last executing test programs: 821.822037ms ago: executing program 0 (id=799): r0 = socket(0x1, 0x3, 0x0) bind$unix(r0, &(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f00000000c0)='./file0\x00', 0x20000510) inotify_add_watch(r1, &(0x7f0000000980)='./file0\x00', 0x50000400) 821.558257ms ago: executing program 0 (id=800): r0 = syz_io_uring_setup(0x4b6, &(0x7f0000000100)={0x0, 0x0, 0x400, 0x0, 0x20e}, &(0x7f0000ff0000), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000040)=[{0x0}, {0x0}], 0x2) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x1, 0x0, 0x0) 723.892199ms ago: executing program 4 (id=803): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r1}, 0x10) setitimer(0x2, 0x0, 0x0) 685.856039ms ago: executing program 4 (id=806): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x7fdf, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfe}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = dup2(r1, r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) futimesat(0xffffffffffffffff, 0x0, 0x0) 660.782969ms ago: executing program 4 (id=808): bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x2, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000b2e900007b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = socket$key(0xf, 0x3, 0x2) recvmmsg(r0, &(0x7f0000000440), 0x6f5, 0x2, &(0x7f0000000480)={0x77359400}) setsockopt$sock_int(r0, 0x1, 0x4b, &(0x7f0000000040)=0xfd87, 0x4) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0) 492.299323ms ago: executing program 4 (id=812): syz_open_dev$usbmon(&(0x7f00000000c0), 0x0, 0x109401) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)) syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2) pselect6(0x40, &(0x7f0000000100)={0x0, 0x8000, 0x0, 0x0, 0x7}, 0x0, &(0x7f0000000000)={0x1ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffffffffff7}, &(0x7f0000000200)={0x0, 0x3938700}, 0x0) 446.145263ms ago: executing program 1 (id=813): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000040)={r1, 0x1, 0x6, @multicast}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000240)={r1, 0x1, 0x5}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000001c0)={r1, 0x1, 0x4, @multicast}, 0x10) 445.562263ms ago: executing program 1 (id=814): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000180), &(0x7f0000001540)=""/155}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) sigaltstack(0x0, 0x0) 431.706783ms ago: executing program 1 (id=815): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000a9000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) socket(0x10, 0x3, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_socket_connect_nvme_tcp() 431.047353ms ago: executing program 3 (id=816): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r2, &(0x7f00000000c0), 0x10) sendmsg$can_bcm(r2, &(0x7f0000000280)={&(0x7f0000000040)={0x1d, r1}, 0x10, &(0x7f0000000180)={&(0x7f0000000200)={0x7, 0x0, 0x0, {}, {}, {}, 0x1, @can={{}, 0x84, 0x0, 0x4, 0x0, "c4f40c848d97a447"}}, 0x48}}, 0x0) 422.632143ms ago: executing program 2 (id=817): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000480)={0x30, r1, 0x62c21a4ade68aba1, 0x0, 0x0, {{0x32}, {@val={0x8, 0x117, 0x56}, @val={0x8}, @val={0xc, 0x99, {0x2, 0x77}}}}}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x0) 400.483904ms ago: executing program 3 (id=818): timer_create(0x0, 0x0, &(0x7f0000bbdffc)=0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x7, 0x10000, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) timer_delete(r0) 389.056934ms ago: executing program 1 (id=819): pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x7000000) capset(&(0x7f00000004c0)={0x20080522}, &(0x7f0000000100)={0x0, 0x0, 0x3, 0x0, 0xa}) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$setpipe(r1, 0x407, 0x100000) 388.873184ms ago: executing program 4 (id=820): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f00000000c0)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_to_hsr\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x1c, &(0x7f0000000300)=ANY=[@ANYBLOB="89d28c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendto$packet(r0, &(0x7f00000002c0)="0203100020fc80d53d103328", 0x6d, 0x4, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14) 371.807124ms ago: executing program 2 (id=821): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x2, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x2000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000e80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = dup2(r1, r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) process_mrelease(0xffffffffffffffff, 0x0) 360.025134ms ago: executing program 4 (id=822): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="8200000000000000f2000040"]) 352.217495ms ago: executing program 0 (id=823): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000ac0)={0x6, 0x0, 0x0, 0x0, 0xf0, 0x0, 0x0, 0xc3100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x35, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d00)={r0, 0x0, 0x3c8, 0x0, &(0x7f0000001640)="9a667012550301c786d806bd0c258434fbf748d204e6930dfdf11753638e9cead16411bfd03c9361cdfd569ece5c83e186fe83fc937688faf2f144765c579df73c54b99c9fd31fb3797c815843538415b81cd683421c51727df0b7f6b4b565647f60c3be39a6710a2233618a3f501f9181f740be890e308da9b033dde1088e9adc152cc9c74577314b47f4a9906273248aa392206c9b7fb7c92c430292630987bb4f2317dfd349acaef3d4f643b70835dd9c0a9103eb3f2f9aff92e91eacf62507ef0338c24fa19dc5a65dda6ba3c75012aa4ecf0660c43d69dc5b36501d3b745dadf53eb8770d0068b53afbc0c974fd9fddaf0260fd99b25a2b70f73e9d975b813a42260a1ae07bd7530af986f64ecd36732d86298fe6d488e769e2356843a47a0c7172ecc225bdb0292d98f985b8a6421118f6caf7d39af2cf8c5dc9d938d8ae728ad35296ffe90d59c67ed2451a27482e3a768f7061403f7a6c5161c558d5c2801978384de6a23be1ceb92e98d2b88f382caaefd4df24ddfb06b26290a45e5a59009f66ad6960302a72c7161104eba96319c8824b0d1eea053b08dfb66a9eaba098d5b7dc604d60da6bebcf0c593221717accadc0f2304453238ad4b94e94402059501952653e400a3e4252da8b8c8ce15531f1db5819f3293bf4ab8822fa1925e361d50d96f7bd7d1b0133a9343161c50dbd4ce9ec2975c9540dcaeee3e333bb741867fa3d87dfde2b3001b20968adb1422c3941049fa55d21f6c0394a79a7673314b28ee0c518e283e7361aa797059e2bd283cfe3e72d568a4bf35199ad4fd5310686312092c10c27a2730f0a479ef0638fd9169e784b98d65fa898dcb48eb9408f799138e81945387877e6f953cc0b521e5ecc5ae39452343148ca82a31da0f8fce68235ac21349ad50fe6712a5cdd569415efa85b5175a1cf1eb409413f6300b99ca1fe869a6b5d7e5b63cc22bb8124daf1094fdd3d17d120a13470d992e42fb4721fca1463a5dd63daf34ad08c81dee25e4ae00eef74e7204be17467a2b9ab1c77690ca360e7d2cb571fadac9dac454ffd55c55f24007fae643d30f08184dced9095969a1d49bf98c5d324c0803e4d7704a62ad78772c849ddf7d81058b1ea057bdbdec94502388c9a878a5d23f5373a7477cb4aa17418d405728f0445fadde44a91cf4b9d67524b14674f398afed892041fe37bbd3204653f0a6a8c82e0166daaba9276cc55925c55f7661328bb40691f5f66c1d082276de0ba8b74603e7e3fe1838a0a0cc1eb2eb70071c5b53696c2f3b91d287bae9164af48be209ce7b1a82a14d8b6b417f3741439db526f7ad9902afee23d0006bcbf43b3388fa3d4f95c28d8ab8a", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x7}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x18, 0x8, 0x40, 0x42, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r1}, 0x38) bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000001600)={r1, &(0x7f0000000580), 0x0}, 0x20) 349.402255ms ago: executing program 1 (id=824): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) uname(&(0x7f0000000180)=""/72) 349.208585ms ago: executing program 3 (id=825): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0100000008000000010000000b"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000006020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b70300000000ecff850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) mkdir(&(0x7f0000000200)='./bus\x00', 0x0) mount$incfs(&(0x7f0000000000)='./bus\x00', &(0x7f0000000140)='./bus\x00', &(0x7f0000000240), 0x80, &(0x7f00000008c0)=ANY=[@ANYBLOB='f']) 336.693415ms ago: executing program 2 (id=826): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001440), 0xffffffffffffffff) r2 = socket(0x200000100000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r0, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001700)={&(0x7f0000001780)={0x48, r1, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x14, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}]}]}, 0x48}}, 0x4080) 314.938965ms ago: executing program 2 (id=827): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x8916, &(0x7f0000005b80)={@loopback={0xfec0ffffffffffff}, 0x32, r2}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000100)={@private2={0xfc, 0x2, '\x00', 0x1}, 0x71, r2}) 288.559176ms ago: executing program 2 (id=828): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 288.069556ms ago: executing program 1 (id=829): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r1}, 0x10) io_setup(0x3, &(0x7f0000000340)) 264.909756ms ago: executing program 3 (id=830): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10) bpf$MAP_CREATE(0x700000000000000, &(0x7f0000000440)=@base={0x18, 0x4, 0x4, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5, 0x0, 0x0, @void, @value, @void, @value}, 0x50) 264.478746ms ago: executing program 0 (id=831): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=@newsa={0x138, 0x10, 0x633, 0x0, 0x25dfdbfd, {{@in6=@private0={0xfc, 0x0, '\x00', 0x20}, @in=@broadcast, 0x4e21, 0x0, 0x0, 0x0, 0x0, 0x80}, {@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x2, 0x32}, @in=@loopback, {0x0, 0x0, 0xfff, 0x0, 0x6}, {}, {}, 0x70bd28, 0x0, 0xa, 0x4, 0x0, 0x29}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) 218.047987ms ago: executing program 2 (id=832): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x10, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x5c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88a8ffad}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_ADDRESS={0xa, 0x1, @dev}, @IFLA_VFINFO_LIST={0x4}, @IFLA_MASTER={0x8, 0xa, r2}, @IFLA_GSO_MAX_SEGS={0x8, 0x28, 0x1ce7}]}, 0x5c}}, 0x8000) 217.842937ms ago: executing program 3 (id=833): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="a800000000010904000500000000000002000000240001801400018008000100e000000108000200ac1e01010c00028005000100000009002400028014000180080001000000010908000200ac1e00010c000280050001000000000044000f800800014000000006080003400000002b080003400000000808000240000000400800014000000000fb0001400000000708000140000044f10800034000000003080007"], 0xa8}}, 0x0) 202.624897ms ago: executing program 3 (id=834): r0 = syz_io_uring_setup(0x4b6, &(0x7f0000000100)={0x0, 0x0, 0x400, 0x0, 0x20e}, &(0x7f0000ff0000), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000040)=[{0x0}, {0x0}], 0x2) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x1, 0x0, 0x0) 99.654349ms ago: executing program 0 (id=835): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0xc) 0s ago: executing program 0 (id=836): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000940)=@framed={{0x18, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.238' (ED25519) to the list of known hosts. [ 20.412885][ T28] audit: type=1400 audit(1743704209.278:66): avc: denied { mounton } for pid=279 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 20.414169][ T279] cgroup: Unknown subsys name 'net' [ 20.435377][ T28] audit: type=1400 audit(1743704209.278:67): avc: denied { mount } for pid=279 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.462295][ T28] audit: type=1400 audit(1743704209.308:68): avc: denied { unmount } for pid=279 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.462433][ T279] cgroup: Unknown subsys name 'devices' [ 20.608626][ T279] cgroup: Unknown subsys name 'hugetlb' [ 20.614170][ T279] cgroup: Unknown subsys name 'rlimit' [ 20.719556][ T28] audit: type=1400 audit(1743704209.588:69): avc: denied { setattr } for pid=279 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.742522][ T28] audit: type=1400 audit(1743704209.588:70): avc: denied { mounton } for pid=279 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 20.767146][ T28] audit: type=1400 audit(1743704209.588:71): avc: denied { mount } for pid=279 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 20.776824][ T282] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 20.799255][ T28] audit: type=1400 audit(1743704209.668:72): avc: denied { relabelto } for pid=282 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.824487][ T28] audit: type=1400 audit(1743704209.668:73): avc: denied { write } for pid=282 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.853290][ T28] audit: type=1400 audit(1743704209.718:74): avc: denied { read } for pid=279 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.878603][ T28] audit: type=1400 audit(1743704209.718:75): avc: denied { open } for pid=279 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.878652][ T279] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 21.529315][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.536163][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.543610][ T293] device bridge_slave_0 entered promiscuous mode [ 21.550119][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.557032][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.564140][ T289] device bridge_slave_0 entered promiscuous mode [ 21.577495][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.584332][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.591646][ T293] device bridge_slave_1 entered promiscuous mode [ 21.598046][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.604876][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.612114][ T289] device bridge_slave_1 entered promiscuous mode [ 21.635255][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.642135][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.649491][ T291] device bridge_slave_0 entered promiscuous mode [ 21.668608][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.675452][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.682772][ T291] device bridge_slave_1 entered promiscuous mode [ 21.692767][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.699710][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.706832][ T290] device bridge_slave_0 entered promiscuous mode [ 21.713317][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.720383][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.727650][ T292] device bridge_slave_0 entered promiscuous mode [ 21.741466][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.748328][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.755482][ T290] device bridge_slave_1 entered promiscuous mode [ 21.761875][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.768774][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.775894][ T292] device bridge_slave_1 entered promiscuous mode [ 21.988991][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.995839][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.002973][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.009740][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.023302][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.030158][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.037277][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.044038][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.067231][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.074073][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.081197][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.087969][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.097686][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.104526][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.111635][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.118423][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.156135][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.163084][ T292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.170188][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.176967][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.212724][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.219774][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.227034][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.233981][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.241330][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.248423][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.255373][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.262562][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.269575][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.276648][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.284381][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.291660][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.300859][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.308238][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.327491][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.335227][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.343346][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.350182][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.357655][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.365751][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.372600][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.392330][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.400692][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.408775][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.415598][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.422912][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.431063][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.437922][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.445481][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.453622][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.460478][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.467663][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.475696][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.482543][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.489711][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.497735][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.504565][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.514247][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.521528][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.529485][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.537661][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.545635][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.552495][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.577200][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.585119][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.593233][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.601583][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.609634][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.617611][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.625306][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.633267][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.641022][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.649035][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.656936][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.664916][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.672950][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 22.681166][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.689178][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.696089][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.725092][ T290] device veth0_vlan entered promiscuous mode [ 22.732611][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.741072][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.749251][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.757693][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.765755][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.773920][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.781940][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.788795][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.795954][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.804168][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.812291][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.820007][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.827904][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.835719][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.843800][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.851287][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.860508][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.868931][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.879033][ T293] device veth0_vlan entered promiscuous mode [ 22.886391][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.894187][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.909753][ T291] device veth0_vlan entered promiscuous mode [ 22.922062][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.932093][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.939415][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.947262][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.954496][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.965311][ T293] device veth1_macvtap entered promiscuous mode [ 22.974268][ T290] device veth1_macvtap entered promiscuous mode [ 22.982208][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.990412][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.998327][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.006243][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.014569][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.022181][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 23.030246][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.038429][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.062939][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.071167][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.079668][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.088110][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.096179][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.104645][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.112866][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.121114][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.129201][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.140398][ T291] device veth1_macvtap entered promiscuous mode [ 23.151308][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.159512][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.177033][ T289] device veth0_vlan entered promiscuous mode [ 23.183023][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.191119][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.199517][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.199882][ T293] request_module fs-gadgetfs succeeded, but still no fs? [ 23.209371][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.229891][ T292] device veth0_vlan entered promiscuous mode [ 23.244749][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.252844][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.260314][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.268044][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.275220][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.282780][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.291031][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.299315][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.307394][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.330103][ T289] device veth1_macvtap entered promiscuous mode [ 23.343907][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.363105][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 23.386901][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.395003][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 23.410158][ T292] device veth1_macvtap entered promiscuous mode [ 23.424789][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.433489][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.478802][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.490427][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.507067][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.526895][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.540852][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.559470][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.613646][ T334] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1'. [ 23.747150][ T344] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 23.900296][ T358] loop1: detected capacity change from 0 to 1024 [ 23.971145][ T372] incfs: Backing dir is not set, filesystem can't be mounted. [ 23.971662][ T358] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 23.978819][ T372] incfs: mount failed -2 [ 24.022784][ T356] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 24.038289][ T356] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 32 with error 28 [ 24.045238][ T378] loop2: detected capacity change from 0 to 2048 [ 24.058345][ T356] EXT4-fs (loop1): This should not happen!! Data will be lost [ 24.058345][ T356] [ 24.063061][ T378] EXT4-fs: Ignoring removed nobh option [ 24.068371][ T356] EXT4-fs (loop1): Total free blocks count 0 [ 24.079105][ T356] EXT4-fs (loop1): Free/Dirty block details [ 24.085121][ T356] EXT4-fs (loop1): free_blocks=68451041280 [ 24.088569][ T378] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 24.091109][ T356] EXT4-fs (loop1): dirty_blocks=32 [ 24.108670][ T378] EXT4-fs (loop2): shut down requested (1) [ 24.116755][ T356] EXT4-fs (loop1): Block reservation details [ 24.129758][ T290] EXT4-fs (loop2): unmounting filesystem. [ 24.131732][ T356] EXT4-fs (loop1): i_reserved_data_blocks=2 [ 24.150335][ T292] EXT4-fs (loop1): unmounting filesystem. [ 24.193412][ T388] loop4: detected capacity change from 0 to 2048 [ 24.239451][ T388] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 24.268006][ T388] EXT4-fs: Ignoring removed bh option [ 24.283375][ T388] EXT4-fs (loop4): re-mounted. Quota mode: writeback. [ 24.301663][ T407] Illegal XDP return value 4294967274 on prog (id 7) dev N/A, expect packet loss! [ 24.310788][ T293] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 24.329910][ T293] EXT4-fs (loop4): unmounting filesystem. [ 24.391154][ T419] sch_tbf: peakrate 2147483647 is lower than or equals to rate 2831599472947593698 ! [ 24.451390][ T427] loop2: detected capacity change from 0 to 1024 [ 24.467116][ T427] EXT4-fs: Ignoring removed orlov option [ 24.470658][ T431] random: crng reseeded on system resumption [ 24.474915][ T427] EXT4-fs: Ignoring removed nomblk_io_submit option [ 24.521046][ T427] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 24.537685][ T427] SELinux: Context system_u:object_r:dhcpc_exec_t:s0 is not valid (left unmapped). [ 24.559531][ T290] EXT4-fs (loop2): unmounting filesystem. [ 24.625119][ T450] loop1: detected capacity change from 0 to 128 [ 24.649058][ T446] loop2: detected capacity change from 0 to 8192 [ 24.656249][ T450] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 24.664756][ T450] ext4 filesystem being mounted at /11/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 24.686012][ T292] EXT4-fs (loop1): unmounting filesystem. [ 24.774024][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 24.921130][ T43] Bluetooth: hci0: received HCILL_GO_TO_SLEEP_ACK in state 0 [ 24.932316][ T43] Bluetooth: hci0: Frame reassembly failed (-84) [ 25.054047][ T509] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.057150][ T511] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 25.091517][ T514] syz.2.84[514] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 25.091593][ T514] syz.2.84[514] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 25.130323][ T519] loop4: detected capacity change from 0 to 1024 [ 25.150318][ T524] binder: 518:524 ioctl c0306201 0 returned -14 [ 25.163438][ T519] ======================================================= [ 25.163438][ T519] WARNING: The mand mount option has been deprecated and [ 25.163438][ T519] and is ignored by this kernel. Remove the mand [ 25.163438][ T519] option from the mount to silence this warning. [ 25.163438][ T519] ======================================================= [ 25.207070][ T519] EXT4-fs: Ignoring removed nobh option [ 25.216207][ T519] EXT4-fs: Ignoring removed bh option [ 25.222308][ T519] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 25.258431][ T519] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 25.280250][ T293] EXT4-fs (loop4): unmounting filesystem. [ 25.474253][ T28] kauditd_printk_skb: 111 callbacks suppressed [ 25.474270][ T28] audit: type=1400 audit(1743704214.338:187): avc: denied { ioctl } for pid=555 comm="syz.4.101" path="socket:[16589]" dev="sockfs" ino=16589 ioctlcmd=0x48d4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 25.672808][ T28] audit: type=1400 audit(1743704214.538:188): avc: denied { lock } for pid=566 comm="syz.4.106" path="socket:[16617]" dev="sockfs" ino=16617 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 25.699580][ T569] random: crng reseeded on system resumption [ 26.010268][ T28] audit: type=1400 audit(1743704214.878:189): avc: denied { create } for pid=572 comm="syz.1.109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 26.029529][ T28] audit: type=1400 audit(1743704214.878:190): avc: denied { read } for pid=572 comm="syz.1.109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 26.062922][ T28] audit: type=1400 audit(1743704214.928:191): avc: denied { write } for pid=572 comm="syz.1.109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 26.088869][ T28] audit: type=1400 audit(1743704214.958:192): avc: denied { unmount } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 26.136900][ T28] audit: type=1400 audit(1743704214.998:193): avc: denied { setopt } for pid=572 comm="syz.1.109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 26.218767][ T28] audit: type=1400 audit(1743704215.078:194): avc: denied { connect } for pid=587 comm="syz.3.115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 26.248667][ T28] audit: type=1400 audit(1743704215.088:195): avc: denied { read } for pid=587 comm="syz.3.115" path="socket:[16645]" dev="sockfs" ino=16645 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 26.298701][ T28] audit: type=1400 audit(1743704215.108:196): avc: denied { write } for pid=589 comm="syz.2.116" name="event0" dev="devtmpfs" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 26.341176][ T600] device batadv_slave_0 entered promiscuous mode [ 26.348790][ T600] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 26.432517][ T613] netlink: 11 bytes leftover after parsing attributes in process `syz.4.127'. [ 26.441289][ T613] netlink: 7 bytes leftover after parsing attributes in process `syz.4.127'. [ 26.516699][ T24] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 26.654014][ T631] netlink: 20 bytes leftover after parsing attributes in process `syz.3.135'. [ 26.706594][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 26.717345][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.732251][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 26.742277][ T24] usb 3-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 26.751686][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.759557][ T313] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 26.768045][ T24] usb 3-1: config 0 descriptor?? [ 26.926560][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 26.940707][ T653] loop3: detected capacity change from 0 to 256 [ 26.956558][ T313] usb 5-1: Using ep0 maxpacket: 16 [ 26.962786][ T313] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 26.976611][ T313] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 26.979906][ T656] netlink: 87 bytes leftover after parsing attributes in process `syz.0.147'. [ 26.995573][ T313] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 27.009767][ T313] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 27.026542][ T313] usb 5-1: Product: syz [ 27.036736][ T313] usb 5-1: Manufacturer: syz [ 27.046638][ T313] usb 5-1: SerialNumber: syz [ 27.076455][ T665] capability: warning: `syz.1.151' uses deprecated v2 capabilities in a way that may be insecure [ 27.100424][ T665] loop1: detected capacity change from 0 to 512 [ 27.169842][ T663] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 27.183500][ T24] input: HID 054c:03d5 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:054C:03D5.0001/input/input4 [ 27.223465][ T24] sony 0003:054C:03D5.0001: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.2-1/input0 [ 27.248122][ T675] loop1: detected capacity change from 0 to 128 [ 27.256350][ T313] usb 5-1: 0:2 : does not exist [ 27.258348][ T658] loop3: detected capacity change from 0 to 40427 [ 27.266376][ T313] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 27.273449][ T658] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 27.286442][ T658] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 27.294120][ T313] usb 5-1: USB disconnect, device number 2 [ 27.316371][ T675] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 27.319756][ T663] udevd[663]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 27.341323][ T675] ext4 filesystem being mounted at /29/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 27.370917][ T675] fscrypt (loop1, inode 12): Can't use IV_INO_LBLK_32 policy with contents mode other than AES-256-XTS [ 27.387567][ T6] usb 3-1: USB disconnect, device number 2 [ 27.401892][ T658] F2FS-fs (loop3): Found nat_bits in checkpoint [ 27.411670][ T292] EXT4-fs (loop1): unmounting filesystem. [ 27.443520][ T689] kvm [688]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010005 data 0xaf [ 27.470329][ T658] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 27.477474][ T658] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 27.494228][ T695] netlink: 4 bytes leftover after parsing attributes in process `syz.1.160'. [ 27.802791][ T719] loop4: detected capacity change from 0 to 2048 [ 27.838096][ T719] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 27.856930][ T719] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 27.878717][ T713] loop3: detected capacity change from 0 to 40427 [ 27.880608][ T719] syz.4.171 (719) used greatest stack depth: 21792 bytes left [ 27.889785][ T713] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 27.900231][ T713] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 27.916349][ T293] EXT4-fs (loop4): unmounting filesystem. [ 27.943219][ T713] F2FS-fs (loop3): Found nat_bits in checkpoint [ 27.950087][ T729] kvm [728]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010005 data 0xaf [ 28.010768][ T713] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 28.018651][ T713] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 28.087353][ T713] syz.3.168: attempt to access beyond end of device [ 28.087353][ T713] loop3: rw=34817, sector=77824, nr_sectors = 128 limit=40427 [ 28.173013][ T750] loop2: detected capacity change from 0 to 512 [ 28.185137][ T733] loop1: detected capacity change from 0 to 40427 [ 28.207021][ T750] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 28.221036][ T733] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 28.228811][ T733] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 28.237272][ T750] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 28.249151][ T750] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 28.262232][ T750] EXT4-fs (loop2): 1 truncate cleaned up [ 28.267856][ T750] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 28.302400][ T733] F2FS-fs (loop1): Found nat_bits in checkpoint [ 28.365551][ T290] EXT4-fs (loop2): unmounting filesystem. [ 28.381549][ T24] kernel write not supported for file /input/event2 (pid: 24 comm: kworker/1:0) [ 28.381808][ T733] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 28.398138][ T733] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 28.430898][ T764] loop2: detected capacity change from 0 to 128 [ 28.578807][ T775] loop1: detected capacity change from 0 to 1024 [ 28.597764][ T775] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 28.616545][ T6] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 28.675834][ T773] loop2: detected capacity change from 0 to 40427 [ 28.699818][ T773] F2FS-fs (loop2): fault_injection options not supported [ 28.707590][ T773] F2FS-fs (loop2): invalid crc value [ 28.714085][ T773] F2FS-fs (loop2): Found nat_bits in checkpoint [ 28.762967][ T773] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 28.806561][ T6] usb 4-1: Using ep0 maxpacket: 32 [ 28.813263][ T290] syz-executor: attempt to access beyond end of device [ 28.813263][ T290] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 28.827391][ T6] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 28.845330][ T6] usb 4-1: config 0 has no interface number 0 [ 28.856552][ T6] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 28.867702][ T6] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 28.877623][ T6] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 28.887168][ T292] EXT4-fs (loop1): unmounting filesystem. [ 28.893125][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.902013][ T6] usb 4-1: config 0 descriptor?? [ 29.180836][ T786] loop2: detected capacity change from 0 to 40427 [ 29.200842][ T786] F2FS-fs (loop2): heap/no_heap options were deprecated [ 29.208555][ T786] F2FS-fs (loop2): invalid crc value [ 29.214825][ T786] F2FS-fs (loop2): Found nat_bits in checkpoint [ 29.284740][ T786] F2FS-fs (loop2): Start checkpoint disabled! [ 29.303778][ T786] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 29.405839][ T808] loop0: detected capacity change from 0 to 2048 [ 29.431124][ T10] kworker/u4:1: attempt to access beyond end of device [ 29.431124][ T10] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 29.451787][ T808] Alternate GPT is invalid, using primary GPT. [ 29.467935][ T808] loop0: p1 p2 p3 [ 29.521291][ T6] input: HID 28bd:0094 Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.1/0003:28BD:0094.0002/input/input5 [ 29.556704][ T320] udevd[320]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 29.568573][ T677] udevd[677]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 29.568857][ T676] udevd[676]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 29.590115][ T6] uclogic 0003:28BD:0094.0002: input,hiddev96,hidraw0: USB HID v0.00 Device [HID 28bd:0094] on usb-dummy_hcd.3-1/input1 [ 29.711612][ T828] loop2: detected capacity change from 0 to 128 [ 29.719838][ T828] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 29.746807][ T294] usb 4-1: USB disconnect, device number 2 [ 29.753970][ T828] ext4 filesystem being mounted at /46/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 29.771284][ T828] fscrypt (loop2, inode 12): Can't use IV_INO_LBLK_32 policy with contents mode other than AES-256-XTS [ 29.825128][ T290] EXT4-fs (loop2): unmounting filesystem. [ 30.008998][ T873] netlink: 108 bytes leftover after parsing attributes in process `syz.0.231'. [ 30.055648][ T875] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 30.077946][ T875] FAT-fs (loop1): unable to read boot sector [ 30.137900][ T889] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.144964][ T889] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.241304][ T904] loop1: detected capacity change from 0 to 512 [ 30.297782][ T904] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 30.316577][ T904] ext4 filesystem being mounted at /61/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 30.342750][ T915] loop4: detected capacity change from 0 to 512 [ 30.350952][ T915] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 30.367591][ T915] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a802e01c, mo2=0102] [ 30.375572][ T915] System zones: 1-12 [ 30.380945][ T292] EXT4-fs (loop1): unmounting filesystem. [ 30.381153][ T915] EXT4-fs (loop4): orphan cleanup on readonly fs [ 30.393126][ T915] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.249: invalid indirect mapped block 2 (level 2) [ 30.406703][ T915] EXT4-fs (loop4): 1 truncate cleaned up [ 30.412188][ T915] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 30.430293][ T918] loop1: detected capacity change from 0 to 128 [ 30.443509][ T918] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 30.446093][ T915] EXT4-fs error (device loop4): ext4_map_blocks:634: inode #2: block 5: comm syz.4.249: lblock 0 mapped to illegal pblock 5 (length 1) [ 30.470057][ T915] EXT4-fs warning (device loop4): dx_probe:823: inode #2: lblock 0: comm syz.4.249: error -117 reading directory block [ 30.487778][ T918] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 30.497679][ T293] EXT4-fs (loop4): unmounting filesystem. [ 30.557869][ T315] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 30.575847][ T932] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 30.581573][ T932] pim6reg0: linktype set to 6 [ 30.732361][ T952] loop1: detected capacity change from 0 to 256 [ 30.744146][ T952] FAT-fs (loop1): Directory bread(block 64) failed [ 30.750852][ T952] FAT-fs (loop1): Directory bread(block 65) failed [ 30.757398][ T952] FAT-fs (loop1): Directory bread(block 66) failed [ 30.763803][ T952] FAT-fs (loop1): Directory bread(block 67) failed [ 30.770514][ T952] FAT-fs (loop1): Directory bread(block 68) failed [ 30.776944][ T952] FAT-fs (loop1): Directory bread(block 69) failed [ 30.783358][ T952] FAT-fs (loop1): Directory bread(block 70) failed [ 30.790102][ T952] FAT-fs (loop1): Directory bread(block 71) failed [ 30.798037][ T952] FAT-fs (loop1): Directory bread(block 72) failed [ 30.798610][ T955] loop3: detected capacity change from 0 to 16 [ 30.804480][ T952] FAT-fs (loop1): Directory bread(block 73) failed [ 30.837976][ T955] erofs: (device loop3): mounted with root inode @ nid 36. [ 30.863342][ T957] bridge: RTM_DELNEIGH with unconfigured vlan 1 on bridge0 [ 30.885118][ T959] overlayfs: missing 'lowerdir' [ 30.953423][ T969] geneve1: tun_chr_ioctl cmd 2147767517 [ 30.991518][ T975] loop0: detected capacity change from 0 to 256 [ 31.030444][ T28] kauditd_printk_skb: 73 callbacks suppressed [ 31.030459][ T28] audit: type=1400 audit(1743704219.898:270): avc: denied { unlink } for pid=983 comm="syz.4.281" name="#1" dev="tmpfs" ino=301 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 31.049323][ T980] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.074131][ T28] audit: type=1400 audit(1743704219.938:271): avc: denied { validate_trans } for pid=985 comm="syz.3.283" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 31.115511][ T988] loop0: detected capacity change from 0 to 1024 [ 31.125152][ T988] EXT4-fs: Ignoring removed nomblk_io_submit option [ 31.131865][ T988] EXT4-fs: Ignoring removed bh option [ 31.176761][ T988] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 31.185602][ T988] ext4 filesystem being mounted at /43/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 31.196329][ T988] EXT4-fs (loop0): unmounting filesystem. [ 31.199169][ T28] audit: type=1400 audit(1743704220.068:272): avc: denied { connect } for pid=1002 comm="syz.1.289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 31.250111][ T28] audit: type=1400 audit(1743704220.088:273): avc: denied { accept } for pid=1002 comm="syz.1.289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 31.280832][ T28] audit: type=1400 audit(1743704220.098:274): avc: denied { map } for pid=995 comm="syz.4.287" path="/dev/bus/usb/003/001" dev="devtmpfs" ino=166 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 31.378287][ T1015] loop3: detected capacity change from 0 to 2048 [ 31.393346][ T1015] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 31.442756][ T1015] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 31.462060][ T1015] EXT4-fs (loop3): shut down requested (1) [ 31.484987][ T291] EXT4-fs (loop3): unmounting filesystem. [ 31.586807][ T1033] syz.2.303 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 31.652065][ T1009] loop4: detected capacity change from 0 to 40427 [ 31.691841][ T1009] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 31.700398][ T1043] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 31.709976][ T1009] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 31.746555][ T1045] tap0: tun_chr_ioctl cmd 2148553947 [ 31.758889][ T1049] loop3: detected capacity change from 0 to 256 [ 31.770583][ T1049] exfat: Deprecated parameter 'utf8' [ 31.775757][ T1049] exfat: Deprecated parameter 'namecase' [ 31.783034][ T1009] F2FS-fs (loop4): Found nat_bits in checkpoint [ 31.801417][ T1049] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 31.945324][ T1067] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 31.964438][ T1009] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 31.972738][ T1035] loop0: detected capacity change from 0 to 40427 [ 31.978164][ T1070] tun0: tun_chr_ioctl cmd 1074025692 [ 31.984894][ T1035] F2FS-fs (loop0): heap/no_heap options were deprecated [ 31.989831][ T1009] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 32.013095][ T1035] F2FS-fs (loop0): invalid crc value [ 32.036547][ T1035] F2FS-fs (loop0): Found nat_bits in checkpoint [ 32.073024][ T28] audit: type=1326 audit(1743704220.690:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1079 comm="syz.2.322" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9802f8d169 code=0x0 [ 32.108255][ T1009] syz.4.291: attempt to access beyond end of device [ 32.108255][ T1009] loop4: rw=34817, sector=77824, nr_sectors = 128 limit=40427 [ 32.131245][ T1035] F2FS-fs (loop0): Start checkpoint disabled! [ 32.140766][ T28] audit: type=1400 audit(1743704220.760:276): avc: denied { map } for pid=1083 comm="syz.1.323" path="socket:[19990]" dev="sockfs" ino=19990 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 32.181262][ T1035] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 32.202761][ T28] audit: type=1400 audit(1743704220.780:277): avc: denied { read accept } for pid=1083 comm="syz.1.323" path="socket:[19990]" dev="sockfs" ino=19990 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 32.303090][ T10] kworker/u4:1: attempt to access beyond end of device [ 32.303090][ T10] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 32.552801][ T1110] loop1: detected capacity change from 0 to 2048 [ 32.603241][ T1110] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 32.617388][ T1121] device veth2 entered promiscuous mode [ 32.636821][ T28] audit: type=1400 audit(1743704221.260:278): avc: denied { ioctl } for pid=1109 comm="syz.1.336" path="/94/file0/file1" dev="loop1" ino=15 ioctlcmd=0x660b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 32.683485][ T292] EXT4-fs (loop1): unmounting filesystem. [ 32.831091][ T1114] loop3: detected capacity change from 0 to 40427 [ 32.850271][ T1114] F2FS-fs (loop3): invalid crc value [ 32.887444][ T1114] F2FS-fs (loop3): Found nat_bits in checkpoint [ 32.923256][ T28] audit: type=1400 audit(1743704221.540:279): avc: denied { map } for pid=1137 comm="syz.4.346" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=20069 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 33.004369][ T1114] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 33.081967][ T291] syz-executor: attempt to access beyond end of device [ 33.081967][ T291] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 33.099064][ T1148] loop4: detected capacity change from 0 to 512 [ 33.105422][ T1148] EXT4-fs: Ignoring removed mblk_io_submit option [ 33.136177][ T1148] EXT4-fs error (device loop4): ext4_get_branch:178: inode #13: block 2: comm syz.4.350: invalid block [ 33.266122][ T1148] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.350: invalid indirect mapped block 10 (level 1) [ 33.356691][ T1148] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.350: invalid indirect mapped block 8 (level 1) [ 33.396841][ T1148] EXT4-fs (loop4): 1 truncate cleaned up [ 33.402324][ T1148] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 33.496960][ T293] EXT4-fs (loop4): unmounting filesystem. [ 33.690252][ T1183] loop3: detected capacity change from 0 to 128 [ 33.730897][ T1183] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 33.746919][ T1183] ext4 filesystem being mounted at /66/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 33.827093][ T291] EXT4-fs (loop3): unmounting filesystem. [ 33.835655][ T1131] loop1: detected capacity change from 0 to 131072 [ 33.852616][ T1131] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0) [ 33.860647][ T1131] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 33.910435][ T1131] F2FS-fs (loop1): Found nat_bits in checkpoint [ 33.968470][ T1199] loop3: detected capacity change from 0 to 128 [ 33.999475][ T1199] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 34.018155][ T1199] ext4 filesystem being mounted at /69/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 34.055548][ T1131] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 34.067108][ T1131] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 34.107336][ T291] EXT4-fs (loop3): unmounting filesystem. [ 34.128057][ T1217] loop0: detected capacity change from 0 to 16 [ 34.177344][ T1217] erofs: (device loop0): mounted with root inode @ nid 36. [ 34.201888][ T1217] erofs: (device loop0): z_erofs_readahead: readahead error at page 19 @ nid 36 [ 34.229506][ T1217] erofs: (device loop0): z_erofs_readahead: readahead error at page 18 @ nid 36 [ 34.238814][ T1217] erofs: (device loop0): z_erofs_readahead: readahead error at page 17 @ nid 36 [ 34.248875][ T1217] erofs: (device loop0): z_erofs_readahead: readahead error at page 16 @ nid 36 [ 34.281353][ T1231] binder: 1230:1231 ioctl c018620c 200000000140 returned -1 [ 34.296893][ T1217] erofs: (device loop0): z_erofs_pcluster_readmore: readmore error at page 17 @ nid 36 [ 34.322112][ T1217] erofs: (device loop0): z_erofs_pcluster_readmore: readmore error at page 16 @ nid 36 [ 34.361623][ T1217] syz.0.379: attempt to access beyond end of device [ 34.361623][ T1217] loop0: rw=524288, sector=8, nr_sectors = 16 limit=16 [ 34.405705][ T1217] syz.0.379: attempt to access beyond end of device [ 34.405705][ T1217] loop0: rw=524288, sector=67108872, nr_sectors = 16 limit=16 [ 34.407145][ T1239] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 34.570686][ T1248] loop4: detected capacity change from 0 to 256 [ 34.605138][ T1250] syz.3.394[1250] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.605218][ T1250] syz.3.394[1250] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.616735][ T1248] exfat: Deprecated parameter 'utf8' [ 34.652714][ T1248] exfat: Deprecated parameter 'namecase' [ 34.670871][ T1248] exfat: Deprecated parameter 'utf8' [ 34.692735][ T1248] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe20b369b, utbl_chksum : 0xe619d30d) [ 34.806021][ T1261] loop2: detected capacity change from 0 to 512 [ 34.853458][ T1261] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 34.862687][ T1243] loop0: detected capacity change from 0 to 40427 [ 34.875416][ T1243] F2FS-fs (loop0): fault_type options not supported [ 34.902288][ T1243] F2FS-fs (loop0): invalid crc value [ 34.915694][ T1243] F2FS-fs (loop0): Found nat_bits in checkpoint [ 34.923029][ T1261] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 34.937777][ T1273] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 34.952209][ T1261] ext4 filesystem being mounted at /84/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 34.967178][ T1243] F2FS-fs (loop0): Start checkpoint disabled! [ 34.970531][ T1273] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 34.979509][ T1243] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 35.027170][ T290] EXT4-fs (loop2): unmounting filesystem. [ 35.065739][ T813] kworker/u4:4: attempt to access beyond end of device [ 35.065739][ T813] loop0: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 35.136769][ T1292] netlink: 'syz.4.413': attribute type 3 has an invalid length. [ 35.176676][ T24] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 35.356672][ T1327] netem: change failed [ 35.366559][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 35.372690][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 35.398869][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 35.408856][ T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 35.429433][ T24] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 35.455343][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.467450][ T24] usb 4-1: config 0 descriptor?? [ 35.501444][ T1340] xt_hashlimit: size too large, truncated to 1048576 [ 35.512532][ T1337] syz.0.431 (1337) used greatest stack depth: 21520 bytes left [ 35.895910][ T24] microsoft 0003:045E:07DA.0003: ignoring exceeding usage max [ 35.916106][ T24] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 35.933750][ T24] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 35.942387][ T24] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 35.956795][ T24] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 35.980373][ T24] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 35.998141][ T24] microsoft 0003:045E:07DA.0003: No inputs registered, leaving [ 36.016710][ T24] microsoft 0003:045E:07DA.0003: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 36.036576][ T24] microsoft 0003:045E:07DA.0003: no inputs found [ 36.048890][ T1363] loop2: detected capacity change from 0 to 40427 [ 36.052919][ T24] microsoft 0003:045E:07DA.0003: could not initialize ff, continuing anyway [ 36.073961][ T1363] F2FS-fs (loop2): Invalid Fs Meta Ino: node(1) meta(15) root(3) [ 36.083525][ T1363] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 36.092375][ T1363] F2FS-fs (loop2): invalid crc value [ 36.098854][ T1363] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241045588246331391) [ 36.122894][ T24] usb 4-1: USB disconnect, device number 3 [ 36.152470][ T1363] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 36.152532][ T1366] loop4: detected capacity change from 0 to 40427 [ 36.159551][ T1363] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 36.174753][ T1366] F2FS-fs (loop4): fault_injection options not supported [ 36.193891][ T1366] F2FS-fs (loop4): invalid crc value [ 36.208039][ T1380] mmap: syz.0.448 (1380) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 36.220212][ T290] syz-executor: attempt to access beyond end of device [ 36.220212][ T290] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 36.235243][ T1366] F2FS-fs (loop4): Found nat_bits in checkpoint [ 36.296701][ T1366] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 36.365974][ T293] syz-executor: attempt to access beyond end of device [ 36.365974][ T293] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 36.557499][ T1400] loop1: detected capacity change from 0 to 16 [ 36.573892][ T1400] erofs: (device loop1): mounted with root inode @ nid 36. [ 36.584462][ T1400] erofs: (device loop1): z_erofs_readahead: readahead error at page 19 @ nid 36 [ 36.594024][ T1400] erofs: (device loop1): z_erofs_readahead: readahead error at page 18 @ nid 36 [ 36.609300][ T1402] incfs: Options parsing error. -22 [ 36.619567][ T1402] incfs: mount failed -22 [ 36.624280][ T1400] erofs: (device loop1): z_erofs_readahead: readahead error at page 17 @ nid 36 [ 36.647009][ T1400] erofs: (device loop1): z_erofs_readahead: readahead error at page 16 @ nid 36 [ 36.682275][ T1400] erofs: (device loop1): z_erofs_pcluster_readmore: readmore error at page 17 @ nid 36 [ 36.720493][ T1400] erofs: (device loop1): z_erofs_pcluster_readmore: readmore error at page 16 @ nid 36 [ 36.734702][ T1400] syz.1.453: attempt to access beyond end of device [ 36.734702][ T1400] loop1: rw=524288, sector=8, nr_sectors = 16 limit=16 [ 36.749836][ T1400] syz.1.453: attempt to access beyond end of device [ 36.749836][ T1400] loop1: rw=524288, sector=67108872, nr_sectors = 16 limit=16 [ 36.848679][ T1437] netlink: 8 bytes leftover after parsing attributes in process `syz.4.470'. [ 36.946841][ T1453] netlink: 24 bytes leftover after parsing attributes in process `syz.2.478'. [ 37.028325][ T1466] loop1: detected capacity change from 0 to 256 [ 37.085569][ T28] kauditd_printk_skb: 12 callbacks suppressed [ 37.085585][ T28] audit: type=1400 audit(1743704226.697:292): avc: denied { setopt } for pid=1468 comm="syz.0.485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 37.172267][ T28] audit: type=1400 audit(1743704226.787:293): avc: denied { read } for pid=1472 comm="syz.0.487" name="rtc0" dev="devtmpfs" ino=259 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 37.243319][ T1477] netlink: 8 bytes leftover after parsing attributes in process `syz.0.489'. [ 37.256232][ T1462] loop3: detected capacity change from 0 to 40427 [ 37.257244][ T28] audit: type=1400 audit(1743704226.787:294): avc: denied { open } for pid=1472 comm="syz.0.487" path="/dev/rtc0" dev="devtmpfs" ino=259 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 37.286169][ T1462] F2FS-fs (loop3): Wrong SIT boundary, start(1536) end(50334208) blocks(1024) [ 37.297239][ T1462] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 37.299060][ T28] audit: type=1400 audit(1743704226.787:295): avc: denied { ioctl } for pid=1472 comm="syz.0.487" path="/dev/rtc0" dev="devtmpfs" ino=259 ioctlcmd=0x7013 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 37.336212][ T28] audit: type=1400 audit(1743704226.907:296): avc: denied { remove_name } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 37.367939][ T28] audit: type=1400 audit(1743704226.907:297): avc: denied { rename } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 37.395532][ T1462] F2FS-fs (loop3): invalid crc value [ 37.400858][ T28] audit: type=1400 audit(1743704226.907:298): avc: denied { create } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 37.432054][ T1462] F2FS-fs (loop3): Found nat_bits in checkpoint [ 37.477428][ T28] audit: type=1400 audit(1743704227.097:299): avc: denied { mount } for pid=1491 comm="syz.1.495" name="/" dev="configfs" ino=14009 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 37.534490][ T28] audit: type=1400 audit(1743704227.117:300): avc: denied { search } for pid=1491 comm="syz.1.495" name="/" dev="configfs" ino=14009 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 37.558339][ T1462] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 37.565203][ T1462] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 37.613482][ T291] syz-executor: attempt to access beyond end of device [ 37.613482][ T291] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 37.768881][ T24] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 37.776618][ T24] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 37.783822][ T28] audit: type=1400 audit(1743704227.397:301): avc: denied { read } for pid=1513 comm="syz.3.501" name="loop-control" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 37.808942][ T24] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 37.816409][ T24] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 37.823987][ T24] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x2 [ 37.831394][ T24] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 37.838896][ T24] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 37.847730][ T24] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 37.856296][ T24] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 37.865616][ T24] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 37.873733][ T24] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 37.881437][ T24] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 37.894039][ T24] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 37.902424][ T1518] tmpfs: Unknown parameter 'iņ' [ 37.902520][ T24] hid-generic 00A0:0006:0003.0004: hidraw0: HID v0.05 Device [syz1] on syz0 [ 38.166553][ T295] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 38.326570][ T24] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 38.346534][ T295] usb 1-1: Using ep0 maxpacket: 16 [ 38.352685][ T295] usb 1-1: config 0 has no interfaces? [ 38.359897][ T295] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 38.377020][ T295] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 38.390656][ T295] usb 1-1: Product: syz [ 38.395118][ T295] usb 1-1: Manufacturer: syz [ 38.399957][ T295] usb 1-1: SerialNumber: syz [ 38.410733][ T1557] loop3: detected capacity change from 0 to 40427 [ 38.417452][ T295] usb 1-1: config 0 descriptor?? [ 38.423357][ T1557] F2FS-fs (loop3): fault_injection options not supported [ 38.435046][ T1557] F2FS-fs (loop3): invalid crc value [ 38.442046][ T1557] F2FS-fs (loop3): Found nat_bits in checkpoint [ 38.495292][ T1557] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 38.508688][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 38.514764][ T24] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 38.533899][ T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 38.544411][ T24] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 38.555139][ T24] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 38.574372][ T24] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 38.583552][ T291] syz-executor: attempt to access beyond end of device [ 38.583552][ T291] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 38.583640][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 38.605305][ T24] usb 5-1: Product: syz [ 38.609350][ T24] usb 5-1: Manufacturer: syz [ 38.613729][ T24] usb 5-1: SerialNumber: syz [ 38.627271][ T295] usb 1-1: USB disconnect, device number 2 [ 38.735272][ T1566] syz.1.528 (1566) used greatest stack depth: 19560 bytes left [ 38.833286][ T24] usb 5-1: USB disconnect, device number 3 [ 38.892099][ T1587] loop3: detected capacity change from 0 to 2048 [ 38.918226][ T1587] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 38.937971][ T1587] ext4 filesystem being mounted at /102/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.239541][ T1586] loop2: detected capacity change from 0 to 131072 [ 39.246820][ T1586] F2FS-fs (loop2): Segment count (31) mismatch with total segments from devices (0) [ 39.256021][ T1586] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 39.264684][ T1586] F2FS-fs (loop2): invalid crc value [ 39.271398][ T1586] F2FS-fs (loop2): Found nat_bits in checkpoint [ 39.305054][ T1586] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 39.312340][ T1586] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 39.313201][ T291] EXT4-fs (loop3): unmounting filesystem. [ 39.866536][ T295] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 40.046529][ T295] usb 1-1: Using ep0 maxpacket: 16 [ 40.052733][ T295] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 40.061677][ T295] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 40.071657][ T295] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 40.082211][ T295] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 40.107636][ T295] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 40.116532][ T295] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 40.124311][ T295] usb 1-1: Product: syz [ 40.128342][ T295] usb 1-1: Manufacturer: syz [ 40.132735][ T295] usb 1-1: SerialNumber: syz [ 40.352911][ T295] usb 1-1: USB disconnect, device number 3 [ 40.477738][ T1665] loop4: detected capacity change from 0 to 256 [ 40.497666][ T1665] exfat: Deprecated parameter 'namecase' [ 40.508691][ T1665] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 41.032091][ T1690] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 41.257762][ T1702] binder: 1700:1702 ioctl c0306201 0 returned -14 [ 41.274438][ T1702] binder: 1700:1702 ioctl 5403 0 returned -22 [ 41.516917][ T1720] loop0: detected capacity change from 0 to 256 [ 41.530255][ T1720] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 41.768022][ T1735] loop0: detected capacity change from 0 to 512 [ 41.823558][ T1735] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.600: inode #1: comm syz.0.600: iget: illegal inode # [ 41.886930][ T1735] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.600: error while reading EA inode 1 err=-117 [ 41.936743][ T1735] EXT4-fs (loop0): 1 orphan inode deleted [ 41.957037][ T1735] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 42.042196][ T289] EXT4-fs (loop0): unmounting filesystem. [ 42.381408][ T28] kauditd_printk_skb: 16 callbacks suppressed [ 42.381425][ T28] audit: type=1326 audit(1743704231.997:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1752 comm="syz.3.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff23ff8d169 code=0x7ffc0000 [ 42.452862][ T1755] capability: warning: `syz.0.608' uses 32-bit capabilities (legacy support in use) [ 42.486709][ T28] audit: type=1326 audit(1743704231.997:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1752 comm="syz.3.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff23ff8d169 code=0x7ffc0000 [ 42.564368][ T28] audit: type=1326 audit(1743704232.027:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1752 comm="syz.3.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff23ff8d169 code=0x7ffc0000 [ 42.649272][ T28] audit: type=1326 audit(1743704232.027:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1752 comm="syz.3.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff23ff8d169 code=0x7ffc0000 [ 42.710255][ T28] audit: type=1326 audit(1743704232.027:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1752 comm="syz.3.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff23ff8d169 code=0x7ffc0000 [ 42.767861][ T28] audit: type=1326 audit(1743704232.027:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1752 comm="syz.3.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff23ff8d169 code=0x7ffc0000 [ 42.806508][ T28] audit: type=1326 audit(1743704232.027:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1752 comm="syz.3.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff23ff8d169 code=0x7ffc0000 [ 42.854987][ T28] audit: type=1326 audit(1743704232.027:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1752 comm="syz.3.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff23ff8d169 code=0x7ffc0000 [ 42.906624][ T314] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 42.930527][ T28] audit: type=1326 audit(1743704232.027:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1752 comm="syz.3.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff23ff8d169 code=0x7ffc0000 [ 42.976829][ T28] audit: type=1326 audit(1743704232.027:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1752 comm="syz.3.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff23ff8d169 code=0x7ffc0000 [ 43.116534][ T314] usb 2-1: Using ep0 maxpacket: 16 [ 43.123161][ T314] usb 2-1: config 0 has an invalid interface number: 251 but max is 0 [ 43.141979][ T314] usb 2-1: config 0 has no interface number 0 [ 43.156202][ T314] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 43.180477][ T314] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 43.184363][ T1786] loop3: detected capacity change from 0 to 40427 [ 43.206196][ T314] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 43.222526][ T1786] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 43.228711][ T314] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 43.236578][ T1786] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 43.246209][ T1786] F2FS-fs (loop3): invalid crc value [ 43.249917][ T314] usb 2-1: Product: syz [ 43.265703][ T314] usb 2-1: Manufacturer: syz [ 43.270424][ T314] usb 2-1: SerialNumber: syz [ 43.275430][ T1786] F2FS-fs (loop3): Found nat_bits in checkpoint [ 43.275992][ T314] usb 2-1: config 0 descriptor?? [ 43.302006][ T1772] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 43.311244][ T1772] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 43.370019][ T1786] F2FS-fs (loop3): Start checkpoint disabled! [ 43.387127][ T1786] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 43.394092][ T1786] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 43.507277][ T1488] kworker/u4:5: attempt to access beyond end of device [ 43.507277][ T1488] loop3: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 43.532092][ T1772] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 43.542785][ T1772] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 43.706799][ T1809] loop0: detected capacity change from 0 to 1024 [ 43.734911][ T1809] EXT4-fs error (device loop0): ext4_orphan_get:1426: comm syz.0.632: bad orphan inode 2304 [ 43.746656][ T1809] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 43.784600][ T289] EXT4-fs (loop0): unmounting filesystem. [ 43.914785][ T1823] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 44.138174][ T1833] loop2: detected capacity change from 0 to 40427 [ 44.149941][ T1833] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 44.157734][ T1833] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 44.172666][ T314] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 44.180011][ T1835] loop0: detected capacity change from 0 to 40427 [ 44.183932][ T1833] F2FS-fs (loop2): Found nat_bits in checkpoint [ 44.195042][ T314] asix 2-1:0.251 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 44.195209][ T1835] F2FS-fs (loop0): fault_type options not supported [ 44.215505][ T314] asix: probe of 2-1:0.251 failed with error -71 [ 44.218895][ T1835] F2FS-fs (loop0): invalid crc value [ 44.230540][ T314] usb 2-1: USB disconnect, device number 2 [ 44.236577][ T6] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 44.245755][ T1835] F2FS-fs (loop0): Found nat_bits in checkpoint [ 44.263003][ T1833] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 44.270011][ T1833] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 44.302029][ T1835] F2FS-fs (loop0): Start checkpoint disabled! [ 44.309024][ T1835] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 44.344787][ T1835] syz.0.633: attempt to access beyond end of device [ 44.344787][ T1835] loop0: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 44.396949][ T813] kworker/u4:4: attempt to access beyond end of device [ 44.396949][ T813] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 44.427732][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 44.446503][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 44.476298][ T6] usb 5-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 44.496544][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.505148][ T6] usb 5-1: config 0 descriptor?? [ 44.599372][ T1861] loop3: detected capacity change from 0 to 512 [ 44.605876][ T1861] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 44.660128][ T1873] loop3: detected capacity change from 0 to 512 [ 44.668170][ T1873] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 44.680215][ T1873] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.648: bg 0: block 425: padding at end of block bitmap is not set [ 44.694898][ T1873] EXT4-fs (loop3): Remounting filesystem read-only [ 44.710533][ T291] EXT4-fs (loop3): unmounting filesystem. [ 44.771966][ T1894] input: syz1 as /devices/virtual/input/input7 [ 44.878445][ T6] usbhid 5-1:0.0: can't add hid device: -71 [ 44.884278][ T6] usbhid: probe of 5-1:0.0 failed with error -71 [ 44.893508][ T663] udevd[663]: failed to send result of seq 5605 to main daemon: Connection refused [ 44.903359][ T6] usb 5-1: USB disconnect, device number 4 [ 45.066561][ T314] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 45.106540][ T313] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 45.256549][ T314] usb 4-1: Using ep0 maxpacket: 8 [ 45.263642][ T314] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 45.279382][ T314] usb 4-1: config 179 has no interface number 0 [ 45.285523][ T314] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 45.296322][ T313] usb 1-1: Using ep0 maxpacket: 16 [ 45.301726][ T313] usb 1-1: config 0 has an invalid interface number: 251 but max is 0 [ 45.305850][ T314] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 45.316550][ T313] usb 1-1: config 0 has no interface number 0 [ 45.320812][ T314] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 45.330370][ T313] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 45.347449][ T314] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 45.350904][ T313] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 45.370239][ T314] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 45.379174][ T314] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 45.381659][ T313] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 45.397476][ T313] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 45.405097][ T1900] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 45.405501][ T313] usb 1-1: Product: syz [ 45.418988][ T313] usb 1-1: Manufacturer: syz [ 45.423786][ T313] usb 1-1: SerialNumber: syz [ 45.429224][ T313] usb 1-1: config 0 descriptor?? [ 45.434276][ T1908] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 45.441484][ T1908] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 45.501765][ T1938] 9pnet: p9_errstr2errno: server reported unknown error @ [ 45.583501][ T1944] loop4: detected capacity change from 0 to 8192 [ 45.591356][ T1944] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 45.651189][ T1908] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 45.661243][ T1908] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 45.862279][ T314] usb 4-1: USB disconnect, device number 4 [ 45.868071][ C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 45.868110][ C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 46.040228][ T1972] xt_bpf: check failed: parse error [ 46.079801][ T1974] loop1: detected capacity change from 0 to 512 [ 46.088489][ T1974] EXT4-fs (loop1): 1 truncate cleaned up [ 46.094050][ T1974] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 46.127705][ T292] EXT4-fs (loop1): unmounting filesystem. [ 46.286701][ T313] asix 1-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 46.296814][ T313] asix 1-1:0.251 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 46.307073][ T313] asix: probe of 1-1:0.251 failed with error -71 [ 46.314836][ T313] usb 1-1: USB disconnect, device number 4 [ 46.436560][ T1990] loop3: detected capacity change from 0 to 256 [ 46.465612][ T1996] netlink: 'syz.2.704': attribute type 1 has an invalid length. [ 46.501899][ T2002] xt_hashlimit: size too large, truncated to 1048576 [ 46.912108][ T2038] loop2: detected capacity change from 0 to 512 [ 46.925001][ T2038] SELinux: security_context_str_to_sid (unc) failed with errno=-22 [ 47.016329][ T2052] loop2: detected capacity change from 0 to 256 [ 47.052932][ T2056] loop0: detected capacity change from 0 to 512 [ 47.084619][ T2056] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 47.094906][ T2056] ext4 filesystem being mounted at /136/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 47.130229][ T289] EXT4-fs (loop0): unmounting filesystem. [ 47.226590][ T294] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 47.406550][ T294] usb 4-1: Using ep0 maxpacket: 16 [ 47.412904][ T294] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 47.423697][ T294] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 47.433261][ T294] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 47.445875][ T294] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 47.454693][ T294] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 47.463128][ T294] usb 4-1: config 0 descriptor?? [ 47.569957][ T2100] loop0: detected capacity change from 0 to 512 [ 47.576850][ T2100] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 47.586351][ T2100] EXT4-fs (loop0): orphan cleanup on readonly fs [ 47.592890][ T2100] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 47.601298][ T2100] EXT4-fs (loop0): 1 truncate cleaned up [ 47.607103][ T2100] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 47.622528][ T2105] xt_hashlimit: size too large, truncated to 1048576 [ 47.695042][ T289] EXT4-fs (loop0): unmounting filesystem. [ 47.756322][ T28] kauditd_printk_skb: 40 callbacks suppressed [ 47.756339][ T28] audit: type=1400 audit(1743704237.367:368): avc: denied { write } for pid=2114 comm="syz.0.756" name="loop-control" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 47.818816][ T28] audit: type=1400 audit(1743704237.437:369): avc: denied { read } for pid=2118 comm="syz.0.758" dev="nsfs" ino=4026532292 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 47.840484][ T28] audit: type=1400 audit(1743704237.437:370): avc: denied { open } for pid=2118 comm="syz.0.758" path="net:[4026532292]" dev="nsfs" ino=4026532292 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 47.866071][ T28] audit: type=1400 audit(1743704237.447:371): avc: denied { read } for pid=2120 comm="syz.0.759" name="msr" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 47.889748][ T294] koneplus 0003:1E7D:2E22.0005: item fetching failed at offset 0/2 [ 47.898233][ T294] koneplus 0003:1E7D:2E22.0005: parse failed [ 47.904166][ T294] koneplus: probe of 0003:1E7D:2E22.0005 failed with error -22 [ 47.912443][ T28] audit: type=1400 audit(1743704237.447:372): avc: denied { open } for pid=2120 comm="syz.0.759" path="/dev/cpu/0/msr" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 47.937862][ T28] audit: type=1400 audit(1743704237.447:373): avc: denied { create } for pid=2120 comm="syz.0.759" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 48.092745][ T313] usb 4-1: USB disconnect, device number 5 [ 48.141986][ T2158] device veth0 entered promiscuous mode [ 48.148551][ T2158] device macsec1 entered promiscuous mode [ 48.155170][ T2158] device veth0 left promiscuous mode [ 48.168799][ T2161] netlink: 8 bytes leftover after parsing attributes in process `syz.4.778'. [ 48.185773][ T2161] netlink: 8 bytes leftover after parsing attributes in process `syz.4.778'. [ 48.243892][ T2170] xt_bpf: check failed: parse error [ 48.251103][ T28] audit: type=1400 audit(1743704237.867:374): avc: denied { remount } for pid=2172 comm="syz.0.784" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 48.278218][ T28] audit: type=1400 audit(1743704237.897:375): avc: denied { unmount } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 48.318501][ T28] audit: type=1400 audit(1743704237.937:376): avc: denied { write } for pid=2181 comm="syz.1.788" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 48.347862][ T2186] SELinux: Context system_u:object_r:dhcp_state_t:s0 is not valid (left unmapped). [ 48.352957][ T28] audit: type=1400 audit(1743704237.967:377): avc: denied { relabelfrom } for pid=2185 comm="syz.2.790" name="" dev="pipefs" ino=24138 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 48.714364][ T2228] loop2: detected capacity change from 0 to 512 [ 48.721558][ T2228] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 1, start 00000001) [ 48.852831][ T2239] device batadv_slave_0 entered promiscuous mode [ 48.869819][ T2238] device batadv_slave_0 left promiscuous mode [ 49.009692][ T2262] incfs: Options parsing error. -22 [ 49.021493][ T2262] incfs: mount failed -22 [ 49.075044][ T290] ------------[ cut here ]------------ [ 49.080488][ T290] WARNING: CPU: 0 PID: 290 at fs/inode.c:332 drop_nlink+0xc1/0x110 [ 49.088355][ T290] Modules linked in: [ 49.089238][ T2279] netlink: 24 bytes leftover after parsing attributes in process `syz.3.833'. [ 49.092061][ T290] CPU: 0 PID: 290 Comm: syz-executor Not tainted 6.1.129-syzkaller-00054-g3e6e324f5b47 #0 [ 49.110735][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 49.120630][ T290] RIP: 0010:drop_nlink+0xc1/0x110 [ 49.125550][ T290] Code: 1e 48 8d bb b8 04 00 00 be 08 00 00 00 e8 57 d0 ef ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 2f 21 a8 ff <0f> 0b eb 88 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c [ 49.144983][ T290] RSP: 0018:ffffc9000d337bf0 EFLAGS: 00010293 [ 49.150854][ T290] RAX: ffffffff81cd7661 RBX: 0000000000000000 RCX: ffff888110359440 [ 49.158673][ T290] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 49.166456][ T290] RBP: ffffc9000d337c18 R08: ffffffff81cd75e4 R09: 0000000000000003 [ 49.174353][ T290] R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000 [ 49.182219][ T290] R13: 1ffff11021e9a368 R14: ffff88810f4d1af8 R15: ffff88810f4d1b40 [ 49.190113][ T290] FS: 000055557b19f500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 49.198918][ T290] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.205268][ T290] CR2: 000055557b1c24e8 CR3: 000000012e001000 CR4: 00000000003526b0 [ 49.213106][ T290] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.220909][ T290] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.228749][ T290] Call Trace: [ 49.231823][ T290] [ 49.234601][ T290] ? show_regs+0x58/0x60 [ 49.238722][ T290] ? __warn+0x160/0x3d0 [ 49.242674][ T290] ? drop_nlink+0xc1/0x110 [ 49.247190][ T290] ? report_bug+0x4d5/0x7d0 [ 49.251519][ T290] ? drop_nlink+0xc1/0x110 [ 49.255778][ T290] ? handle_bug+0x41/0x70 [ 49.260032][ T290] ? exc_invalid_op+0x1b/0x50 [ 49.264451][ T290] ? asm_exc_invalid_op+0x1b/0x20 [ 49.269337][ T290] ? drop_nlink+0x44/0x110 [ 49.273567][ T290] ? drop_nlink+0xc1/0x110 [ 49.277843][ T290] ? drop_nlink+0xc1/0x110 [ 49.282071][ T290] shmem_rmdir+0x59/0x90 [ 49.286149][ T290] vfs_rmdir+0x398/0x500 [ 49.290279][ T290] incfs_kill_sb+0x113/0x230 [ 49.294657][ T290] deactivate_locked_super+0xad/0x110 [ 49.299900][ T290] deactivate_super+0xbe/0xf0 [ 49.304376][ T290] cleanup_mnt+0x485/0x510 [ 49.308678][ T290] ? user_path_at_empty+0x14e/0x1a0 [ 49.313664][ T290] __cleanup_mnt+0x19/0x20 [ 49.317945][ T290] task_work_run+0x24d/0x2e0 [ 49.322343][ T290] ? task_work_cancel+0x2e0/0x2e0 [ 49.327246][ T290] ? __x64_sys_umount+0x122/0x170 [ 49.332064][ T290] exit_to_user_mode_loop+0x94/0xa0 [ 49.337127][ T290] exit_to_user_mode_prepare+0x5a/0xa0 [ 49.342388][ T290] syscall_exit_to_user_mode+0x26/0x130 [ 49.347813][ T290] do_syscall_64+0x47/0xb0 [ 49.352026][ T290] ? clear_bhb_loop+0x55/0xb0 [ 49.356569][ T290] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 49.362353][ T290] RIP: 0033:0x7f9802f8e497 [ 49.366638][ T290] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 49.386076][ T290] RSP: 002b:00007ffd24c3e818 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 49.394325][ T290] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f9802f8e497 [ 49.402124][ T290] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd24c3e8d0 [ 49.409955][ T290] RBP: 00007ffd24c3e8d0 R08: 0000000000000000 R09: 0000000000000000 [ 49.417831][ T290] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd24c3f960 [ 49.425622][ T290] R13: 00007f980300e08c R14: 000000000000bf9e R15: 00007ffd24c3f9a0 [ 49.433468][ T290] [ 49.436300][ T290] ---[ end trace 0000000000000000 ]--- [ 49.442057][ T290] ================================================================== [ 49.449933][ T290] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60 [ 49.456007][ T290] Write of size 4 at addr 0000000000000170 by task syz-executor/290 [ 49.463820][ T290] [ 49.466002][ T290] CPU: 0 PID: 290 Comm: syz-executor Tainted: G W 6.1.129-syzkaller-00054-g3e6e324f5b47 #0 [ 49.477198][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 49.487080][ T290] Call Trace: [ 49.490205][ T290] [ 49.492981][ T290] dump_stack_lvl+0x151/0x1b7 [ 49.497495][ T290] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 49.502792][ T290] ? _printk+0xd1/0x111 [ 49.506788][ T290] print_report+0xe1/0x4e0 [ 49.511036][ T290] ? __virt_addr_valid+0x59/0x2f0 [ 49.515893][ T290] ? kasan_addr_to_slab+0xd/0x80 [ 49.520670][ T290] ? ihold+0x20/0x60 [ 49.524399][ T290] kasan_report+0x13c/0x170 [ 49.528748][ T290] ? ihold+0x20/0x60 [ 49.532475][ T290] kasan_check_range+0x294/0x2a0 [ 49.537352][ T290] __kasan_check_write+0x14/0x20 [ 49.542119][ T290] ihold+0x20/0x60 [ 49.545673][ T290] vfs_rmdir+0x268/0x500 [ 49.549756][ T290] incfs_kill_sb+0x113/0x230 [ 49.554298][ T290] deactivate_locked_super+0xad/0x110 [ 49.559501][ T290] deactivate_super+0xbe/0xf0 [ 49.564013][ T290] cleanup_mnt+0x485/0x510 [ 49.568358][ T290] ? user_path_at_empty+0x14e/0x1a0 [ 49.573407][ T290] __cleanup_mnt+0x19/0x20 [ 49.577646][ T290] task_work_run+0x24d/0x2e0 [ 49.582067][ T290] ? task_work_cancel+0x2e0/0x2e0 [ 49.586927][ T290] ? __x64_sys_umount+0x122/0x170 [ 49.591787][ T290] exit_to_user_mode_loop+0x94/0xa0 [ 49.596821][ T290] exit_to_user_mode_prepare+0x5a/0xa0 [ 49.602124][ T290] syscall_exit_to_user_mode+0x26/0x130 [ 49.607497][ T290] do_syscall_64+0x47/0xb0 [ 49.611864][ T290] ? clear_bhb_loop+0x55/0xb0 [ 49.616375][ T290] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 49.622103][ T290] RIP: 0033:0x7f9802f8e497 [ 49.626353][ T290] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 49.645805][ T290] RSP: 002b:00007ffd24c3e818 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 49.654043][ T290] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f9802f8e497 [ 49.662033][ T290] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd24c3e8d0 [ 49.669840][ T290] RBP: 00007ffd24c3e8d0 R08: 0000000000000000 R09: 0000000000000000 [ 49.677649][ T290] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd24c3f960 [ 49.685463][ T290] R13: 00007f980300e08c R14: 000000000000bf9e R15: 00007ffd24c3f9a0 [ 49.693380][ T290] [ 49.696236][ T290] ================================================================== [ 49.706754][ T290] Disabling lock debugging due to kernel taint [ 49.712746][ T290] BUG: kernel NULL pointer dereference, address: 0000000000000170 [ 49.720380][ T290] #PF: supervisor write access in kernel mode [ 49.726275][ T290] #PF: error_code(0x0002) - not-present page [ 49.732083][ T290] PGD 13158e067 P4D 13158e067 PUD 0 [ 49.737201][ T290] Oops: 0002 [#1] PREEMPT SMP KASAN [ 49.742237][ T290] CPU: 1 PID: 290 Comm: syz-executor Tainted: G B W 6.1.129-syzkaller-00054-g3e6e324f5b47 #0 [ 49.753434][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 49.763327][ T290] RIP: 0010:ihold+0x25/0x60 [ 49.767664][ T290] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 01 19 a8 ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 00 c8 ef ff bb 01 00 00 00 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 84 1c a8 [ 49.787111][ T290] RSP: 0018:ffffc9000d337c30 EFLAGS: 00010246 [ 49.793011][ T290] RAX: ffff888110359400 RBX: 0000000000000001 RCX: ffff888110359440 [ 49.800819][ T290] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 49.808630][ T290] RBP: ffffc9000d337c40 R08: ffffffff8144b443 R09: fffffbfff0f6e8fd [ 49.816527][ T290] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff11026777014 [ 49.824338][ T290] R13: ffff888131b84330 R14: 0000000000000000 R15: 1ffff1102637086c [ 49.832283][ T290] FS: 000055557b19f500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 49.841050][ T290] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.847468][ T290] CR2: 0000000000000170 CR3: 000000012e001000 CR4: 00000000003526a0 [ 49.855386][ T290] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.863197][ T290] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.871006][ T290] Call Trace: [ 49.874128][ T290] [ 49.876910][ T290] ? __die_body+0x62/0xb0 [ 49.881072][ T290] ? __die+0x7e/0x90 [ 49.884892][ T290] ? page_fault_oops+0x7f9/0xa90 [ 49.889664][ T290] ? vprintk_default+0x26/0x30 [ 49.894354][ T290] ? kernelmode_fixup_or_oops+0xd0/0xd0 [ 49.899733][ T290] ? add_taint+0x44/0xe0 [ 49.903818][ T290] ? panic+0x667/0x667 [ 49.907722][ T290] ? exc_page_fault+0x529/0x6d0 [ 49.912408][ T290] ? asm_exc_page_fault+0x27/0x30 [ 49.917278][ T290] ? add_taint+0x93/0xe0 [ 49.921344][ T290] ? ihold+0x25/0x60 [ 49.925075][ T290] vfs_rmdir+0x268/0x500 [ 49.929155][ T290] incfs_kill_sb+0x113/0x230 [ 49.933591][ T290] deactivate_locked_super+0xad/0x110 [ 49.938790][ T290] deactivate_super+0xbe/0xf0 [ 49.943302][ T290] cleanup_mnt+0x485/0x510 [ 49.947553][ T290] ? user_path_at_empty+0x14e/0x1a0 [ 49.952588][ T290] __cleanup_mnt+0x19/0x20 [ 49.956854][ T290] task_work_run+0x24d/0x2e0 [ 49.961367][ T290] ? task_work_cancel+0x2e0/0x2e0 [ 49.966216][ T290] ? __x64_sys_umount+0x122/0x170 [ 49.971079][ T290] exit_to_user_mode_loop+0x94/0xa0 [ 49.976124][ T290] exit_to_user_mode_prepare+0x5a/0xa0 [ 49.981405][ T290] syscall_exit_to_user_mode+0x26/0x130 [ 49.986791][ T290] do_syscall_64+0x47/0xb0 [ 49.991038][ T290] ? clear_bhb_loop+0x55/0xb0 [ 49.995551][ T290] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 50.001279][ T290] RIP: 0033:0x7f9802f8e497 [ 50.005533][ T290] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 50.024972][ T290] RSP: 002b:00007ffd24c3e818 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 50.033303][ T290] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f9802f8e497 [ 50.041115][ T290] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd24c3e8d0 [ 50.048927][ T290] RBP: 00007ffd24c3e8d0 R08: 0000000000000000 R09: 0000000000000000 [ 50.056833][ T290] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd24c3f960 [ 50.064636][ T290] R13: 00007f980300e08c R14: 000000000000bf9e R15: 00007ffd24c3f9a0 [ 50.072452][ T290] [ 50.075311][ T290] Modules linked in: [ 50.079060][ T290] CR2: 0000000000000170 [ 50.083041][ T290] ---[ end trace 0000000000000000 ]--- [ 50.088330][ T290] RIP: 0010:ihold+0x25/0x60 [ 50.092671][ T290] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 01 19 a8 ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 00 c8 ef ff bb 01 00 00 00 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 84 1c a8 [ 50.112113][ T290] RSP: 0018:ffffc9000d337c30 EFLAGS: 00010246 [ 50.118013][ T290] RAX: ffff888110359400 RBX: 0000000000000001 RCX: ffff888110359440 [ 50.125825][ T290] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 50.133636][ T290] RBP: ffffc9000d337c40 R08: ffffffff8144b443 R09: fffffbfff0f6e8fd [ 50.141447][ T290] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff11026777014 [ 50.149258][ T290] R13: ffff888131b84330 R14: 0000000000000000 R15: 1ffff1102637086c [ 50.157080][ T290] FS: 000055557b19f500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 50.165841][ T290] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 50.172263][ T290] CR2: 0000000000000170 CR3: 000000012e001000 CR4: 00000000003526a0 [ 50.180074][ T290] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 50.187887][ T290] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 50.195696][ T290] Kernel panic - not syncing: Fatal exception [ 50.201888][ T290] Kernel Offset: disabled [ 50.206021][ T290] Rebooting in 86400 seconds..