ T13] usb 4-1: config 0 descriptor?? [ 134.025343][ T543] usb 5-1: USB disconnect, device number 11 [ 134.601407][ T543] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 134.614135][ T372] usb 4-1: USB disconnect, device number 12 [ 134.849622][ T543] usb 1-1: Using ep0 maxpacket: 32 [ 134.999654][ T543] usb 1-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 135.018614][ T543] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.032196][ T543] usb 1-1: config 0 descriptor?? [ 135.059628][ T1730] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 135.739670][ T1730] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.755503][ T1730] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 135.781626][ T1730] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 135.798751][ T1730] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.819403][ T1730] usb 5-1: config 0 descriptor?? [ 136.310782][ T1730] plantronics 0003:047F:FFFF.0019: No inputs registered, leaving [ 136.399154][ T1730] plantronics 0003:047F:FFFF.0019: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 137.156989][ T848] usb 5-1: USB disconnect, device number 12 [ 137.285963][ T13] usb 1-1: USB disconnect, device number 11 [ 137.370253][ T4229] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 137.378496][ T4229] EXT4-fs (loop0): orphan cleanup on readonly fs [ 137.420344][ T4229] EXT4-fs error (device loop0): ext4_map_blocks:731: inode #3: block 3: comm syz.0.1330: lblock 3 mapped to illegal pblock 3 (length 1) [ 137.449777][ T4229] Quota error (device loop0): write_blk: dquota write failed [ 137.459607][ T4229] Quota error (device loop0): find_free_dqentry: Can't write quota data block 3 [ 137.478615][ T4229] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 137.509042][ T4229] EXT4-fs error (device loop0): ext4_map_blocks:617: inode #3: block 3: comm syz.0.1330: lblock 3 mapped to illegal pblock 3 (length 1) [ 137.529824][ T4229] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 137.549650][ T4229] EXT4-fs error (device loop0): ext4_free_blocks:4799: comm syz.0.1330: Freeing blocks not in datazone - block = 0, count = 4096 [ 137.589915][ T4229] EXT4-fs error (device loop0): ext4_map_blocks:617: inode #3: block 3: comm syz.0.1330: lblock 3 mapped to illegal pblock 3 (length 1) [ 137.619756][ T4229] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 137.639635][ T4229] EXT4-fs (loop0): 1 orphan inode deleted [ 137.678771][ T4229] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 137.735366][ T4229] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 137.759149][ T3819] print_req_error: 41 callbacks suppressed [ 137.759160][ T3819] blk_update_request: I/O error, dev loop4, sector 58 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 137.759168][ T592] blk_update_request: I/O error, dev loop4, sector 108 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 137.759264][ T592] blk_update_request: I/O error, dev loop4, sector 108 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 137.769941][ T3819] blk_update_request: I/O error, dev loop4, sector 58 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 137.777822][ T652] blk_update_request: I/O error, dev loop4, sector 1008 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 137.821805][ T4234] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue [ 137.839400][ T3819] buffer_io_error: 35 callbacks suppressed [ 137.839409][ T3819] Buffer I/O error on dev loop4p2, logical block 8, async page read [ 137.853087][ T4234] ext4 filesystem being mounted at /78/bus supports timestamps until 2038 (0x7fffffff) [ 137.862548][ T592] Buffer I/O error on dev loop4p1, logical block 8, async page read [ 137.870434][ T3819] blk_update_request: I/O error, dev loop4, sector 59 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 137.881423][ T592] blk_update_request: I/O error, dev loop4, sector 109 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 137.894343][ T3819] Buffer I/O error on dev loop4p2, logical block 9, async page read [ 137.902518][ T4234] ext4 filesystem being mounted at /78/bus/file0 supports timestamps until 2038 (0x7fffffff) [ 137.914586][ T592] Buffer I/O error on dev loop4p1, logical block 9, async page read [ 137.926172][ T3819] blk_update_request: I/O error, dev loop4, sector 60 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 137.937288][ T592] blk_update_request: I/O error, dev loop4, sector 110 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 137.952427][ T652] blk_update_request: I/O error, dev loop4, sector 1008 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 137.969584][ T3819] Buffer I/O error on dev loop4p2, logical block 10, async page read [ 137.979641][ T592] Buffer I/O error on dev loop4p1, logical block 10, async page read [ 137.987530][ T592] Buffer I/O error on dev loop4p1, logical block 11, async page read [ 137.987750][ T3819] Buffer I/O error on dev loop4p2, logical block 11, async page read [ 138.004694][ T652] Buffer I/O error on dev loop4p3, logical block 8, async page read [ 138.009631][ T592] Buffer I/O error on dev loop4p1, logical block 12, async page read [ 138.020616][ T2741] EXT4-fs error (device loop3): ext4_readdir:260: inode #12: block 32: comm syz-executor: path /78/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 138.419588][ T1730] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 138.489601][ T13] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 138.689607][ T1730] usb 5-1: Using ep0 maxpacket: 32 [ 138.729605][ T13] usb 1-1: Using ep0 maxpacket: 32 [ 138.809656][ T1730] usb 5-1: config 0 has an invalid interface number: 226 but max is 0 [ 138.827732][ T1730] usb 5-1: config 0 has no interface number 0 [ 138.833870][ T1730] usb 5-1: config 0 interface 226 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 138.849677][ T13] usb 1-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 138.858496][ T13] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.865015][ T1730] usb 5-1: config 0 interface 226 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 138.880445][ T13] usb 1-1: config 0 descriptor?? [ 138.906489][ T1730] usb 5-1: New USB device found, idVendor=5543, idProduct=0081, bcdDevice= 0.00 [ 138.923931][ T1730] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.943810][ T1730] usb 5-1: config 0 descriptor?? [ 139.431912][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.448887][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.458976][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.475989][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.496150][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.513324][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.529586][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.546525][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.556599][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.576753][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.583712][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.599586][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.609678][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.626617][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.647617][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.654613][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.669731][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.686741][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.696812][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.709609][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.716437][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.744116][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.751139][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.768083][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.788296][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.795278][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.809586][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.826546][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.836631][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.856817][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.863803][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.879587][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.889683][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.906655][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.926807][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.933780][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.949597][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.959687][ T1730] uclogic 0003:5543:0081.001A: unknown main item tag 0x0 [ 139.977056][ T1730] uclogic 0003:5543:0081.001A: No inputs registered, leaving [ 140.000650][ T1730] uclogic 0003:5543:0081.001A: hidraw0: USB HID v0.00 Device [HID 5543:0081] on usb-dummy_hcd.4-1/input226 [ 140.026235][ T1730] usb 5-1: USB disconnect, device number 13 [ 140.911497][ T23] kauditd_printk_skb: 1 callbacks suppressed [ 140.911502][ T4267] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1342'. [ 140.911509][ T23] audit: type=1400 audit(1719914311.620:541): avc: denied { nlmsg_read } for pid=4266 comm="syz.4.1342" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 141.116242][ T23] audit: type=1400 audit(1719914311.820:542): avc: denied { setattr } for pid=4266 comm="syz.4.1342" name="NETLINK" dev="sockfs" ino=48872 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 141.148011][ T13] usb 1-1: USB disconnect, device number 12 [ 141.262286][ T4271] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 141.294488][ T4271] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 142.311414][ T4285] fuse: Bad value for 'fd' [ 142.442261][ T4285] device pim6reg1 entered promiscuous mode [ 142.561159][ T23] audit: type=1400 audit(1719914313.040:543): avc: denied { getopt } for pid=4276 comm="syz.4.1345" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 143.053650][ T592] print_req_error: 230 callbacks suppressed [ 143.053666][ T592] blk_update_request: I/O error, dev loop4, sector 108 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 143.081191][ T3819] blk_update_request: I/O error, dev loop4, sector 58 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 143.107435][ T652] blk_update_request: I/O error, dev loop4, sector 1008 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 143.129686][ T3819] blk_update_request: I/O error, dev loop4, sector 58 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 143.141308][ T23] audit: type=1400 audit(1719914313.850:544): avc: denied { mounton } for pid=4289 comm="syz.4.1348" path="/136/file0" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 143.142047][ T652] blk_update_request: I/O error, dev loop4, sector 1008 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 143.189773][ T592] blk_update_request: I/O error, dev loop4, sector 108 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 143.200782][ T3819] buffer_io_error: 204 callbacks suppressed [ 143.200790][ T3819] Buffer I/O error on dev loop4p2, logical block 8, async page read [ 143.269324][ T4293] cgroup1: Bad value for 'name' [ 143.280967][ T4293] SELinux: Context system_u:object_r:systemd_passwd_agent_exec_t:s0 is not valid (left unmapped). [ 143.312718][ T652] Buffer I/O error on dev loop4p3, logical block 8, async page read [ 143.325888][ T592] Buffer I/O error on dev loop4p1, logical block 8, async page read [ 143.349679][ T23] audit: type=1400 audit(1719914314.000:545): avc: denied { relabelto } for pid=4289 comm="syz.4.1348" name="bus" dev="tmpfs" ino=50158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:systemd_passwd_agent_exec_t:s0" [ 143.411251][ T652] blk_update_request: I/O error, dev loop4, sector 1009 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 143.427054][ T592] blk_update_request: I/O error, dev loop4, sector 109 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 143.438279][ T592] Buffer I/O error on dev loop4p1, logical block 9, async page read [ 143.450508][ T3819] blk_update_request: I/O error, dev loop4, sector 59 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 143.461379][ T592] blk_update_request: I/O error, dev loop4, sector 110 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 143.466520][ T652] Buffer I/O error on dev loop4p3, logical block 9, async page read [ 143.472259][ T3819] Buffer I/O error on dev loop4p2, logical block 9, async page read [ 143.487872][ T592] Buffer I/O error on dev loop4p1, logical block 10, async page read [ 143.495796][ T592] Buffer I/O error on dev loop4p1, logical block 11, async page read [ 143.498582][ T23] audit: type=1400 audit(1719914314.000:546): avc: denied { associate } for pid=4289 comm="syz.4.1348" name="bus" dev="tmpfs" ino=50158 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:systemd_passwd_agent_exec_t:s0" [ 143.503769][ T3819] Buffer I/O error on dev loop4p2, logical block 10, async page read [ 143.539849][ T592] Buffer I/O error on dev loop4p1, logical block 12, async page read [ 143.661313][ T3551] syz-executor (3551) used greatest stack depth: 18936 bytes left [ 143.701855][ T4291] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.716908][ T4291] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.731643][ T4291] device bridge_slave_0 entered promiscuous mode [ 143.748414][ T4291] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.762488][ T4291] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.777298][ T4291] device bridge_slave_1 entered promiscuous mode [ 144.290241][ T23] audit: type=1400 audit(1719914315.000:547): avc: denied { unlink } for pid=2776 comm="syz-executor" name="bus" dev="tmpfs" ino=50158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:systemd_passwd_agent_exec_t:s0" [ 144.350792][ T4309] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 144.498268][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 144.506043][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 144.769200][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 144.777988][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 144.786226][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.793201][ T372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.800920][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 144.809107][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 144.817562][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.824420][ T372] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.854110][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 144.861710][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 144.869783][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 144.902503][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 144.911430][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 144.942855][ T4313] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.950275][ T4313] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.957729][ T4313] device bridge_slave_0 entered promiscuous mode [ 144.966146][ T374] device bridge_slave_1 left promiscuous mode [ 144.974213][ T4319] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 144.977619][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.998432][ T374] device bridge_slave_0 left promiscuous mode [ 144.999620][ T4319] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 145.014764][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.143672][ T4313] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.150560][ T4313] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.157920][ T4313] device bridge_slave_1 entered promiscuous mode [ 145.167618][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 145.176303][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 145.481486][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 145.561843][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 145.580102][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 145.588188][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 145.613707][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 145.622146][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 145.632553][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 145.641658][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 145.990423][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 145.998045][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 146.031216][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 146.039930][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 146.049172][ T4332] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue [ 146.069796][ T4332] ext4 filesystem being mounted at /0/bus supports timestamps until 2038 (0x7fffffff) [ 146.070400][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.086022][ T372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.103850][ T4332] ext4 filesystem being mounted at /0/bus/file0 supports timestamps until 2038 (0x7fffffff) [ 146.113596][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 146.134004][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 146.145177][ T4291] EXT4-fs error (device loop1): ext4_readdir:260: inode #12: block 32: comm syz-executor: path /0/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 146.154132][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.172494][ T372] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.200255][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 146.211452][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 146.229372][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 146.480026][ T4348] cgroup1: Bad value for 'name' [ 146.648852][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 146.662068][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 146.688621][ T543] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 146.698427][ T543] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 146.725018][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 146.735089][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 146.761927][ T543] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 146.772137][ T543] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 146.805269][ T543] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 146.829987][ T543] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 146.988670][ T4352] EXT4-fs error (device loop2) in ext4_do_update_inode:5534: error 27 [ 147.009934][ T4352] EXT4-fs error (device loop2) in ext4_do_update_inode:5534: error 27 [ 147.020684][ T4352] Quota error (device loop2): write_blk: dquota write failed [ 147.032211][ T4352] Quota error (device loop2): qtree_write_dquot: Error -27 occurred while creating quota [ 147.073895][ T4352] EXT4-fs error (device loop2) in ext4_do_update_inode:5534: error 27 [ 147.099717][ T4352] EXT4-fs error (device loop2) in ext4_do_update_inode:5534: error 27 [ 147.113088][ T4350] F2FS-fs (loop4): Found nat_bits in checkpoint [ 147.117944][ T4352] EXT4-fs error (device loop2) in ext4_do_update_inode:5534: error 27 [ 147.127310][ T374] device bridge_slave_1 left promiscuous mode [ 147.133502][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.157899][ T4352] EXT4-fs error (device loop2) in ext4_orphan_del:3211: error 27 [ 147.165663][ T374] device bridge_slave_0 left promiscuous mode [ 147.172761][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.195196][ T4352] EXT4-fs error (device loop2) in ext4_do_update_inode:5534: error 27 [ 147.239681][ T4350] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 147.248039][ T4352] EXT4-fs error (device loop2) in ext4_orphan_cleanup:2816: error 27 [ 147.281973][ T4352] EXT4-fs (loop2): 1 truncate cleaned up [ 147.287416][ T4352] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 147.332160][ T4352] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038 (0x7fffffff) [ 147.365692][ T23] audit: type=1400 audit(1719914318.070:548): avc: denied { setattr } for pid=4351 comm="syz.2.1353" path="/0/file1/file0" dev="loop2" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 147.551734][ T23] audit: type=1400 audit(1719914318.260:549): avc: denied { write } for pid=4368 comm="syz.2.1366" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 147.569617][ T74] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 147.688349][ T4377] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue [ 147.709765][ T4377] ext4 filesystem being mounted at /67/bus supports timestamps until 2038 (0x7fffffff) [ 147.742155][ T4377] ext4 filesystem being mounted at /67/bus/file0 supports timestamps until 2038 (0x7fffffff) [ 147.772681][ T3982] EXT4-fs error (device loop0): ext4_readdir:260: inode #12: block 32: comm syz-executor: path /67/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 147.872324][ T74] usb 5-1: Using ep0 maxpacket: 32 [ 147.995771][ T74] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 148.024142][ T74] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 148.103017][ T74] usb 5-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 148.129605][ T23] audit: type=1400 audit(1719914318.780:550): avc: denied { module_load } for pid=4386 comm="syz.2.1374" path="/sys/kernel/fscaps" dev="sysfs" ino=97 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1 [ 148.138042][ T74] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.224049][ T74] usb 5-1: config 0 descriptor?? [ 148.280117][ T4393] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.286942][ T4393] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.310180][ T4393] device bridge_slave_0 entered promiscuous mode [ 148.317145][ T4393] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.339589][ T4393] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.346946][ T4393] device bridge_slave_1 entered promiscuous mode [ 148.485856][ T4393] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.492713][ T4393] bridge0: port 2(bridge_slave_1) entered forwarding state [ 148.499835][ T4393] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.506573][ T4393] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.554151][ T543] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 148.563944][ T543] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.579212][ T543] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.601428][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 148.612541][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.619374][ T372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.695009][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 148.731535][ T74] uclogic 0003:28BD:0094.001B: item fetching failed at offset 5/7 [ 148.739414][ T74] uclogic 0003:28BD:0094.001B: parse failed [ 148.748193][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.755166][ T372] bridge0: port 2(bridge_slave_1) entered forwarding state [ 148.762626][ T74] uclogic: probe of 0003:28BD:0094.001B failed with error -22 [ 148.800386][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 148.808196][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 148.856818][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 148.865424][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 148.899613][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 148.917550][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 148.951331][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 148.959325][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 148.996469][ T106] usb 5-1: USB disconnect, device number 14 [ 149.023928][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 149.040747][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 149.051064][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 149.059125][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 149.130332][ T391] device bridge_slave_1 left promiscuous mode [ 149.139241][ T391] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.166951][ T391] device bridge_slave_0 left promiscuous mode [ 149.172976][ T391] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.524360][ T4416] EXT4-fs error (device loop3): ext4_read_inode_bitmap:134: comm syz.3.1381: Invalid inode bitmap blk 4 in block_group 0 [ 149.546495][ T4416] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,resgid=0x000000000000ee00,auto_da_alloc=0x000000000080007f,noload,nobarrier,nodiscard,,errors=continue [ 149.628372][ T2776] attempt to access beyond end of device [ 149.628372][ T2776] loop4: rw=2049, want=45104, limit=40427 [ 149.997920][ T4428] EXT4-fs (loop3): Ignoring removed bh option [ 150.057416][ T4428] EXT4-fs error (device loop3): ext4_ext_check_inode:540: inode #16: comm syz.3.1385: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 19200(19200) [ 150.126106][ T4428] EXT4-fs error (device loop3): ext4_orphan_get:1240: comm syz.3.1385: couldn't read orphan inode 16 (err -117) [ 150.180538][ T592] print_req_error: 98 callbacks suppressed [ 150.180560][ T592] blk_update_request: I/O error, dev loop4, sector 108 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 150.272846][ T3819] blk_update_request: I/O error, dev loop4, sector 58 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 150.346717][ T652] blk_update_request: I/O error, dev loop4, sector 1008 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 150.358154][ T652] blk_update_request: I/O error, dev loop4, sector 1008 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 150.369259][ T652] buffer_io_error: 86 callbacks suppressed [ 150.369267][ T652] Buffer I/O error on dev loop4p3, logical block 8, async page read [ 150.383014][ T652] blk_update_request: I/O error, dev loop4, sector 1009 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 150.383202][ T4428] EXT4-fs (loop3): mounted filesystem without journal. Opts: init_itable,noquota,nouid32,barrier,resgid=0x0000000000000000,journal_dev=0x00000000000001ff,barrier,delalloc,bh,,errors=continue [ 150.394197][ T652] Buffer I/O error on dev loop4p3, logical block 9, async page read [ 150.416078][ T4428] ext4 filesystem being mounted at /6/file1 supports timestamps until 2038 (0x7fffffff) [ 150.449764][ T3819] blk_update_request: I/O error, dev loop4, sector 58 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 150.466229][ T652] blk_update_request: I/O error, dev loop4, sector 1010 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 150.477733][ T592] blk_update_request: I/O error, dev loop4, sector 108 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 150.491899][ T3819] Buffer I/O error on dev loop4p2, logical block 8, async page read [ 150.500488][ T23] audit: type=1400 audit(1719914321.210:551): avc: denied { map } for pid=4427 comm="syz.3.1385" path="/6/file1/bus" dev="devtmpfs" ino=9193 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 150.504174][ T652] Buffer I/O error on dev loop4p3, logical block 10, async page read [ 150.532734][ T3819] blk_update_request: I/O error, dev loop4, sector 59 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 150.543973][ T3819] Buffer I/O error on dev loop4p2, logical block 9, async page read [ 150.551943][ T3819] blk_update_request: I/O error, dev loop4, sector 60 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 150.562862][ T3819] Buffer I/O error on dev loop4p2, logical block 10, async page read [ 150.570923][ T3819] Buffer I/O error on dev loop4p2, logical block 11, async page read [ 150.574383][ T592] Buffer I/O error on dev loop4p1, logical block 8, async page read [ 150.578849][ T3819] Buffer I/O error on dev loop4p2, logical block 12, async page read [ 150.594831][ T3819] Buffer I/O error on dev loop4p2, logical block 13, async page read [ 150.611467][ T4393] EXT4-fs error (device loop3): ext4_xattr_block_get:544: inode #15: comm syz-executor: corrupted xattr block 19 [ 150.626958][ T4393] SELinux: inode_doinit_use_xattr: getxattr returned 74 for dev=loop3 ino=15 [ 150.644733][ T4393] EXT4-fs error (device loop3): ext4_xattr_block_get:544: inode #15: comm syz-executor: corrupted xattr block 19 [ 150.660419][ T4393] SELinux: inode_doinit_use_xattr: getxattr returned 74 for dev=loop3 ino=15 [ 150.692712][ T4393] EXT4-fs error (device loop3): ext4_xattr_block_get:544: inode #15: comm syz-executor: corrupted xattr block 19 [ 150.705741][ T4442] EXT4-fs error (device loop4): ext4_orphan_get:1260: comm syz.4.1388: bad orphan inode 8192 [ 150.736430][ T4442] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 150.752465][ T4393] SELinux: inode_doinit_use_xattr: getxattr returned 74 for dev=loop3 ino=15 [ 150.799736][ T23] audit: type=1400 audit(1719914321.510:552): avc: denied { unlink } for pid=4393 comm="syz-executor" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 150.799757][ T4393] EXT4-fs warning (device loop3): ext4_dirblock_csum_set:410: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 150.839798][ T4393] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2930: inode #15: comm syz-executor: corrupted xattr block 19 [ 150.865060][ T4393] EXT4-fs warning (device loop3): ext4_evict_inode:321: xattr delete (err -74) [ 150.874619][ T4393] EXT4-fs warning (device loop3): ext4_dirblock_csum_set:410: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 150.890038][ T4393] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2930: inode #18: comm syz-executor: corrupted xattr block 41 [ 150.903001][ T4393] EXT4-fs warning (device loop3): ext4_evict_inode:321: xattr delete (err -74) [ 150.940100][ T4393] EXT4-fs error (device loop3): ext4_lookup:1818: inode #2: comm syz-executor: deleted inode referenced: 16 [ 150.986776][ T4393] EXT4-fs error (device loop3): ext4_lookup:1818: inode #2: comm syz-executor: deleted inode referenced: 16 [ 151.009435][ T23] audit: type=1400 audit(1719914321.710:553): avc: denied { setopt } for pid=4451 comm="syz.4.1390" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 151.084418][ T4450] EXT4-fs error (device loop2): ext4_read_inode_bitmap:134: comm syz.2.1392: Invalid inode bitmap blk 4 in block_group 0 [ 151.109853][ T4450] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,resgid=0x000000000000ee00,auto_da_alloc=0x000000000080007f,noload,nobarrier,nodiscard,,errors=continue [ 151.648696][ T4463] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.671329][ T4463] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.678778][ T4463] device bridge_slave_0 entered promiscuous mode [ 151.702050][ T4463] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.708874][ T4463] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.730168][ T4463] device bridge_slave_1 entered promiscuous mode [ 151.748091][ T23] audit: type=1400 audit(1719914322.450:554): avc: denied { watch watch_reads } for pid=4484 comm="syz.4.1404" path="/151/bus" dev="tmpfs" ino=52776 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 151.790125][ T374] device bridge_slave_1 left promiscuous mode [ 151.796053][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.819826][ T374] device bridge_slave_0 left promiscuous mode [ 151.832407][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.957441][ T4498] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1410'. [ 152.399272][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 152.410774][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 152.443245][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 152.456677][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 152.475211][ T1730] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.482080][ T1730] bridge0: port 1(bridge_slave_0) entered forwarding state [ 152.496486][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 152.513116][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 152.529362][ T1730] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.536198][ T1730] bridge0: port 2(bridge_slave_1) entered forwarding state [ 152.565305][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 152.573003][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 152.581142][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 152.588991][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 152.619062][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 152.634845][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 152.653237][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 152.668766][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 152.677449][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 152.694466][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 152.702663][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 152.960045][ T4521] erofs: (device loop3): mounted with opts: , root inode @ nid 36. [ 152.990915][ T4527] EXT4-fs (loop4): Ignoring removed bh option [ 153.003213][ T4521] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=86 [ 153.024763][ T4521] overlayfs: failed to get metacopy (-117) [ 153.036997][ T4527] EXT4-fs error (device loop4): ext4_ext_check_inode:540: inode #16: comm syz.4.1420: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 19200(19200) [ 153.085532][ T4527] EXT4-fs error (device loop4): ext4_orphan_get:1240: comm syz.4.1420: couldn't read orphan inode 16 (err -117) [ 153.108568][ T4529] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 153.126472][ T4527] EXT4-fs (loop4): mounted filesystem without journal. Opts: init_itable,noquota,nouid32,barrier,resgid=0x0000000000000000,journal_dev=0x00000000000001ff,barrier,delalloc,bh,,errors=continue [ 153.149743][ T4527] ext4 filesystem being mounted at /159/file1 supports timestamps until 2038 (0x7fffffff) [ 153.275188][ T2776] EXT4-fs error (device loop4): ext4_xattr_block_get:544: inode #15: comm syz-executor: corrupted xattr block 19 [ 153.319925][ T2776] SELinux: inode_doinit_use_xattr: getxattr returned 74 for dev=loop4 ino=15 [ 153.328679][ T2776] EXT4-fs error (device loop4): ext4_xattr_block_get:544: inode #15: comm syz-executor: corrupted xattr block 19 [ 153.369801][ T2776] SELinux: inode_doinit_use_xattr: getxattr returned 74 for dev=loop4 ino=15 [ 153.378524][ T2776] EXT4-fs error (device loop4): ext4_xattr_block_get:544: inode #15: comm syz-executor: corrupted xattr block 19 [ 153.421118][ T2776] SELinux: inode_doinit_use_xattr: getxattr returned 74 for dev=loop4 ino=15 [ 153.439626][ T2776] EXT4-fs warning (device loop4): ext4_dirblock_csum_set:410: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 153.469715][ T2776] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2930: inode #15: comm syz-executor: corrupted xattr block 19 [ 153.497842][ T2776] EXT4-fs warning (device loop4): ext4_evict_inode:321: xattr delete (err -74) [ 153.520242][ T2776] EXT4-fs warning (device loop4): ext4_dirblock_csum_set:410: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D. [ 153.549669][ T2776] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2930: inode #18: comm syz-executor: corrupted xattr block 41 [ 153.579715][ T2776] EXT4-fs warning (device loop4): ext4_evict_inode:321: xattr delete (err -74) [ 153.591299][ T2776] EXT4-fs error (device loop4): ext4_lookup:1818: inode #2: comm syz-executor: deleted inode referenced: 16 [ 153.619818][ T2776] EXT4-fs error (device loop4): ext4_lookup:1818: inode #2: comm syz-executor: deleted inode referenced: 16 [ 154.258977][ T4548] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.273492][ T4548] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.287400][ T4548] device bridge_slave_0 entered promiscuous mode [ 154.302090][ T4548] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.316474][ T4548] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.331445][ T4548] device bridge_slave_1 entered promiscuous mode [ 154.609936][ T848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 154.619452][ T848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 154.664966][ T848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 154.679957][ T848] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 154.688227][ T848] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.693904][ T4560] EXT4-fs error (device loop3): ext4_read_inode_bitmap:134: comm syz.3.1431: Invalid inode bitmap blk 4 in block_group 0 [ 154.695065][ T848] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.715104][ T4560] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,resgid=0x000000000000ee00,auto_da_alloc=0x000000000080007f,noload,nobarrier,nodiscard,,errors=continue [ 154.769672][ T848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 154.778155][ T848] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 154.799861][ T848] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.806680][ T848] bridge0: port 2(bridge_slave_1) entered forwarding state [ 154.839997][ T848] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 154.847533][ T848] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 154.870249][ T848] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 154.890021][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 154.898260][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 154.965866][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 154.991393][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 155.018267][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 155.066639][ T4569] erofs: (device loop2): mounted with opts: , root inode @ nid 36. [ 155.231694][ T4575] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1427'. [ 155.339154][ T4581] fuse: Bad value for 'fd' [ 155.436208][ T4581] device pim6reg1 entered promiscuous mode [ 156.063393][ T592] print_req_error: 431 callbacks suppressed [ 156.063408][ T592] blk_update_request: I/O error, dev loop4, sector 108 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 156.082493][ T4595] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 156.086759][ T652] blk_update_request: I/O error, dev loop4, sector 58 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 156.102745][ T348] blk_update_request: I/O error, dev loop4, sector 1008 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 156.129780][ T652] blk_update_request: I/O error, dev loop4, sector 58 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 156.141569][ T348] blk_update_request: I/O error, dev loop4, sector 1008 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 156.144644][ T592] blk_update_request: I/O error, dev loop4, sector 108 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 156.168808][ T348] buffer_io_error: 382 callbacks suppressed [ 156.168817][ T348] Buffer I/O error on dev loop4p3, logical block 8, async page read [ 156.187408][ T4595] EXT4-fs (loop2): mounted filesystem without journal. Opts: user_xattr,nobarrier,sysvgroups,norecovery,errors=continue,nomblk_io_submit,quota,noauto_da_alloc,lazytime,,errors=continue [ 156.189595][ T652] Buffer I/O error on dev loop4p2, logical block 8, async page read [ 156.205641][ T592] Buffer I/O error on dev loop4p1, logical block 8, async page read [ 156.232631][ T348] blk_update_request: I/O error, dev loop4, sector 1009 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 156.266342][ T348] Buffer I/O error on dev loop4p3, logical block 9, async page read [ 156.274987][ T652] blk_update_request: I/O error, dev loop4, sector 59 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 156.309846][ T652] Buffer I/O error on dev loop4p2, logical block 9, async page read [ 156.330554][ T652] blk_update_request: I/O error, dev loop4, sector 60 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 156.344839][ T23] audit: type=1400 audit(1719914327.030:555): avc: denied { relabelfrom } for pid=4611 comm="syz.4.1446" name="" dev="pipefs" ino=54700 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 156.347975][ T592] blk_update_request: I/O error, dev loop4, sector 109 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 156.401440][ T348] Buffer I/O error on dev loop4p3, logical block 10, async page read [ 156.409346][ T348] Buffer I/O error on dev loop4p3, logical block 11, async page read [ 156.424306][ T348] Buffer I/O error on dev loop4p3, logical block 12, async page read [ 156.427421][ T652] Buffer I/O error on dev loop4p2, logical block 10, async page read [ 156.443641][ T348] Buffer I/O error on dev loop4p3, logical block 13, async page read [ 156.620250][ T4613] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.627197][ T4613] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.635516][ T4613] device bridge_slave_0 entered promiscuous mode [ 156.644651][ T4613] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.677071][ T4613] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.706321][ T4613] device bridge_slave_1 entered promiscuous mode [ 156.737863][ T4644] netlink: 1 bytes leftover after parsing attributes in process `syz.4.1459'. [ 156.759944][ T4646] netlink: 'syz.3.1460': attribute type 1 has an invalid length. [ 157.005138][ T4613] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.011988][ T4613] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.019097][ T4613] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.025898][ T4613] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.064358][ T4673] netlink: 'syz.2.1473': attribute type 1 has an invalid length. [ 157.168736][ T4682] erofs: (device loop4): mounted with opts: , root inode @ nid 36. [ 157.176531][ T74] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.190072][ T74] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.205814][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 157.216030][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 157.227929][ T4682] erofs: (device loop4): erofs_fill_dentries: bogus dirent @ nid 36 [ 157.249685][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 157.257689][ T372] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.264523][ T372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.311503][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 157.343859][ T1730] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.350700][ T1730] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.358157][ T391] device bridge_slave_1 left promiscuous mode [ 157.364650][ T391] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.381106][ T4695] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 157.399786][ T391] device bridge_slave_0 left promiscuous mode [ 157.405839][ T391] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.421162][ T4695] EXT4-fs (loop4): mounted filesystem without journal. Opts: user_xattr,nobarrier,sysvgroups,norecovery,errors=continue,nomblk_io_submit,quota,noauto_da_alloc,lazytime,,errors=continue [ 157.620022][ T4702] netlink: 'syz.2.1485': attribute type 1 has an invalid length. [ 157.638853][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 157.658587][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 157.713541][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 157.722471][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 157.750886][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 157.758752][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 157.791971][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 157.809963][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 157.818084][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 157.837750][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 157.857188][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 157.871003][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 158.155494][ T4731] cgroup1: Bad value for 'name' [ 158.386322][ T4714] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.394150][ T4714] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.401702][ T4714] device bridge_slave_0 entered promiscuous mode [ 158.408605][ T4714] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.415814][ T4714] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.423460][ T4714] device bridge_slave_1 entered promiscuous mode [ 158.442129][ T4730] EXT4-fs (loop1): mounted filesystem without journal. Opts: journal_dev=0x0000000000000000,nouid32,,errors=continue [ 158.454498][ T4730] ext4 filesystem being mounted at /3/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 158.854421][ T2804] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 158.899980][ T2804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 158.927943][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 158.937861][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 158.952697][ T1730] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.959598][ T1730] bridge0: port 1(bridge_slave_0) entered forwarding state [ 159.205420][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 159.213738][ T1730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 159.221783][ T1730] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.228636][ T1730] bridge0: port 2(bridge_slave_1) entered forwarding state [ 159.241285][ T2804] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 159.259206][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 159.269469][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 159.342049][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 159.369426][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 159.423208][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 159.432139][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 159.475396][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 159.488287][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 159.545781][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 159.553863][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 159.575934][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 159.586689][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 159.604035][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 159.612797][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 159.623430][ T391] device bridge_slave_1 left promiscuous mode [ 159.635647][ T391] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.644565][ T391] device bridge_slave_0 left promiscuous mode [ 159.651062][ T391] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.769601][ T4786] cgroup1: Bad value for 'name' [ 160.025512][ T4789] device pim6reg1 entered promiscuous mode [ 160.451221][ T4829] EXT4-fs (loop3): Unsupported blocksize for fs encryption [ 160.492026][ T4824] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 160.868523][ T4856] hub 6-0:1.0: USB hub found [ 160.873997][ T4856] hub 6-0:1.0: 1 port detected [ 161.247106][ T23] audit: type=1400 audit(1719914331.950:556): avc: denied { mount } for pid=4863 comm="syz.3.1541" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 161.301259][ T23] audit: type=1400 audit(1719914331.980:557): avc: denied { watch watch_reads } for pid=4863 comm="syz.3.1541" path="/45/file0" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1 [ 161.340923][ T23] audit: type=1400 audit(1719914332.000:558): avc: denied { unmount } for pid=4463 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 161.357873][ T4871] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1545'. [ 161.434007][ T4868] EXT4-fs (loop2): Unsupported blocksize for fs encryption [ 161.604975][ T23] audit: type=1400 audit(1719914332.310:559): avc: denied { remount } for pid=4884 comm="syz.0.1550" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 161.714053][ T4881] EXT4-fs (loop1): mounted filesystem without journal. Opts: auto_da_alloc,min_batch_time=0x0000000000000008,minixdf,,errors=continue [ 161.727712][ T4881] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038 (0x7fffffff) [ 161.761042][ T4879] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue [ 161.767430][ T4881] EXT4-fs error (device loop1): ext4_find_dest_de:2063: inode #2: block 3: comm syz.1.1549: bad entry in directory: directory entry overrun - offset=0, inode=2, rec_len=64268, size=2048 fake=1 [ 161.803977][ T4879] ext4 filesystem being mounted at /29/bus supports timestamps until 2038 (0x7fffffff) [ 161.870725][ T23] audit: type=1400 audit(1719914332.580:560): avc: denied { create } for pid=4878 comm="syz.4.1546" name=E91F7189591E9233614B scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1 [ 162.221034][ T4914] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue [ 162.236271][ T4914] ext4 filesystem being mounted at /50/bus supports timestamps until 2038 (0x7fffffff) [ 162.265933][ T23] audit: type=1400 audit(1719914332.970:561): avc: denied { remount } for pid=4913 comm="syz.3.1561" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 162.287734][ T4914] EXT4-fs (loop3): Cannot change quota options when quota turned on [ 162.301178][ T4914] ext4 filesystem being remounted at /50/bus supports timestamps until 2038 (0x7fffffff) [ 162.322050][ T4914] EXT4-fs error (device loop3) in ext4_do_update_inode:5534: error 27 [ 162.339723][ T4914] EXT4-fs error (device loop3) in ext4_do_update_inode:5534: error 27 [ 162.359767][ T4914] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2962: inode #18: comm syz.3.1561: mark inode dirty (error -27) [ 162.379935][ T4914] EXT4-fs warning (device loop3): ext4_evict_inode:321: xattr delete (err -27) [ 162.470732][ T4925] EXT4-fs error (device loop3): ext4_find_dest_de:2063: inode #12: block 32: comm syz.3.1561: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 162.730641][ T4927] EXT4-fs (loop3): Unsupported blocksize for fs encryption [ 162.901581][ T4932] EXT4-fs (loop0): mounted filesystem without journal. Opts: auto_da_alloc,min_batch_time=0x0000000000000008,minixdf,,errors=continue [ 162.926615][ T4932] ext4 filesystem being mounted at /10/file0 supports timestamps until 2038 (0x7fffffff) [ 162.961601][ T4932] EXT4-fs error (device loop0): ext4_find_dest_de:2063: inode #2: block 3: comm syz.0.1565: bad entry in directory: directory entry overrun - offset=0, inode=2, rec_len=64268, size=2048 fake=1 [ 163.041421][ T4943] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue [ 163.055208][ T4943] ext4 filesystem being mounted at /55/bus supports timestamps until 2038 (0x7fffffff) [ 163.173192][ T4952] ------------[ cut here ]------------ [ 163.178493][ T4952] WARNING: CPU: 1 PID: 4952 at mm/page_alloc.c:4875 __alloc_pages_nodemask+0x5d5/0x840 [ 163.187925][ T4952] Modules linked in: [ 163.191678][ T4952] CPU: 1 PID: 4952 Comm: syz.0.1570 Not tainted 5.4.276-syzkaller-00021-g58de09405d1e #0 [ 163.201286][ T4952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 163.211198][ T4952] RIP: 0010:__alloc_pages_nodemask+0x5d5/0x840 [ 163.217170][ T4952] Code: e1 07 80 c1 03 38 c1 0f 8c 12 fd ff ff 4c 89 f7 89 74 24 38 e8 1c 27 04 00 8b 74 24 38 48 8d bc 24 a0 00 00 00 e9 f5 fc ff ff <0f> 0b 31 db e9 ef fd ff ff 43 80 7c 3d 00 00 74 0a 48 8b 7c 24 48 [ 163.236608][ T4952] RSP: 0018:ffff8881e36678e0 EFLAGS: 00010246 [ 163.242514][ T4952] RAX: ffff8881e3667990 RBX: 0000000000040dc0 RCX: 0000000000000000 [ 163.250322][ T4952] RDX: 0000000000000018 RSI: 0000000000000000 RDI: ffff8881e36679a8 [ 163.258139][ T4952] RBP: ffff8881e3667a30 R08: dffffc0000000000 R09: ffff8881e3667990 [ 163.265947][ T4952] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1103c6ccf2c [ 163.273757][ T4952] R13: ffff8881ea3c2150 R14: 000000000000001a R15: dffffc0000000000 [ 163.281570][ T4952] FS: 00007fed9e0a66c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 163.290332][ T4952] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 163.296756][ T4952] CR2: 0000000020001140 CR3: 00000001d93e3000 CR4: 00000000003406a0 [ 163.304568][ T4952] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 163.312377][ T4952] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 163.320184][ T4952] Call Trace: [ 163.323327][ T4952] ? __warn+0x162/0x250 [ 163.327314][ T4952] ? report_bug+0x3a1/0x4e0 [ 163.331649][ T4952] ? __alloc_pages_nodemask+0x5d5/0x840 [ 163.337031][ T4952] ? __alloc_pages_nodemask+0x5d5/0x840 [ 163.342426][ T4952] ? do_invalid_op+0x6e/0x110 [ 163.346925][ T4952] ? invalid_op+0x1e/0x30 [ 163.351095][ T4952] ? __alloc_pages_nodemask+0x5d5/0x840 [ 163.356471][ T4952] ? cpus_share_cache+0x110/0x110 [ 163.361332][ T4952] ? gfp_pfmemalloc_allowed+0x120/0x120 [ 163.366716][ T4952] kmalloc_order_trace+0x2a/0x100 [ 163.371572][ T4952] input_mt_init_slots+0xc6/0x9d0 [ 163.376434][ T4952] uinput_create_device+0x50f/0x620 [ 163.381476][ T4952] uinput_ioctl_handler+0xa63/0x16a0 [ 163.386586][ T4952] ? do_futex+0x13c1/0x19f0 [ 163.390926][ T4952] ? uinput_release+0x50/0x50 [ 163.395445][ T4952] ? memset+0x1f/0x40 [ 163.399261][ T4952] ? fsnotify+0x1280/0x1340 [ 163.403600][ T4952] ? uinput_poll+0x110/0x110 [ 163.408024][ T4952] do_vfs_ioctl+0x742/0x1720 [ 163.412454][ T4952] ? ioctl_preallocate+0x250/0x250 [ 163.417403][ T4952] ? __fget+0x407/0x490 [ 163.421406][ T4952] ? fget_many+0x20/0x20 [ 163.425470][ T4952] ? switch_fpu_return+0x1d4/0x410 [ 163.430418][ T4952] ? security_file_ioctl+0x7d/0xa0 [ 163.435365][ T4952] __x64_sys_ioctl+0xd4/0x110 [ 163.439908][ T4952] do_syscall_64+0xca/0x1c0 [ 163.444218][ T4952] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 163.449944][ T4952] RIP: 0033:0x7fed9ee24f19 [ 163.454198][ T4952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.473640][ T4952] RSP: 002b:00007fed9e0a6048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 163.481881][ T4952] RAX: ffffffffffffffda RBX: 00007fed9efb2f60 RCX: 00007fed9ee24f19 [ 163.489696][ T4952] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000008 [ 163.497505][ T4952] RBP: 00007fed9ee93bcd R08: 0000000000000000 R09: 0000000000000000 [ 163.505315][ T4952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 163.513128][ T4952] R13: 000000000000000b R14: 00007fed9efb2f60 R15: 00007fffb62c0cd8 [ 163.520949][ T4952] ---[ end trace b8d02d071cb4a91e ]--- [ 163.811656][ T4974] EXT4-fs (loop3): mounted filesystem without journal. Opts: auto_da_alloc,min_batch_time=0x0000000000000008,minixdf,,errors=continue [ 163.845003][ T4974] ext4 filesystem being mounted at /60/file0 supports timestamps until 2038 (0x7fffffff) [ 163.907673][ T4974] EXT4-fs error (device loop3): ext4_find_dest_de:2063: inode #2: block 3: comm syz.3.1580: bad entry in directory: directory entry overrun - offset=0, inode=2, rec_len=64268, size=2048 fake=1 [ 163.993969][ T4988] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue [ 164.023239][ T4988] ext4 filesystem being mounted at /17/bus supports timestamps until 2038 (0x7fffffff) [ 164.164924][ T4988] EXT4-fs (loop0): Cannot change quota options when quota turned on [ 164.179721][ T4988] ext4 filesystem being remounted at /17/bus supports timestamps until 2038 (0x7fffffff) [ 164.228675][ T4988] EXT4-fs error (device loop0) in ext4_do_update_inode:5534: error 27 [ 164.237644][ T4988] EXT4-fs error (device loop0) in ext4_do_update_inode:5534: error 27 [ 164.246242][ T4988] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2962: inode #18: comm syz.0.1585: mark inode dirty (error -27) [ 164.264738][ T4988] EXT4-fs warning (device loop0): ext4_evict_inode:321: xattr delete (err -27) [ 164.292138][ T23] audit: type=1400 audit(1719914335.000:562): avc: denied { write } for pid=5009 comm="syz.3.1593" name="map_files" dev="proc" ino=57644 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 164.332979][ T23] audit: type=1400 audit(1719914335.020:563): avc: denied { add_name } for pid=5009 comm="syz.3.1593" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 164.357265][ T5004] EXT4-fs error (device loop0): ext4_find_dest_de:2063: inode #12: block 32: comm syz.0.1585: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 164.382811][ T23] audit: type=1400 audit(1719914335.020:564): avc: denied { create } for pid=5009 comm="syz.3.1593" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1 [ 164.407117][ T23] audit: type=1400 audit(1719914335.020:565): avc: denied { associate } for pid=5009 comm="syz.3.1593" name="file0" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 164.508647][ T5021] syz.0.1597 uses obsolete (PF_INET,SOCK_PACKET) [ 165.046014][ T5050] F2FS-fs (loop0): invalid crc value [ 165.066847][ T5050] F2FS-fs (loop0): Found nat_bits in checkpoint [ 165.074210][ T592] print_req_error: 654 callbacks suppressed [ 165.074224][ T592] blk_update_request: I/O error, dev loop4, sector 108 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 165.093195][ T3819] blk_update_request: I/O error, dev loop4, sector 58 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 165.106512][ T652] blk_update_request: I/O error, dev loop4, sector 1008 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 165.115398][ T5050] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 165.120073][ T3819] blk_update_request: I/O error, dev loop4, sector 58 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 165.125908][ T592] blk_update_request: I/O error, dev loop4, sector 108 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 165.147451][ T592] buffer_io_error: 581 callbacks suppressed [ 165.147478][ T592] Buffer I/O error on dev loop4p1, logical block 8, async page read [ 165.147936][ T652] blk_update_request: I/O error, dev loop4, sector 1008 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 165.172124][ T592] blk_update_request: I/O error, dev loop4, sector 109 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 165.179582][ T3819] Buffer I/O error on dev loop4p2, logical block 8, async page read [ 165.183547][ T592] Buffer I/O error on dev loop4p1, logical block 9, async page read [ 165.193363][ T652] Buffer I/O error on dev loop4p3, logical block 8, async page read [ 165.206516][ T592] blk_update_request: I/O error, dev loop4, sector 110 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 165.207257][ T3819] blk_update_request: I/O error, dev loop4, sector 59 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 165.217753][ T592] Buffer I/O error on dev loop4p1, logical block 10, async page read [ 165.236579][ T592] blk_update_request: I/O error, dev loop4, sector 111 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 165.252493][ T652] Buffer I/O error on dev loop4p3, logical block 9, async page read [ 165.260588][ T652] Buffer I/O error on dev loop4p3, logical block 10, async page read [ 165.268473][ T652] Buffer I/O error on dev loop4p3, logical block 11, async page read [ 165.276570][ T3819] Buffer I/O error on dev loop4p2, logical block 9, async page read [ 165.284393][ T3819] Buffer I/O error on dev loop4p2, logical block 10, async page read [ 165.723669][ T5071] input: syz0 as /devices/virtual/input/input26 [ 165.760398][ T5071] attempt to access beyond end of device [ 165.760398][ T5071] loop0: rw=34817, want=77952, limit=40427 [ 165.974702][ T4714] attempt to access beyond end of device [ 165.974702][ T4714] loop0: rw=2049, want=45104, limit=40427 [ 166.892074][ T23] audit: type=1326 audit(1719914337.600:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5134 comm="syz.3.1637" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff9b8222f19 code=0x0 [ 167.122044][ T5142] netlink: 'syz.2.1639': attribute type 5 has an invalid length. [ 167.293846][ T5133] F2FS-fs (loop4): invalid crc value [ 167.300358][ T5133] F2FS-fs (loop4): Found nat_bits in checkpoint [ 167.342536][ T5133] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 167.595967][ T5166] input: syz0 as /devices/virtual/input/input27 [ 167.638829][ T5166] attempt to access beyond end of device [ 167.638829][ T5166] loop4: rw=34817, want=77952, limit=40427 [ 167.871276][ T4548] attempt to access beyond end of device [ 167.871276][ T4548] loop4: rw=2049, want=45104, limit=40427 [ 168.201765][ T23] audit: type=1326 audit(1719914338.910:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5193 comm="syz.1.1659" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2cde994f19 code=0x0 [ 168.331341][ T2804] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 168.448920][ T5200] F2FS-fs (loop4): invalid crc value [ 168.456822][ T5200] F2FS-fs (loop4): Found nat_bits in checkpoint [ 168.659643][ T2804] usb 3-1: Using ep0 maxpacket: 16 [ 168.705881][ T5200] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 168.802081][ T2804] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 168.964293][ T5228] input: syz0 as /devices/virtual/input/input28 [ 168.980268][ T5228] attempt to access beyond end of device [ 168.980268][ T5228] loop4: rw=34817, want=77952, limit=40427 [ 169.020027][ T2804] usb 3-1: New USB device found, idVendor=1b3d, idProduct=015e, bcdDevice=bb.da [ 169.075695][ T2804] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.112305][ T2804] usb 3-1: Product: syz [ 169.116481][ T2804] usb 3-1: Manufacturer: syz [ 169.121111][ T2804] usb 3-1: SerialNumber: syz [ 169.127787][ T2804] usb 3-1: config 0 descriptor?? [ 169.186452][ T4548] attempt to access beyond end of device [ 169.186452][ T4548] loop4: rw=2049, want=45104, limit=40427 [ 169.198150][ T2804] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 169.220149][ T2804] usb 3-1: Detected FT-X [ 169.409636][ T2804] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 169.429713][ T2804] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 169.459637][ T2804] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71 [ 169.472339][ T2804] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 169.492871][ T2804] usb 3-1: USB disconnect, device number 12 [ 169.510029][ T2804] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 169.529123][ T2804] ftdi_sio 3-1:0.0: device disconnected [ 169.580085][ T7] Bluetooth: hci0: Frame reassembly failed (-84) [ 169.869622][ T5] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 170.080804][ T5255] EXT4-fs (loop2): bad geometry: block count 3098423767073024 exceeds size of device (256 blocks) [ 170.109598][ T5] usb 1-1: Using ep0 maxpacket: 16 [ 170.148191][ T23] audit: type=1326 audit(1719914340.850:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5262 comm="syz.3.1682" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff9b8222f19 code=0x0 [ 170.229693][ T5] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 170.237546][ T5] usb 1-1: config 0 has no interface number 0 [ 170.243490][ T5] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 170.255514][ T5] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 170.371352][ T5269] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.378217][ T5269] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.385567][ T5269] device bridge_slave_0 entered promiscuous mode [ 170.393244][ T5269] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.399792][ T5] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 170.400128][ T5269] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.410323][ T5] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 170.416388][ T5269] device bridge_slave_1 entered promiscuous mode [ 170.424187][ T5] usb 1-1: Product: syz [ 170.434006][ T5] usb 1-1: SerialNumber: syz [ 170.441988][ T5] usb 1-1: config 0 descriptor?? [ 170.489661][ T5269] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.496502][ T5269] bridge0: port 2(bridge_slave_1) entered forwarding state [ 170.503659][ T5269] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.510491][ T5269] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.539398][ T2804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 170.547718][ T2804] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.556263][ T2804] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.570415][ T848] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 170.578354][ T848] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.585185][ T848] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.592341][ T848] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 170.600393][ T848] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.607208][ T848] bridge0: port 2(bridge_slave_1) entered forwarding state [ 170.630191][ T848] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 170.637929][ T848] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 170.648622][ T2804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 170.663308][ T848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 170.679101][ T848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 170.694670][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 170.707624][ T848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 170.717623][ T5] usb 1-1: USB disconnect, device number 13 [ 170.734179][ T23] audit: type=1400 audit(1719914341.440:569): avc: denied { mount } for pid=5269 comm="syz-executor" name="/" dev="tmpfs" ino=60044 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 170.880904][ T7] device bridge_slave_1 left promiscuous mode [ 170.884205][ T5278] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 170.893151][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.897971][ T5278] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 170.912209][ T7] device bridge_slave_0 left promiscuous mode [ 170.922870][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.000203][ T23] audit: type=1400 audit(1719914341.700:570): avc: denied { bind } for pid=5283 comm="syz.1.1688" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 171.054656][ T23] audit: type=1400 audit(1719914341.730:571): avc: denied { listen } for pid=5283 comm="syz.1.1688" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 171.080936][ T23] audit: type=1400 audit(1719914341.730:572): avc: denied { accept } for pid=5283 comm="syz.1.1688" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 171.589834][ T18] Bluetooth: hci0: command 0x1003 tx timeout [ 171.595934][ T1066] Bluetooth: hci0: sending frame failed (-49) [ 171.707621][ T23] audit: type=1400 audit(1719914342.380:573): avc: denied { connect } for pid=5302 comm="syz.0.1693" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 171.909231][ T5312] input: syz1 as /devices/virtual/input/input29 [ 172.017597][ T5318] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 172.025676][ T5318] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 172.102737][ T5320] EXT4-fs (loop3): bad geometry: block count 3098423767073024 exceeds size of device (256 blocks) [ 172.117021][ T23] audit: type=1326 audit(1719914342.820:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5324 comm="syz.2.1701" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7feb84930f19 code=0x0 [ 172.241510][ T23] audit: type=1400 audit(1719914342.950:575): avc: denied { bind } for pid=5327 comm="syz.0.1702" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 172.529592][ T106] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 173.040371][ T5336] netlink: 'syz.1.1704': attribute type 5 has an invalid length. [ 173.064391][ T106] usb 1-1: Using ep0 maxpacket: 16 [ 173.185633][ T5342] input: syz1 as /devices/virtual/input/input30 [ 173.199725][ T106] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 173.211626][ T106] usb 1-1: config 0 has no interface number 0 [ 173.217552][ T106] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 173.229157][ T106] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 173.322019][ T5350] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 173.330886][ T5350] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 173.359671][ T106] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 173.368542][ T106] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 173.376473][ T106] usb 1-1: Product: syz [ 173.388382][ T106] usb 1-1: SerialNumber: syz [ 173.401251][ T106] usb 1-1: config 0 descriptor?? [ 173.670355][ T18] Bluetooth: hci0: command 0x1001 tx timeout [ 173.697308][ T1066] Bluetooth: hci0: sending frame failed (-49) [ 173.749357][ T106] usb 1-1: USB disconnect, device number 14 [ 173.805412][ T5366] EXT4-fs (loop3): bad geometry: block count 3098423767073024 exceeds size of device (256 blocks) [ 173.822831][ T23] audit: type=1326 audit(1719914344.530:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5369 comm="syz.1.1717" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f154ba8ef19 code=0x0 [ 174.512488][ T13] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 174.529612][ T848] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 174.541477][ T5390] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 174.549523][ T5390] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 174.663892][ T5395] EXT4-fs error (device loop3) in ext4_do_update_inode:5534: error 27 [ 174.672121][ T5395] EXT4-fs error (device loop3) in ext4_do_update_inode:5534: error 27 [ 174.680531][ T5395] EXT4-fs error (device loop3) in ext4_do_update_inode:5534: error 27 [ 174.688646][ T5395] EXT4-fs error (device loop3) in ext4_orphan_del:3211: error 27 [ 174.696475][ T5395] EXT4-fs error (device loop3) in ext4_do_update_inode:5534: error 27 [ 174.705143][ T5395] EXT4-fs error (device loop3) in ext4_orphan_cleanup:2816: error 27 [ 174.713901][ T5395] EXT4-fs (loop3): 1 truncate cleaned up [ 174.719346][ T5395] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 174.728401][ T5395] ext4 filesystem being mounted at /106/file1 supports timestamps until 2038 (0x7fffffff) [ 174.799603][ T13] usb 3-1: Using ep0 maxpacket: 32 [ 174.897162][ T5404] hub 6-0:1.0: USB hub found [ 174.902223][ T5404] hub 6-0:1.0: 1 port detected [ 174.959880][ T13] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 174.979862][ T848] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 175.022301][ T13] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 175.032027][ T848] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 175.041681][ T13] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 175.050567][ T848] usb 1-1: New USB device found, idVendor=258a, idProduct=6a88, bcdDevice= 0.00 [ 175.059468][ T13] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.067241][ T848] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.082453][ T848] usb 1-1: config 0 descriptor?? [ 175.130136][ T13] hub 3-1:4.0: USB hub found [ 175.386730][ T13] hub 3-1:4.0: 25 ports detected [ 175.391721][ T13] usb 3-1: selecting invalid altsetting 1 [ 175.397279][ T13] hub 3-1:4.0: Using single TT (err -22) [ 175.419637][ T13] hub 3-1:4.0: insufficient power available to use all downstream ports [ 175.559709][ T13] hub 3-1:4.0: hub_hub_status failed (err = -71) [ 175.565875][ T13] hub 3-1:4.0: config failed, can't get hub status (err -71) [ 175.600223][ T13] usb 3-1: USB disconnect, device number 13 [ 175.611371][ T848] itetech 0003:258A:6A88.001C: unbalanced collection at end of report description [ 175.620660][ T848] itetech: probe of 0003:258A:6A88.001C failed with error -22 [ 175.759641][ T106] Bluetooth: hci0: command 0x1009 tx timeout [ 175.813831][ T848] usb 1-1: USB disconnect, device number 15 [ 176.010830][ T2804] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 176.279710][ T2804] usb 2-1: Using ep0 maxpacket: 16 [ 176.399745][ T2804] usb 2-1: config 0 has an invalid interface number: 8 but max is 0 [ 176.407553][ T2804] usb 2-1: config 0 has no interface number 0 [ 176.414787][ T2804] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 176.427035][ T2804] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 176.448792][ T5423] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 176.458522][ T5423] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities [ 176.512465][ T5425] input: syz1 as /devices/virtual/input/input31 [ 176.705119][ T5427] input: syz1 as /devices/virtual/input/input32 [ 176.727967][ T5423] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1735'. [ 176.737087][ T5423] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 176.819827][ T2804] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 176.828731][ T2804] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 176.836604][ T2804] usb 2-1: Product: syz [ 176.840623][ T2804] usb 2-1: SerialNumber: syz [ 176.845667][ T2804] usb 2-1: config 0 descriptor?? [ 177.250672][ T2804] usb 2-1: USB disconnect, device number 17 [ 177.699673][ T106] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 177.771689][ T5450] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 177.903737][ T23] audit: type=1400 audit(1719914348.610:577): avc: denied { map } for pid=5458 comm="syz.1.1747" path="socket:[62730]" dev="sockfs" ino=62730 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 177.926919][ T23] audit: type=1400 audit(1719914348.610:578): avc: denied { read } for pid=5458 comm="syz.1.1747" path="socket:[62730]" dev="sockfs" ino=62730 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 177.982872][ T5466] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 177.991906][ T5466] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 178.069763][ T106] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 178.080474][ T106] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 178.089996][ T106] usb 3-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 178.098822][ T106] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.107310][ T106] usb 3-1: config 0 descriptor?? [ 178.115250][ T23] audit: type=1400 audit(1719914348.820:579): avc: denied { mounton } for pid=5463 comm="syz.1.1749" path="/11/file0" dev="tmpfs" ino=61827 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 178.124640][ T5466] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1750'. [ 178.139508][ T5464] JBD2: no valid journal superblock found [ 178.156384][ T5464] EXT4-fs (loop1): error loading journal [ 178.162365][ T5466] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 178.571063][ T5489] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 178.581418][ T106] hid-generic 0003:044F:B65D.001D: unknown main item tag 0x0 [ 178.588689][ T106] hid-generic 0003:044F:B65D.001D: unknown main item tag 0x0 [ 178.595902][ T106] hid-generic 0003:044F:B65D.001D: unknown main item tag 0x0 [ 178.603034][ T106] hid-generic 0003:044F:B65D.001D: unknown main item tag 0x0 [ 178.610484][ T106] hid-generic 0003:044F:B65D.001D: unknown main item tag 0x0 [ 178.617649][ T106] hid-generic 0003:044F:B65D.001D: unknown main item tag 0x0 [ 178.624898][ T106] hid-generic 0003:044F:B65D.001D: unknown main item tag 0x0 [ 178.632094][ T106] hid-generic 0003:044F:B65D.001D: unknown main item tag 0x0 [ 178.639302][ T106] hid-generic 0003:044F:B65D.001D: unknown main item tag 0x0 [ 178.646487][ T106] hid-generic 0003:044F:B65D.001D: unknown main item tag 0x0 [ 178.653689][ T106] hid-generic 0003:044F:B65D.001D: unknown main item tag 0x0 [ 178.660897][ T106] hid-generic 0003:044F:B65D.001D: unknown main item tag 0x0 [ 178.668083][ T106] hid-generic 0003:044F:B65D.001D: unknown main item tag 0x0 [ 178.675304][ T106] hid-generic 0003:044F:B65D.001D: unknown main item tag 0x0 [ 178.682501][ T106] hid-generic 0003:044F:B65D.001D: unknown main item tag 0x0 [ 178.689711][ T106] hid-generic 0003:044F:B65D.001D: unknown main item tag 0x0 [ 178.696925][ T106] hid-generic 0003:044F:B65D.001D: unbalanced collection at end of report description [ 178.706623][ T106] hid-generic: probe of 0003:044F:B65D.001D failed with error -22 [ 178.802338][ T848] usb 3-1: USB disconnect, device number 14 [ 178.831508][ T23] audit: type=1400 audit(1719914349.540:580): avc: denied { unmount } for pid=5269 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 178.872719][ T23] audit: type=1400 audit(1719914349.580:581): avc: denied { setopt } for pid=5511 comm="syz.1.1767" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 178.922194][ T5503] JBD2: no valid journal superblock found [ 178.931500][ T5503] EXT4-fs (loop3): error loading journal [ 179.072631][ T5523] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 179.081532][ T5523] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 179.184733][ T5523] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1770'. [ 179.194048][ T5523] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 179.312048][ T5530] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 179.344214][ T5528] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.351275][ T5528] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.358571][ T5528] device bridge_slave_0 entered promiscuous mode [ 179.365834][ T5528] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.372732][ T5528] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.380046][ T5528] device bridge_slave_1 entered promiscuous mode [ 179.459417][ T5528] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.466274][ T5528] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.473423][ T5528] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.480266][ T5528] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.520211][ T106] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.543908][ T106] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.553648][ T106] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.561093][ T106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.579061][ T2804] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 179.587470][ T2804] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.594327][ T2804] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.783611][ T2804] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 179.791695][ T2804] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.798512][ T2804] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.816808][ T848] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 179.831432][ T2804] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 179.858938][ T5555] overlayfs: workdir and upperdir must be separate subtrees [ 179.865624][ T2804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 179.958315][ T2804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 179.967830][ T2804] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 179.976792][ T2804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 179.985236][ T2804] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 179.993607][ T3819] print_req_error: 271 callbacks suppressed [ 179.993622][ T3819] blk_update_request: I/O error, dev loop4, sector 58 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 180.000540][ T23] audit: type=1400 audit(1719914350.700:582): avc: denied { bind } for pid=5561 comm="syz.4.1772" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 180.014686][ T652] blk_update_request: I/O error, dev loop4, sector 1008 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 180.031234][ T592] blk_update_request: I/O error, dev loop4, sector 108 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 180.091326][ T3819] blk_update_request: I/O error, dev loop4, sector 58 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 180.199646][ T592] blk_update_request: I/O error, dev loop4, sector 108 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 180.217966][ T3819] buffer_io_error: 240 callbacks suppressed [ 180.218001][ T3819] Buffer I/O error on dev loop4p2, logical block 8, async page read [ 180.238780][ T23] audit: type=1400 audit(1719914350.750:583): avc: denied { node_bind } for pid=5561 comm="syz.4.1772" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 180.300348][ T652] blk_update_request: I/O error, dev loop4, sector 1008 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 180.330106][ T23] audit: type=1400 audit(1719914350.830:584): avc: denied { remount } for pid=5556 comm="syz.3.1781" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 180.356892][ T3819] blk_update_request: I/O error, dev loop4, sector 59 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 180.359840][ T592] Buffer I/O error on dev loop4p1, logical block 8, async page read [ 180.378933][ T652] Buffer I/O error on dev loop4p3, logical block 8, async page read [ 180.394120][ T592] blk_update_request: I/O error, dev loop4, sector 109 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 180.405192][ T652] blk_update_request: I/O error, dev loop4, sector 1009 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 180.415627][ T3819] Buffer I/O error on dev loop4p2, logical block 9, async page read [ 180.416645][ T592] Buffer I/O error on dev loop4p1, logical block 9, async page read [ 180.426173][ T652] Buffer I/O error on dev loop4p3, logical block 9, async page read [ 180.432284][ T592] blk_update_request: I/O error, dev loop4, sector 110 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 180.450691][ T592] Buffer I/O error on dev loop4p1, logical block 10, async page read [ 180.452963][ T3819] Buffer I/O error on dev loop4p2, logical block 10, async page read [ 180.458606][ T592] Buffer I/O error on dev loop4p1, logical block 11, async page read [ 180.474885][ T652] Buffer I/O error on dev loop4p3, logical block 10, async page read [ 180.580212][ T5580] sit: non-ECT from 172.30.0.1 with TOS=0x1 [ 180.685831][ T106] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 180.909436][ T5576] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 180.917008][ T5576] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 180.944272][ T7] Bluetooth: hci0: Frame reassembly failed (-84) [ 180.952264][ T5576] F2FS-fs (loop2): Found nat_bits in checkpoint [ 181.077232][ T5576] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 181.084698][ T5576] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 181.183489][ T5600] cannot load conntrack support for proto=3 [ 181.367208][ T23] audit: type=1400 audit(1719914352.010:585): avc: denied { map } for pid=5575 comm="syz.2.1789" path="pipe:[49025]" dev="pipefs" ino=49025 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 181.372667][ T106] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 181.400668][ T106] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 181.411170][ T106] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 181.420057][ T106] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.430837][ T106] usb 2-1: config 0 descriptor?? [ 181.617318][ T4313] attempt to access beyond end of device [ 181.617318][ T4313] loop2: rw=2051, want=53248, limit=40427 [ 181.628822][ T4313] F2FS-fs (loop2): Issue discard(6144, 6144, 512) failed, ret: -5 [ 181.979989][ T374] device bridge_slave_1 left promiscuous mode [ 181.995555][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.011636][ T106] hid-generic 0003:044F:B65D.001E: unknown main item tag 0x0 [ 182.029286][ T374] device bridge_slave_0 left promiscuous mode [ 182.045775][ T106] hid-generic 0003:044F:B65D.001E: unknown main item tag 0x0 [ 182.053768][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.061013][ T106] hid-generic 0003:044F:B65D.001E: unknown main item tag 0x0 [ 182.068514][ T106] hid-generic 0003:044F:B65D.001E: unknown main item tag 0x0 [ 182.076357][ T106] hid-generic 0003:044F:B65D.001E: unknown main item tag 0x0 [ 182.088577][ T106] hid-generic 0003:044F:B65D.001E: unknown main item tag 0x0 [ 182.102710][ T106] hid-generic 0003:044F:B65D.001E: unknown main item tag 0x0 [ 182.110332][ T106] hid-generic 0003:044F:B65D.001E: unknown main item tag 0x0 [ 182.117525][ T106] hid-generic 0003:044F:B65D.001E: unknown main item tag 0x0 [ 182.124800][ T106] hid-generic 0003:044F:B65D.001E: unknown main item tag 0x0 [ 182.133696][ T106] hid-generic 0003:044F:B65D.001E: unknown main item tag 0x0 [ 182.140949][ T106] hid-generic 0003:044F:B65D.001E: unknown main item tag 0x0 [ 182.148091][ T106] hid-generic 0003:044F:B65D.001E: unknown main item tag 0x0 [ 182.155611][ T106] hid-generic 0003:044F:B65D.001E: unknown main item tag 0x0 [ 182.163200][ T106] hid-generic 0003:044F:B65D.001E: unknown main item tag 0x0 [ 182.170424][ T106] hid-generic 0003:044F:B65D.001E: unknown main item tag 0x0 [ 182.177569][ T106] hid-generic 0003:044F:B65D.001E: unbalanced collection at end of report description [ 182.187450][ T106] hid-generic: probe of 0003:044F:B65D.001E failed with error -22 [ 182.428257][ T5631] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 182.437285][ T5631] EXT4-fs (loop4): orphan cleanup on readonly fs [ 182.448062][ T5631] EXT4-fs error (device loop4): ext4_ext_check_inode:540: inode #4: comm syz.4.1804: pblk 0 bad header/extent: invalid magic - magic 50a, entries 0, max 4(0), depth 0(0) [ 182.479041][ T5631] EXT4-fs error (device loop4): ext4_quota_enable:6059: comm syz.4.1804: Bad quota inode: 4, type: 1 [ 182.496009][ T5631] EXT4-fs warning (device loop4): ext4_enable_quotas:6100: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 182.512487][ T5631] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 182.519738][ T5631] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 182.571144][ T5631] EXT4-fs error (device loop4): ext4_xattr_block_get:544: inode #15: comm syz.4.1804: corrupted xattr block 19 [ 182.590583][ T5631] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 182.599380][ T5631] EXT4-fs error (device loop4): ext4_xattr_block_get:544: inode #15: comm syz.4.1804: corrupted xattr block 19 [ 182.612055][ T5631] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 182.621332][ T5631] EXT4-fs error (device loop4): ext4_xattr_block_get:544: inode #15: comm syz.4.1804: corrupted xattr block 19 [ 182.642033][ T74] usb 2-1: USB disconnect, device number 18 [ 182.659591][ T5631] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 182.894932][ T5638] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 182.902499][ T5638] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 182.940661][ T5638] F2FS-fs (loop4): Found nat_bits in checkpoint [ 182.949720][ T74] Bluetooth: hci0: command 0x1003 tx timeout [ 182.956259][ T1066] Bluetooth: hci0: sending frame failed (-49) [ 182.977854][ T5638] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 182.984886][ T5638] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 183.087622][ T5648] cannot load conntrack support for proto=3 [ 183.172136][ T5650] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue [ 183.186330][ T5650] ext4 filesystem being mounted at /103/bus supports timestamps until 2038 (0x7fffffff) [ 183.397664][ T5656] xt_TPROXY: Can be used only with -p tcp or -p udp [ 185.029714][ T106] Bluetooth: hci0: command 0x1001 tx timeout [ 185.039203][ T1066] Bluetooth: hci0: sending frame failed (-49) [ 185.250499][ T23] audit: type=1400 audit(1719914355.960:586): avc: denied { accept } for pid=5678 comm="syz.1.1820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1 [ 185.305084][ T5683] xt_TPROXY: Can be used only with -p tcp or -p udp [ 185.373950][ T5528] attempt to access beyond end of device [ 185.373950][ T5528] loop4: rw=2051, want=53248, limit=40427 [ 185.385469][ T5528] F2FS-fs (loop4): Issue discard(6144, 6144, 512) failed, ret: -5 [ 186.416941][ T652] print_req_error: 188 callbacks suppressed [ 186.416956][ T652] blk_update_request: I/O error, dev loop4, sector 1008 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 186.419629][ T3819] blk_update_request: I/O error, dev loop4, sector 58 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 186.425345][ T652] blk_update_request: I/O error, dev loop4, sector 1008 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 186.434441][ T592] blk_update_request: I/O error, dev loop4, sector 108 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 186.451502][ T652] buffer_io_error: 166 callbacks suppressed [ 186.451512][ T652] Buffer I/O error on dev loop4p3, logical block 8, async page read [ 186.461506][ T3819] blk_update_request: I/O error, dev loop4, sector 58 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 186.472614][ T652] blk_update_request: I/O error, dev loop4, sector 1009 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 186.482424][ T592] blk_update_request: I/O error, dev loop4, sector 108 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 186.495451][ T652] Buffer I/O error on dev loop4p3, logical block 9, async page read [ 186.529278][ T652] blk_update_request: I/O error, dev loop4, sector 1010 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 186.603152][ T23] audit: type=1400 audit(1719914357.310:587): avc: denied { append } for pid=5713 comm="syz.4.1831" name="vsock" dev="devtmpfs" ino=9296 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 186.625711][ T652] Buffer I/O error on dev loop4p3, logical block 10, async page read [ 186.637540][ T3819] Buffer I/O error on dev loop4p2, logical block 8, async page read [ 186.645650][ T652] blk_update_request: I/O error, dev loop4, sector 1011 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 186.652492][ T592] Buffer I/O error on dev loop4p1, logical block 8, async page read [ 186.658479][ T3819] blk_update_request: I/O error, dev loop4, sector 59 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 186.664465][ T592] Buffer I/O error on dev loop4p1, logical block 9, async page read [ 186.675482][ T652] Buffer I/O error on dev loop4p3, logical block 11, async page read [ 186.684891][ T592] Buffer I/O error on dev loop4p1, logical block 10, async page read [ 186.691355][ T3819] Buffer I/O error on dev loop4p2, logical block 9, async page read [ 186.698808][ T592] Buffer I/O error on dev loop4p1, logical block 11, async page read [ 186.720359][ T106] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 186.727848][ T5712] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 186.735384][ T5712] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 186.746511][ T5712] F2FS-fs (loop2): Found nat_bits in checkpoint [ 186.792304][ T5712] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 186.799151][ T5712] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 186.823937][ T5724] xt_TPROXY: Can be used only with -p tcp or -p udp [ 186.885404][ T5725] cannot load conntrack support for proto=3 [ 187.072700][ T23] audit: type=1400 audit(1719914357.770:588): avc: denied { ioctl } for pid=5726 comm="syz.0.1835" path="/dev/fuse" dev="devtmpfs" ino=9171 ioctlcmd=0x5450 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 187.109608][ T2804] Bluetooth: hci0: command 0x1009 tx timeout [ 187.129670][ T106] usb 2-1: config 0 has no interfaces? [ 187.135119][ T106] usb 2-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00 [ 187.144533][ T106] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.157321][ T106] usb 2-1: config 0 descriptor?? [ 187.387132][ T4313] attempt to access beyond end of device [ 187.387132][ T4313] loop2: rw=2051, want=53248, limit=40427 [ 187.398503][ T4313] F2FS-fs (loop2): Issue discard(6144, 6144, 512) failed, ret: -5 [ 187.404901][ T106] usb 2-1: USB disconnect, device number 19 [ 187.734643][ T5736] capability: warning: `syz.2.1838' uses deprecated v2 capabilities in a way that may be insecure [ 187.841434][ T5731] F2FS-fs (loop4): Test dummy encryption mode enabled [ 187.860594][ T5731] F2FS-fs (loop4): invalid crc value [ 187.883565][ T5731] F2FS-fs (loop4): Found nat_bits in checkpoint [ 188.093222][ T5731] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 188.144600][ T5757] xt_TPROXY: Can be used only with -p tcp or -p udp [ 188.297208][ T5767] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 188.321153][ T5767] EXT4-fs (loop1): mounted filesystem without journal. Opts: abort,errors=remount-ro,nomblk_io_submit,stripe=0x0000000000000000,sb=0x0000000000000004,minixdf,grpjquota=, [ 188.746638][ T5790] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 188.754196][ T5790] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 188.763701][ T124] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 188.781718][ T5790] F2FS-fs (loop4): Found nat_bits in checkpoint [ 188.816308][ T5790] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 188.823170][ T5790] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 188.849576][ T106] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 188.980902][ T5809] cannot load conntrack support for proto=3 [ 189.161929][ T124] usb 1-1: config 0 has no interfaces? [ 189.166320][ T23] audit: type=1400 audit(1719914359.870:589): avc: denied { setattr } for pid=5821 comm="syz.2.1871" name="" dev="pipefs" ino=65724 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 189.168317][ T124] usb 1-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00 [ 189.200269][ T124] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.206598][ T5822] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=5822 comm=syz.2.1871 [ 189.210099][ T124] usb 1-1: config 0 descriptor?? [ 189.224953][ T23] audit: type=1400 audit(1719914359.910:590): avc: denied { getopt } for pid=5821 comm="syz.2.1871" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 189.229787][ T5822] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60 sclass=netlink_route_socket pid=5822 comm=syz.2.1871 [ 189.245655][ T106] usb 2-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x7F, skipping [ 189.257984][ T5822] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47 sclass=netlink_route_socket pid=5822 comm=syz.2.1871 [ 189.269451][ T106] usb 2-1: config 1 interface 1 altsetting 1 has an invalid endpoint with address 0xEE, skipping [ 189.281661][ T5822] netlink: 13752 bytes leftover after parsing attributes in process `syz.2.1871'. [ 189.299833][ T5822] netlink: 468 bytes leftover after parsing attributes in process `syz.2.1871'. [ 189.560026][ T106] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 189.654887][ T106] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.743516][ T106] usb 2-1: Product: syz [ 189.747727][ T106] usb 2-1: Manufacturer: syz [ 189.752558][ T106] usb 2-1: SerialNumber: syz [ 189.757798][ T74] usb 1-1: USB disconnect, device number 16 [ 189.778348][ T5528] attempt to access beyond end of device [ 189.778348][ T5528] loop4: rw=2051, want=53248, limit=40427 [ 189.789734][ T5528] F2FS-fs (loop4): Issue discard(6144, 6144, 512) failed, ret: -5 [ 190.869654][ T106] cdc_ncm 2-1:1.0: failed GET_NTB_PARAMETERS [ 190.883225][ T106] cdc_ncm 2-1:1.0: bind() failure [ 190.890389][ T106] cdc_ncm 2-1:1.1: bind() failure [ 190.899707][ T106] usb 2-1: USB disconnect, device number 20 [ 191.336638][ T5866] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.355535][ T5866] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.368512][ T7] Bluetooth: hci0: Frame reassembly failed (-84) [ 191.379193][ T5866] device bridge_slave_0 entered promiscuous mode [ 191.387432][ T5866] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.394290][ T5866] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.401629][ T5866] device bridge_slave_1 entered promiscuous mode [ 191.453627][ T5866] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.460465][ T5866] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.467537][ T5866] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.474352][ T5866] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.481504][ T74] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 191.501942][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.509243][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.516698][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.534274][ T106] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.545647][ T106] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.552492][ T106] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.561800][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.570152][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.576979][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.592330][ T106] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 191.610345][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 191.618517][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 191.677690][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 191.704712][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 191.714378][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 191.734166][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 191.763764][ T5902] binder: 5901:5902 unknown command 0 [ 191.775226][ T5902] binder: 5901:5902 ioctl c0306201 20000480 returned -22 [ 191.812329][ T5911] EXT4-fs (loop3): Ignoring removed orlov option [ 191.824532][ T5911] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 191.834918][ T374] device bridge_slave_1 left promiscuous mode [ 191.840870][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.848456][ T374] device bridge_slave_0 left promiscuous mode [ 191.854464][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.890801][ T5911] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2221: inode #15: comm syz.3.1905: corrupted in-inode xattr [ 191.903338][ T5911] EXT4-fs error (device loop3): ext4_orphan_get:1240: comm syz.3.1905: couldn't read orphan inode 15 (err -117) [ 191.919845][ T74] usb 1-1: config 0 has no interfaces? [ 191.925222][ T74] usb 1-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00 [ 191.932730][ T5911] EXT4-fs (loop3): mounted filesystem without journal. Opts: prjquota,noload,orlov,resgid=0x000000000000ee00,min_batch_time=0x0000000000000006,usrjquota=,nombcache,noquota,grpquota,norecovery,,errors=continue [ 191.934336][ T74] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.973199][ T74] usb 1-1: config 0 descriptor?? [ 192.252366][ T5] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 192.290915][ T13] usb 1-1: USB disconnect, device number 17 [ 192.304539][ T23] audit: type=1326 audit(1719914363.010:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5930 comm="syz.3.1912" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8fbd0f4f19 code=0x0 [ 192.619647][ T5] usb 2-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x7F, skipping [ 192.630260][ T5] usb 2-1: config 1 interface 1 altsetting 1 has an invalid endpoint with address 0xEE, skipping [ 192.721478][ T23] audit: type=1400 audit(1719914363.430:592): avc: denied { getopt } for pid=5936 comm="syz.2.1914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 192.749335][ T5939] binder: 5938:5939 unknown command 0 [ 192.754556][ T5939] binder: 5938:5939 ioctl c0306201 20000480 returned -22 [ 192.809654][ T5] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 192.819012][ T5] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.828352][ T5] usb 2-1: Product: syz [ 192.832565][ T5] usb 2-1: Manufacturer: syz [ 192.836980][ T5] usb 2-1: SerialNumber: syz [ 192.881530][ T5943] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2571 sclass=netlink_route_socket pid=5943 comm=syz.0.1917 [ 192.984115][ T5947] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5947 comm=syz.0.1917 [ 193.130298][ T5949] EXT4-fs (loop0): Ignoring removed orlov option [ 193.136921][ T5949] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 193.149944][ T5949] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2221: inode #15: comm syz.0.1918: corrupted in-inode xattr [ 193.161863][ T5949] EXT4-fs error (device loop0): ext4_orphan_get:1240: comm syz.0.1918: couldn't read orphan inode 15 (err -117) [ 193.173952][ T5949] EXT4-fs (loop0): mounted filesystem without journal. Opts: prjquota,noload,orlov,resgid=0x000000000000ee00,min_batch_time=0x0000000000000006,usrjquota=,nombcache,noquota,grpquota,norecovery,,errors=continue [ 193.313885][ T23] audit: type=1400 audit(1719914364.020:593): avc: denied { remount } for pid=5959 comm="syz.0.1921" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 193.426408][ T23] audit: type=1400 audit(1719914364.130:594): avc: denied { mounton } for pid=5959 comm="syz.0.1921" path="/91/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1 [ 193.449938][ T74] Bluetooth: hci0: command 0x1003 tx timeout [ 193.455858][ T1066] Bluetooth: hci0: sending frame failed (-49) [ 193.673310][ T5] cdc_ncm 2-1:1.0: failed GET_NTB_PARAMETERS [ 193.714169][ T5] cdc_ncm 2-1:1.0: bind() failure [ 193.723692][ T5] cdc_ncm 2-1:1.1: bind() failure [ 193.731586][ T5] usb 2-1: USB disconnect, device number 21 [ 193.737741][ T5975] binder: 5974:5975 unknown command 0 [ 193.749025][ T5975] binder: 5974:5975 ioctl c0306201 20000480 returned -22 [ 193.770093][ T23] audit: type=1326 audit(1719914364.480:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5978 comm="syz.2.1929" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feb84930f19 code=0x0 [ 193.797993][ T5981] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2571 sclass=netlink_route_socket pid=5981 comm=syz.0.1928 [ 193.812658][ T5981] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5981 comm=syz.0.1928 [ 193.889838][ T5985] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1930'. [ 193.898607][ T5985] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1930'. [ 193.907394][ T5985] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.915474][ T5985] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.922307][ T5985] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.940891][ T23] audit: type=1400 audit(1719914364.650:596): avc: denied { rename } for pid=5986 comm="syz.0.1931" name="file0" dev="incremental-fs" ino=66950 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 193.965278][ T4714] ------------[ cut here ]------------ [ 193.970538][ T4714] WARNING: CPU: 0 PID: 4714 at fs/inode.c:302 drop_nlink+0xbb/0x100 [ 193.978342][ T4714] Modules linked in: [ 193.982075][ T4714] CPU: 0 PID: 4714 Comm: syz-executor Tainted: G W 5.4.276-syzkaller-00021-g58de09405d1e #0 [ 193.993268][ T4714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 194.003174][ T4714] RIP: 0010:drop_nlink+0xbb/0x100 [ 194.008029][ T4714] Code: 49 8b 1e 48 8d bb d0 04 00 00 be 08 00 00 00 e8 7b 9a f2 ff f0 48 ff 83 d0 04 00 00 5b 41 5c 41 5e 41 5f 5d c3 e8 d5 e1 c2 ff <0f> 0b eb 89 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c [ 194.027464][ T4714] RSP: 0018:ffff8881e7df7c68 EFLAGS: 00010293 [ 194.033369][ T4714] RAX: ffffffff81a1572b RBX: 1ffff1103bbb9962 RCX: ffff8881e2380000 [ 194.041174][ T4714] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 194.049143][ T4714] RBP: 0000000000000000 R08: ffffffff81a156af R09: 0000000000000003 [ 194.056952][ T4714] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881dddccb10 [ 194.064766][ T4714] R13: dffffc0000000000 R14: ffff8881dddccac8 R15: dffffc0000000000 [ 194.072576][ T4714] FS: 00005555574e5500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 194.081341][ T4714] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.087762][ T4714] CR2: 00007fed9efb3030 CR3: 00000001ddf2f000 CR4: 00000000003406b0 [ 194.095575][ T4714] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 194.103391][ T4714] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 194.111194][ T4714] Call Trace: [ 194.114340][ T4714] ? __warn+0x162/0x250 [ 194.118328][ T4714] ? report_bug+0x3a1/0x4e0 [ 194.122661][ T4714] ? drop_nlink+0xbb/0x100 [ 194.127091][ T4714] ? drop_nlink+0xbb/0x100 [ 194.131340][ T4714] ? do_invalid_op+0x6e/0x110 [ 194.135855][ T4714] ? invalid_op+0x1e/0x30 [ 194.140021][ T4714] ? drop_nlink+0x3f/0x100 [ 194.144270][ T4714] ? drop_nlink+0xbb/0x100 [ 194.148523][ T4714] ? drop_nlink+0xbb/0x100 [ 194.152778][ T4714] ? drop_nlink+0xbb/0x100 [ 194.157029][ T4714] shmem_rmdir+0x54/0x80 [ 194.161114][ T4714] vfs_rmdir+0x285/0x3c0 [ 194.165191][ T4714] incfs_kill_sb+0x105/0x200 [ 194.169624][ T4714] deactivate_locked_super+0xa8/0x110 [ 194.174827][ T4714] deactivate_super+0x1e2/0x2a0 [ 194.179509][ T4714] ? vfs_submount+0xb0/0xb0 [ 194.183861][ T4714] ? deactivate_locked_super+0x110/0x110 [ 194.189329][ T4714] ? fast_dput+0x7a/0x280 [ 194.193495][ T4714] cleanup_mnt+0x44e/0x500 [ 194.197738][ T4714] task_work_run+0x140/0x170 [ 194.202165][ T4714] exit_to_usermode_loop+0x190/0x1a0 [ 194.207281][ T4714] prepare_exit_to_usermode+0x199/0x200 [ 194.212662][ T4714] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 194.218393][ T4714] RIP: 0033:0x7fed9ee26247 [ 194.222648][ T4714] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 194.242089][ T4714] RSP: 002b:00007fffb62bfee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 194.250327][ T4714] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fed9ee26247 [ 194.258139][ T4714] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffb62bffa0 [ 194.265949][ T4714] RBP: 00007fffb62bffa0 R08: 0000000000000000 R09: 0000000000000000 [ 194.273767][ T4714] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffb62c1070 [ 194.281575][ T4714] R13: 00007fed9ee9265d R14: 000000000002f57c R15: 0000000000000006 [ 194.289387][ T4714] ---[ end trace b8d02d071cb4a91f ]--- [ 194.297034][ T4714] ================================================================== [ 194.304902][ T4714] BUG: KASAN: null-ptr-deref in ihold+0x1b/0x50 [ 194.310972][ T4714] Write of size 4 at addr 0000000000000160 by task syz-executor/4714 [ 194.318865][ T4714] [ 194.321047][ T4714] CPU: 0 PID: 4714 Comm: syz-executor Tainted: G W 5.4.276-syzkaller-00021-g58de09405d1e #0 [ 194.332250][ T4714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 194.342128][ T4714] Call Trace: [ 194.345277][ T4714] dump_stack+0x1d8/0x241 [ 194.349431][ T4714] ? panic+0x89d/0x89d [ 194.353340][ T4714] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 194.358978][ T4714] ? _raw_spin_trylock_bh+0x190/0x190 [ 194.364176][ T4714] ? shmem_destroy_inode+0x5/0x10 [ 194.369033][ T4714] ? ihold+0x1b/0x50 [ 194.372768][ T4714] __kasan_report+0xe9/0x120 [ 194.377194][ T4714] ? ihold+0x1b/0x50 [ 194.380926][ T4714] kasan_report+0x30/0x60 [ 194.385096][ T4714] check_memory_region+0x272/0x280 [ 194.390038][ T4714] ihold+0x1b/0x50 [ 194.393601][ T4714] vfs_rmdir+0x1e0/0x3c0 [ 194.397678][ T4714] incfs_kill_sb+0x105/0x200 [ 194.402107][ T4714] deactivate_locked_super+0xa8/0x110 [ 194.407316][ T4714] deactivate_super+0x1e2/0x2a0 [ 194.411998][ T4714] ? vfs_submount+0xb0/0xb0 [ 194.416338][ T4714] ? deactivate_locked_super+0x110/0x110 [ 194.421808][ T4714] ? fast_dput+0x7a/0x280 [ 194.425970][ T4714] cleanup_mnt+0x44e/0x500 [ 194.430225][ T4714] task_work_run+0x140/0x170 [ 194.434650][ T4714] exit_to_usermode_loop+0x190/0x1a0 [ 194.439771][ T4714] prepare_exit_to_usermode+0x199/0x200 [ 194.445151][ T4714] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 194.450879][ T4714] RIP: 0033:0x7fed9ee26247 [ 194.455131][ T4714] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 194.474571][ T4714] RSP: 002b:00007fffb62bfee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 194.482816][ T4714] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fed9ee26247 [ 194.490630][ T4714] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffb62bffa0 [ 194.498447][ T4714] RBP: 00007fffb62bffa0 R08: 0000000000000000 R09: 0000000000000000 [ 194.506253][ T4714] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffb62c1070 [ 194.514063][ T4714] R13: 00007fed9ee9265d R14: 000000000002f57c R15: 0000000000000006 [ 194.521876][ T4714] ================================================================== [ 194.529766][ T4714] Disabling lock debugging due to kernel taint [ 194.552309][ T4714] BUG: kernel NULL pointer dereference, address: 0000000000000160 [ 194.559915][ T4714] #PF: supervisor write access in kernel mode [ 194.565817][ T4714] #PF: error_code(0x0002) - not-present page [ 194.571629][ T4714] PGD 1ebde2067 P4D 1ebde2067 PUD 0 [ 194.576757][ T4714] Oops: 0002 [#1] PREEMPT SMP KASAN [ 194.581794][ T4714] CPU: 0 PID: 4714 Comm: syz-executor Tainted: G B W 5.4.276-syzkaller-00021-g58de09405d1e #0 [ 194.592984][ T4714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 194.602909][ T4714] RIP: 0010:ihold+0x20/0x50 [ 194.607219][ T4714] Code: 0f 1f 84 00 00 00 00 00 66 90 55 53 48 89 fb e8 36 da c2 ff 48 8d bb 60 01 00 00 be 04 00 00 00 e8 b5 92 f2 ff bd 01 00 00 00 0f c1 ab 60 01 00 00 ff c5 bf 02 00 00 00 89 ee e8 fa dc c2 ff [ 194.627045][ T4714] RSP: 0018:ffff8881e7df7ca0 EFLAGS: 00010246 [ 194.632946][ T4714] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881e2380000 [ 194.640753][ T4714] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 00000000ffffffff [ 194.648560][ T4714] RBP: 0000000000000001 R08: ffffffff813ae585 R09: 0000000000000003 [ 194.656372][ T4714] R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000000 [ 194.664183][ T4714] R13: dffffc0000000000 R14: ffff8881e4c3a310 R15: 0000000000000000 [ 194.671996][ T4714] FS: 00005555574e5500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 194.680761][ T4714] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.687185][ T4714] CR2: 0000000000000160 CR3: 00000001ddf2f000 CR4: 00000000003406b0 [ 194.695062][ T4714] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 194.702807][ T4714] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 194.710614][ T4714] Call Trace: [ 194.713751][ T4714] ? __die+0xb4/0x100 [ 194.717562][ T4714] ? no_context+0xbda/0xe50 [ 194.721904][ T4714] ? schedule_preempt_disabled+0x20/0x20 [ 194.727376][ T4714] ? is_prefetch+0x4b0/0x4b0 [ 194.731797][ T4714] ? ihold+0x1b/0x50 [ 194.735530][ T4714] ? __do_page_fault+0xa7d/0xbb0 [ 194.740304][ T4714] ? __bad_area_nosemaphore+0xc0/0x460 [ 194.745596][ T4714] ? page_fault+0x2f/0x40 [ 194.749761][ T4714] ? check_panic_on_warn+0x55/0xa0 [ 194.754715][ T4714] ? ihold+0x20/0x50 [ 194.758441][ T4714] vfs_rmdir+0x1e0/0x3c0 [ 194.762523][ T4714] incfs_kill_sb+0x105/0x200 [ 194.766945][ T4714] deactivate_locked_super+0xa8/0x110 [ 194.772163][ T4714] deactivate_super+0x1e2/0x2a0 [ 194.776840][ T4714] ? vfs_submount+0xb0/0xb0 [ 194.781192][ T4714] ? deactivate_locked_super+0x110/0x110 [ 194.786650][ T4714] ? fast_dput+0x7a/0x280 [ 194.790824][ T4714] cleanup_mnt+0x44e/0x500 [ 194.795074][ T4714] task_work_run+0x140/0x170 [ 194.799496][ T4714] exit_to_usermode_loop+0x190/0x1a0 [ 194.804633][ T4714] prepare_exit_to_usermode+0x199/0x200 [ 194.810010][ T4714] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 194.815723][ T4714] RIP: 0033:0x7fed9ee26247 [ 194.819975][ T4714] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 194.839418][ T4714] RSP: 002b:00007fffb62bfee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 194.847660][ T4714] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fed9ee26247 [ 194.855474][ T4714] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffb62bffa0 [ 194.863292][ T4714] RBP: 00007fffb62bffa0 R08: 0000000000000000 R09: 0000000000000000 [ 194.871227][ T4714] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffb62c1070 [ 194.879038][ T4714] R13: 00007fed9ee9265d R14: 000000000002f57c R15: 0000000000000006 [ 194.886862][ T4714] Modules linked in: [ 194.890585][ T4714] CR2: 0000000000000160 [ 194.894574][ T4714] ---[ end trace b8d02d071cb4a920 ]--- [ 194.899871][ T4714] RIP: 0010:ihold+0x20/0x50 [ 194.904211][ T4714] Code: 0f 1f 84 00 00 00 00 00 66 90 55 53 48 89 fb e8 36 da c2 ff 48 8d bb 60 01 00 00 be 04 00 00 00 e8 b5 92 f2 ff bd 01 00 00 00 0f c1 ab 60 01 00 00 ff c5 bf 02 00 00 00 89 ee e8 fa dc c2 ff [ 194.923647][ T4714] RSP: 0018:ffff8881e7df7ca0 EFLAGS: 00010246 [ 194.929571][ T4714] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8881e2380000 [ 194.937355][ T4714] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 00000000ffffffff [ 194.945170][ T4714] RBP: 0000000000000001 R08: ffffffff813ae585 R09: 0000000000000003 [ 194.952981][ T4714] R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000000 [ 194.960808][ T4714] R13: dffffc0000000000 R14: ffff8881e4c3a310 R15: 0000000000000000 [ 194.968604][ T4714] FS: 00005555574e5500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 194.977366][ T4714] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.983799][ T4714] CR2: 0000000000000160 CR3: 00000001ddf2f000 CR4: 00000000003406b0 [ 194.991695][ T4714] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 194.999501][ T4714] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 195.007307][ T4714] Kernel panic - not syncing: Fatal exception [ 195.013386][ T4714] Kernel Offset: disabled [ 195.017507][ T4714] Rebooting in 86400 seconds..