last executing test programs: 2.709753105s ago: executing program 0 (id=126): r0 = syz_usb_connect$uac1(0x2, 0x71, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x0, 0x0, 0x0, {{}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x8}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0xf, 0x0, {0x7}}}}}}}]}}, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000000ac0)={0x14, 0x0, &(0x7f00000004c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x83e}}}, 0x0) syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xb}}, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_DISCONNECT_CLAIM(r1, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a60274fcffffffffffffff14e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e006204df635e731a5bfcf142f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd400cfdfe756bc00d08e36655c00"}) 2.213838038s ago: executing program 4 (id=131): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000340)=ANY=[@ANYRESOCT], 0xda00) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r1, 0x29, 0x41, 0x0, &(0x7f0000000000)) 2.206093388s ago: executing program 4 (id=132): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000ebffff49"]) 2.182577778s ago: executing program 4 (id=133): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_MLD_VERSION={0x5}]}}}]}, 0x3c}, 0x1, 0xffffffea}, 0x0) 2.102468728s ago: executing program 4 (id=134): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000005c0)='syz_tun\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x42, &(0x7f0000000240)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x10, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x0, 0x2000000}]}}}}}}}, 0x0) 1.336239343s ago: executing program 2 (id=139): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x306) 1.272230393s ago: executing program 2 (id=140): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) syz_emit_ethernet(0xfffffffffffffc1f, &(0x7f0000000180)={@multicast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @val={@val={0x88a8, 0x7, 0x0, 0x3}, {0x8100, 0x0, 0x0, 0x4}}, {@mpls_mc={0x8848, {[{0x81}, {0xd9}, {0x8c}, {0x8}, {0x2}], @generic="afc4bc265b48ac12c265e93a78ad83a059e77cfaa4e5346d10c47047d4628bded5895460701c8332"}}}}, 0x0) 1.263247413s ago: executing program 2 (id=141): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) lseek(0xffffffffffffffff, 0x0, 0x4) 1.254674863s ago: executing program 2 (id=142): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) socketpair(0xf, 0x3, 0x2, &(0x7f00000001c0)) 1.246660703s ago: executing program 4 (id=143): r0 = socket$vsock_stream(0x28, 0x1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x2) connect$vsock_stream(r0, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) shutdown(r0, 0x0) 1.239839413s ago: executing program 2 (id=144): r0 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000540)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$selinux_access(r0, &(0x7f0000000180)={'system_u:object_r:apm_bios_t:s0', 0x20, 'system_u:system_r:kernel_t:s0'}, 0x53) 1.195508523s ago: executing program 4 (id=145): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f00000006c0)=ANY=[@ANYBLOB="12010000020100102505a1a4400000000001090244000101000000090400001602020000052406000005240000000d240f01060000000000000000090581032000000000090582020800000000090503020002"], 0x0) 1.188148884s ago: executing program 2 (id=146): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000280)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x40000000004) ioctl$TCFLSH(r0, 0x400455c8, 0x40000000004) 794.341046ms ago: executing program 3 (id=149): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x8000002}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x3a, &(0x7f00000003c0)=0xe03, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x2200c041, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000580)="9a2b9fc58834", 0x6, 0x4000, 0x0, 0x0) 767.322986ms ago: executing program 3 (id=150): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) fchownat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0) 641.914687ms ago: executing program 1 (id=151): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) 629.730137ms ago: executing program 1 (id=152): add_key$user(&(0x7f0000001e80), 0x0, 0x0, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) syz_clone(0xd5ba2180, 0x0, 0x0, 0x0, 0x0, 0x0) 619.786677ms ago: executing program 3 (id=153): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000000)="66b9960000400f32670f2298baf80c66b83c0ec18266efbafc0c66b800fcd8a366ef0f161e47a20fff66d166b8000000000f23d00f21f86635100000080f23f80f3806670c26660f6cc96764f30fc7b6007000000f01c8", 0x53}], 0xaaaaaaaaaaaac59, 0x64, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 576.747907ms ago: executing program 3 (id=154): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="190000000400000008000000ff"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20) umount2(&(0x7f0000001480)='./file1\x00', 0x0) 559.471107ms ago: executing program 0 (id=155): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c000200200000001f000000060001000000000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0) 550.585067ms ago: executing program 3 (id=156): syz_mount_image$fuse(0x0, &(0x7f0000000300)='./file0\x00', 0x500, 0x0, 0x1, 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) unlinkat(r0, &(0x7f00000001c0)='./file0/../file0\x00', 0x200) 546.124817ms ago: executing program 1 (id=157): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/locks\x00', 0x0, 0x0) pread64(r0, &(0x7f0000000180)=""/73, 0x49, 0x0) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) r1 = open(&(0x7f00009e1000)='./file0\x00', 0xe2282, 0x0) fcntl$setlease(r1, 0x400, 0x0) 525.491248ms ago: executing program 3 (id=158): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r0}, 0x10) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 508.003028ms ago: executing program 1 (id=159): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10) getrlimit(0x0, &(0x7f0000000000)) 418.280778ms ago: executing program 1 (id=160): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) setns(r2, 0x24020000) 358.481388ms ago: executing program 1 (id=161): prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SET_MM(0x23, 0x9, &(0x7f0000004000/0x3000)=nil) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00') read$FUSE(r0, &(0x7f0000006800)={0x2020}, 0x2020) 342.995209ms ago: executing program 0 (id=162): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000001000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b70300000000ffff850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) recvmsg(0xffffffffffffffff, 0x0, 0x40fd) syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x200c840, &(0x7f0000000240)={[{@discard}, {@noload}]}, 0x64, 0x537, &(0x7f0000000f80)="$eJzs3c9vI1cdAPDvOHZIdrN1Chygh1JoUXYFaycNbSMObREITpWAcl9C4kRRnDhKnHYTVTQRfwAXBEic4MIFif8AVeLCsUIqgjOIIhCCLRw4wA4ae5zNZu04G5w4JJ+PNDvvza/ve/bOjzfzMg7gynomIl6NiPtpmt6KiHI+vZAPsdcesuU+uPfWQjYkkaav/y2JJJ/W2VaSj6/nq41FxNe/EvGt5NG4Wzu7q/P1em0zz1ebaxvVrZ3d2ytr88u15dr67OzMi3Mvzb0wNz2Qet6IiJe/9Kfvf/enX375F5998w93/nLz21mxvpjPP1yPx1Q8bma76qXWZ3F4hc2IV04Z78IptmqYGz/ZOvtnWB4AAHrLrvE/HBGfiohbUY6R4y9nAQAAgP9D6SsT8e8kIu1utNvEsei5PAAAAHABFSJiIpJCJe8LMBGFQqXS7sP70biWvh3R/MxSY3t9MZsXMRmlwtJKvTad9xWejFKS5Wda6Qf559v5/fcjWvnZiHgyIr5XHm/lKwuN+uKwb34AAADAFXH9SPv/n+V2+x8AAAC4ZCaHXQAAAADgzGn/AwAAwOWn/Q8AAACX2ldfey0b0s7vXy++sbO92njj9mJta7Wytr1QWWhsblSWG43l1jv71vptr95obHwu1rfvVpu1rWZ1a2f3zlpje715Z+Whn8AGAAAAztGTn3jnd0lE7H1+vDVkRnssO3KuJQPOWvEgleTjLnv/759oj98/p0IB56LfOf035XMqCHDuisMuADA0pcdZ2N8JwKWU9Jnfs/POu/n4k4MtDwAAMHhTH+/9/L9w7Jp7x88GLjw7MVxdnef/TxzJA5df6/l/rw6/R7lYgEul5IwPV17f5/+9OgC8e9IIafp4JQIAAAZtojUkhUp+e28iCoVKJeJGq7t/KVlaqdem8+cDvy2XPpTlZ1prJn3bDAAAAAAAAAAAAAAAAAAAAAAAAABAW5omkQIAAACXWkThz8kv2+/ynyo/N3H0/sBo8q9y5D8R+uaPXv/B3flmc3Mmm/73g+nNH+bTnx/GHQwAAADgqE47vdOOBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBB+uDeWwudoTMtLZ993L9+ISImu8UvxlhrPBaliLj2jySKh9ZLImJkAPH39iPiY93iJ1mxDkJ2iz9+9vFjMv8UusW/PoD4cJW9kx1/Xs32v9GIOLz/FeKZ1rj7/leMeCh/Wq3jX3aA63L87Rz/Rnrs/zeObGuyR4yn3vt5tWf8/Yinit2PP534SY/4z56wjt/8xu5ur3npjyOmup5/kodiVZtrG9Wtnd3bK2vzy7Xl2vrs7MyLcy/NvTA3XV1aqdfyfx/ZfqlP2bL6X+sRf7JP/Z87Yf3/897dex/pUZws/s1nu8T/1U/yJR6NX8jPfZ/O09n8qU56r50+7Omf/frp4+q/2KP+/b7/myes/62vfeePEXH/0FcKAAzR1s7u6ny9Xts8NpFdtvRb5qImslb6BSiGxOkSJ/0veqrE2wPdYJqmafxve0oSQ//AO4lhH5kAAIBBe3DRP+ySAAAAAAAAAAAAAAAAAAAAwNV1Hq8TOxpz7yCVDOIV2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/HfAAAA///xwNLS") 227.456139ms ago: executing program 0 (id=163): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000052a190010000040"]) 111.29662ms ago: executing program 0 (id=164): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000003"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='rss_stat\x00', r1}, 0x10) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 0 (id=165): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) listxattr(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.137' (ED25519) to the list of known hosts. [ 32.037871][ T24] audit: type=1400 audit(1732151256.210:66): avc: denied { mounton } for pid=286 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 32.038875][ T286] cgroup: Unknown subsys name 'net' [ 32.060296][ T24] audit: type=1400 audit(1732151256.210:67): avc: denied { mount } for pid=286 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 32.087223][ T24] audit: type=1400 audit(1732151256.230:68): avc: denied { unmount } for pid=286 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 32.087693][ T286] cgroup: Unknown subsys name 'devices' [ 32.197952][ T286] cgroup: Unknown subsys name 'hugetlb' [ 32.203323][ T286] cgroup: Unknown subsys name 'rlimit' [ 32.370713][ T24] audit: type=1400 audit(1732151256.540:69): avc: denied { setattr } for pid=286 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=249 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 32.393662][ T24] audit: type=1400 audit(1732151256.540:70): avc: denied { mounton } for pid=286 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 32.418186][ T24] audit: type=1400 audit(1732151256.540:71): avc: denied { mount } for pid=286 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 32.423491][ T289] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 32.449661][ T24] audit: type=1400 audit(1732151256.620:72): avc: denied { relabelto } for pid=289 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 32.474853][ T24] audit: type=1400 audit(1732151256.620:73): avc: denied { write } for pid=289 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 32.532969][ T24] audit: type=1400 audit(1732151256.700:74): avc: denied { read } for pid=286 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 32.558252][ T24] audit: type=1400 audit(1732151256.700:75): avc: denied { open } for pid=286 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 32.584054][ T286] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 32.973200][ T297] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.980167][ T297] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.987338][ T297] device bridge_slave_0 entered promiscuous mode [ 32.994872][ T297] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.001737][ T297] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.008780][ T297] device bridge_slave_1 entered promiscuous mode [ 33.027047][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.033872][ T296] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.041152][ T296] device bridge_slave_0 entered promiscuous mode [ 33.047713][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.054531][ T296] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.061713][ T296] device bridge_slave_1 entered promiscuous mode [ 33.114655][ T300] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.121638][ T300] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.128816][ T300] device bridge_slave_0 entered promiscuous mode [ 33.135418][ T300] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.142274][ T300] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.149326][ T300] device bridge_slave_1 entered promiscuous mode [ 33.162416][ T298] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.169263][ T298] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.176284][ T298] device bridge_slave_0 entered promiscuous mode [ 33.183319][ T298] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.190176][ T298] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.197322][ T298] device bridge_slave_1 entered promiscuous mode [ 33.238527][ T299] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.245357][ T299] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.252556][ T299] device bridge_slave_0 entered promiscuous mode [ 33.277277][ T299] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.284099][ T299] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.291965][ T299] device bridge_slave_1 entered promiscuous mode [ 33.329006][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.335835][ T296] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.342949][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.349740][ T296] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.383578][ T297] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.390418][ T297] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.417869][ T300] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.424697][ T300] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.431796][ T300] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.438601][ T300] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.460104][ T283] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.467257][ T283] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.474249][ T283] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.481204][ T283] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.488134][ T283] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.495871][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.503101][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.529036][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 33.537269][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 33.545204][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.552040][ T283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.559496][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.567487][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.574294][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.581475][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 33.588610][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.608349][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 33.616219][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.623003][ T283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.630194][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.638717][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.645529][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.652750][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.660439][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.668140][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.675752][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.698468][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.705740][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.713039][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 33.720998][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.727826][ T283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.735274][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 33.752126][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.760346][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.768768][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.777079][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.783894][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.791234][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 33.799244][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.806051][ T283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.817289][ T296] device veth0_vlan entered promiscuous mode [ 33.834072][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.841758][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 33.849085][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 33.856349][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.865298][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.873067][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.881197][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.888031][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.898691][ T297] device veth0_vlan entered promiscuous mode [ 33.909166][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.916951][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 33.924049][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 33.933170][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 33.944799][ T296] device veth1_macvtap entered promiscuous mode [ 33.954295][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.962006][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 33.970193][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.977943][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.985927][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.997030][ T297] device veth1_macvtap entered promiscuous mode [ 34.006447][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 34.014695][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 34.023181][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 34.031244][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 34.039637][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.046443][ T283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.055024][ T298] device veth0_vlan entered promiscuous mode [ 34.063738][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 34.071194][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 34.078885][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 34.086578][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 34.094601][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 34.102929][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 34.111212][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 34.119231][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.126046][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.133380][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 34.140693][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 34.150713][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 34.159001][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 34.177444][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 34.185422][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 34.193540][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 34.201803][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 34.209950][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 34.217618][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 34.225275][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 34.233152][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 34.247756][ T300] device veth0_vlan entered promiscuous mode [ 34.255270][ T296] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 34.273385][ T298] device veth1_macvtap entered promiscuous mode [ 34.287615][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 34.295418][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 34.307814][ T326] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 34.323868][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 34.332775][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 34.362489][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 34.375670][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 34.390217][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 34.409386][ T299] device veth0_vlan entered promiscuous mode [ 34.415282][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 34.423616][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 34.433092][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 34.440881][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 34.460126][ T300] device veth1_macvtap entered promiscuous mode [ 34.467861][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 34.475681][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 34.483087][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 34.491309][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 34.499617][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 34.507766][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 34.515852][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 34.525067][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 34.533224][ T283] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 34.544999][ T336] netlink: 'syz.3.8': attribute type 3 has an invalid length. [ 34.579859][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 34.588320][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 34.596376][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 34.604813][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 34.616025][ T299] device veth1_macvtap entered promiscuous mode [ 34.641996][ T344] cgroup: syz.0.12 (344) created nested cgroup for controller "memory" which has incomplete hierarchy support. Nested cgroups may change behavior in the future. [ 34.646656][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 34.665991][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 34.673940][ T344] cgroup: "memory" requires setting use_hierarchy to 1 on the root [ 34.688685][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 34.726716][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 34.744891][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 34.762348][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 34.778732][ T318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 34.943552][ T375] syz.4.23[375] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.943599][ T375] syz.4.23[375] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 35.062314][ T377] loop2: p3 < > p4 < > [ 35.158163][ T380] loop1: p1 < > p3 < p5 > p4 [ 35.162666][ T380] loop1: partition table partially beyond EOD, truncated [ 35.186763][ T380] loop1: p1 start 4294967040 is beyond EOD, truncated [ 35.211611][ T323] udevd[323]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 35.222986][ T324] udevd[324]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 35.293867][ T323] udevd[323]: inotify_add_watch(7, /dev/loop1p5, 10) failed: No such file or directory [ 35.304046][ T324] udevd[324]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 35.317914][ T387] udevd[387]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 35.466994][ T20] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 35.719537][ T20] usb 3-1: Using ep0 maxpacket: 32 [ 35.767754][ T370] F2FS-fs (loop3): Wrong CP boundary, start(512) end(198144) blocks(1024) [ 35.776250][ T401] F2FS-fs (loop4): fault_type options not supported [ 35.784536][ T370] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 35.785126][ T401] F2FS-fs (loop4): invalid crc value [ 35.793327][ T370] F2FS-fs (loop3): invalid crc value [ 35.805199][ T401] F2FS-fs (loop4): Found nat_bits in checkpoint [ 35.809501][ T370] F2FS-fs (loop3): Found nat_bits in checkpoint [ 35.836707][ T20] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 35.848121][ T20] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 35.850814][ T401] F2FS-fs (loop4): Start checkpoint disabled! [ 35.862809][ T20] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 35.871749][ T20] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 35.873073][ T401] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 35.883541][ T370] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0 [ 35.895494][ T370] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 35.902829][ T20] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 35.912520][ T20] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 35.925518][ T20] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 35.934854][ T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.959539][ T20] usb 3-1: config 0 descriptor?? [ 35.965270][ T417] input: syz1 as /devices/virtual/input/input4 [ 36.052808][ T318] attempt to access beyond end of device [ 36.052808][ T318] loop4: rw=2049, want=40968, limit=40427 [ 36.183232][ T432] bridge0: port 3(vlan2) entered blocking state [ 36.201355][ T432] bridge0: port 3(vlan2) entered disabled state [ 36.227692][ T20] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 36.317642][ T447] capability: warning: `syz.3.46' uses deprecated v2 capabilities in a way that may be insecure [ 36.431676][ T54] usb 3-1: USB disconnect, device number 2 [ 36.456553][ C0] usblp0: nonzero read bulk status received: -108 [ 36.567612][ T481] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 36.642991][ T390] usblp0: removed [ 36.846638][ T320] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 36.886582][ T319] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 37.016594][ T20] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 37.126596][ T319] usb 2-1: Using ep0 maxpacket: 16 [ 37.164240][ T24] kauditd_printk_skb: 186 callbacks suppressed [ 37.164250][ T24] audit: type=1326 audit(1732151261.330:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=496 comm="syz.2.67" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5acbaa4819 code=0x7ffc0000 [ 37.197435][ T24] audit: type=1326 audit(1732151261.340:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=496 comm="syz.2.67" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5acbaa4819 code=0x7ffc0000 [ 37.221124][ T24] audit: type=1326 audit(1732151261.340:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=496 comm="syz.2.67" exe="/root/syz-executor" sig=0 arch=c000003e syscall=98 compat=0 ip=0x7f5acbaa4819 code=0x7ffc0000 [ 37.244492][ T24] audit: type=1326 audit(1732151261.340:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=496 comm="syz.2.67" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5acbaa4819 code=0x7ffc0000 [ 37.267577][ T24] audit: type=1326 audit(1732151261.360:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=496 comm="syz.2.67" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5acbaa4819 code=0x7ffc0000 [ 37.290434][ T319] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 37.290455][ T319] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 37.290468][ T319] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 37.290488][ T319] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 37.290499][ T319] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 37.290835][ T20] usb 1-1: Using ep0 maxpacket: 16 [ 37.301599][ T24] audit: type=1326 audit(1732151261.390:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=498 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5acbaa4819 code=0x7ffc0000 [ 37.326660][ T492] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 37.374814][ T320] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 37.377226][ T24] audit: type=1326 audit(1732151261.390:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=498 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5acbaa4819 code=0x7ffc0000 [ 37.394923][ T320] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 37.410172][ T319] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 37.418694][ T320] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 37.427251][ T319] cdc_acm 2-1:1.0: ttyACM0: USB ACM device [ 37.440452][ T24] audit: type=1326 audit(1732151261.390:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=498 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5acbaa4819 code=0x7ffc0000 [ 37.463282][ T320] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 37.471718][ T24] audit: type=1326 audit(1732151261.390:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=498 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5acbaa4819 code=0x7ffc0000 [ 37.472381][ T320] usb 5-1: config 0 descriptor?? [ 37.494918][ T20] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 37.510545][ T24] audit: type=1326 audit(1732151261.390:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=498 comm="syz.2.68" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5acbaa4819 code=0x7ffc0000 [ 37.533718][ T20] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 37.543387][ T20] usb 1-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 37.552532][ T20] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 37.561077][ T20] usb 1-1: config 0 descriptor?? [ 37.605668][ T513] serio: Serial port ptm0 [ 37.628915][ T319] usb 2-1: USB disconnect, device number 2 [ 37.997307][ T320] keytouch 0003:0926:3333.0001: fixing up Keytouch IEC report descriptor [ 38.006614][ T320] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0001/input/input6 [ 38.037955][ T20] hid-multitouch 0003:1FD2:6007.0002: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.0-1/input0 [ 38.099108][ T320] keytouch 0003:0926:3333.0001: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 38.149608][ T520] kvm [519]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010005 data 0x0 [ 38.234426][ T423] usb 5-1: USB disconnect, device number 2 [ 38.240113][ C0] keytouch 0003:0926:3333.0001: usb_submit_urb(ctrl) failed: -19 [ 38.254835][ T320] usb 1-1: USB disconnect, device number 2 [ 38.505374][ T545] F2FS-fs (loop2): invalid crc value [ 38.511616][ T545] F2FS-fs (loop2): Found nat_bits in checkpoint [ 38.533505][ T545] F2FS-fs (loop2): Start checkpoint disabled! [ 38.540169][ T545] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 38.547629][ T560] ====================================================== [ 38.547629][ T560] WARNING: the mand mount option is being deprecated and [ 38.547629][ T560] will be removed in v5.15! [ 38.547629][ T560] ====================================================== [ 38.594077][ T560] EXT4-fs error (device loop3): ext4_expand_extra_isize_ea:2756: inode #11: comm syz.3.92: corrupted xattr block 95 [ 38.606418][ T560] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2806: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 38.619347][ T560] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm syz.3.92: bg 0: block 7: invalid block bitmap [ 38.631500][ T560] EXT4-fs error (device loop3) in ext4_mb_clear_bb:5647: Corrupt filesystem [ 38.640142][ T560] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2921: inode #11: comm syz.3.92: corrupted xattr block 95 [ 38.651967][ T560] EXT4-fs warning (device loop3): ext4_evict_inode:303: xattr delete (err -117) [ 38.660837][ T560] EXT4-fs (loop3): 1 orphan inode deleted [ 38.666393][ T560] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 38.696568][ T422] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 38.936575][ T422] usb 2-1: Using ep0 maxpacket: 16 [ 39.031289][ T20] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=20 comm=kworker/1:0 [ 39.043737][ T319] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 39.051069][ T423] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 39.058335][ T422] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 39.069119][ T422] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 39.078916][ T422] usb 2-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 39.087873][ T422] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 39.096103][ T422] usb 2-1: config 0 descriptor?? [ 39.306571][ T423] usb 3-1: Using ep0 maxpacket: 16 [ 39.406596][ T319] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 39.416165][ T319] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 39.456602][ T423] usb 3-1: config 0 has no interfaces? [ 39.461894][ T423] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 39.470879][ T423] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 39.479479][ T423] usb 3-1: config 0 descriptor?? [ 39.576824][ T319] usb 5-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 39.585702][ T319] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 39.585917][ T422] hid-multitouch 0003:1FD2:6007.0003: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.1-1/input0 [ 39.593709][ T319] usb 5-1: Product: syz [ 39.613231][ T319] usb 5-1: Manufacturer: syz [ 39.618024][ T319] usb 5-1: SerialNumber: syz [ 39.622879][ T319] usb 5-1: config 0 descriptor?? [ 39.646639][ T577] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 39.654085][ T589] EXT4-fs (loop3): Ignoring removed orlov option [ 39.654539][ T577] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 39.665114][ T589] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 39.677812][ T589] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue [ 39.729005][ T392] usb 3-1: USB disconnect, device number 3 [ 39.784464][ T422] usb 2-1: USB disconnect, device number 3 [ 39.889122][ T577] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 39.896108][ T577] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 39.923117][ T612] SELinux: Context system_u:object_r:tmpfs_t:s0 is not valid (left unmapped). [ 40.357212][ T624] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 40.373787][ T624] EXT4-fs (loop1): mounted filesystem without journal. Opts: nojournal_checksum,usrjquota=,errors=remount-ro,discard,auto_da_alloc,mblk_io_submit,nouid32,barrier=0x0000000000000000,grpjquota=,bsddf, [ 40.470566][ T624] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.117: bg 0: block 234: padding at end of block bitmap is not set [ 40.516647][ T392] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 40.526200][ T624] EXT4-fs (loop1): Remounting filesystem read-only [ 40.813270][ T640] syz.0.122[640] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 40.813303][ T640] syz.0.122[640] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 40.886640][ T392] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 40.905585][ T392] usb 3-1: config 0 has no interface number 0 [ 40.911507][ T20] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 40.918789][ T319] dm9601 5-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71 [ 40.927275][ T392] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 40.939118][ T319] dm9601 5-1:0.0 eth1: register 'dm9601' at usb-dummy_hcd.4-1, Davicom DM96xx USB 10/100 Ethernet, 36:5f:aa:9a:36:54 [ 40.951172][ T392] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 40.962596][ T319] usb 5-1: USB disconnect, device number 3 [ 40.969129][ T392] usb 3-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 40.978468][ T319] dm9601 5-1:0.0 eth1: unregister 'dm9601' usb-dummy_hcd.4-1, Davicom DM96xx USB 10/100 Ethernet [ 40.988777][ T392] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 40.998894][ T392] usb 3-1: config 0 descriptor?? [ 41.126572][ T422] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 41.134054][ T423] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 41.176585][ T20] usb 4-1: Using ep0 maxpacket: 16 [ 41.296609][ T20] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10 [ 41.307967][ T20] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 41.319112][ T20] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 41.332197][ T20] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 41.341184][ T20] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 41.351090][ T20] usb 4-1: config 0 descriptor?? [ 41.372197][ T659] mmap: syz.4.130 (659) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 41.397442][ T423] usb 2-1: Using ep0 maxpacket: 16 [ 41.476760][ T392] hid (null): global environment stack underflow [ 41.484080][ T392] uclogic 0003:5543:0522.0004: global environment stack underflow [ 41.491941][ T392] uclogic 0003:5543:0522.0004: item 0 1 1 11 parsing failed [ 41.499566][ T392] uclogic 0003:5543:0522.0004: parse failed [ 41.505426][ T392] uclogic: probe of 0003:5543:0522.0004 failed with error -22 [ 41.536632][ T422] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 41.545104][ T422] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 41.555089][ T423] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 41.565848][ T423] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 41.575391][ T422] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 41.584052][ T423] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 41.596697][ T423] usb 2-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00 [ 41.605473][ T423] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 41.613961][ T423] usb 2-1: config 0 descriptor?? [ 41.677788][ T392] usb 3-1: USB disconnect, device number 4 [ 41.766604][ T422] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 41.775497][ T422] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 41.783277][ T422] usb 1-1: Product: syz [ 41.787288][ T422] usb 1-1: Manufacturer: syz [ 41.791648][ T422] usb 1-1: SerialNumber: syz [ 41.828174][ T20] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0005/input/input8 [ 41.907627][ T20] microsoft 0003:045E:07DA.0005: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 42.086712][ T423] hid (null): report_id 210397114 is invalid [ 42.093239][ T423] kye 0003:0458:5015.0006: unknown main item tag 0x1 [ 42.099761][ T423] kye 0003:0458:5015.0006: report_id 210397114 is invalid [ 42.106716][ T423] kye 0003:0458:5015.0006: item 0 4 1 8 parsing failed [ 42.113433][ T423] kye 0003:0458:5015.0006: parse failed [ 42.118808][ T423] kye: probe of 0003:0458:5015.0006 failed with error -22 [ 42.218514][ T24] kauditd_printk_skb: 103 callbacks suppressed [ 42.218532][ T24] audit: type=1400 audit(1732151266.390:375): avc: denied { bind } for pid=675 comm="syz.2.137" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 42.230676][ T320] usb 4-1: USB disconnect, device number 2 [ 42.266647][ T422] usb 1-1: 0:2 : does not exist [ 42.279898][ T680] device pim6reg1 entered promiscuous mode [ 42.288730][ T20] usb 2-1: USB disconnect, device number 4 [ 42.365832][ T24] audit: type=1400 audit(1732151266.530:376): avc: denied { connect } for pid=687 comm="syz.4.143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 42.388391][ T24] audit: type=1400 audit(1732151266.550:377): avc: denied { shutdown } for pid=687 comm="syz.4.143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 42.468954][ T24] audit: type=1400 audit(1732151266.640:378): avc: denied { append } for pid=648 comm="syz.0.126" name="001" dev="devtmpfs" ino=155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 42.469290][ T649] usb 1-1: USB disconnect, device number 3 [ 42.706576][ T5] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 42.752832][ T24] audit: type=1326 audit(1732151266.920:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=697 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7c3ddf819 code=0x7ffc0000 [ 42.775876][ T24] audit: type=1326 audit(1732151266.920:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=697 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7c3ddf819 code=0x7ffc0000 [ 42.803232][ T24] audit: type=1326 audit(1732151266.920:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=697 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=161 compat=0 ip=0x7fd7c3ddf819 code=0x7ffc0000 [ 42.836725][ T702] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 42.847497][ T702] F2FS-fs (loop3): Unable to read 1th superblock [ 42.849522][ T24] audit: type=1326 audit(1732151266.920:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=697 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7c3ddf819 code=0x7ffc0000 [ 42.876934][ T702] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 42.877314][ T24] audit: type=1326 audit(1732151266.920:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=697 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7c3ddf819 code=0x7ffc0000 [ 42.887995][ T702] F2FS-fs (loop3): Unable to read 2th superblock [ 42.910612][ T24] audit: type=1400 audit(1732151267.000:384): avc: denied { create } for pid=701 comm="syz.1.148" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 42.977228][ T5] usb 5-1: Using ep0 maxpacket: 16 [ 43.067997][ T717] device sit0 entered promiscuous mode [ 43.081961][ T297] ------------[ cut here ]------------ [ 43.087830][ T717] device vlan2 entered promiscuous mode [ 43.098254][ T5] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 43.108979][ T297] WARNING: CPU: 0 PID: 297 at fs/inode.c:304 drop_nlink+0xc1/0x110 [ 43.116910][ T717] device sit0 left promiscuous mode [ 43.126645][ T5] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 43.136347][ T297] Modules linked in: [ 43.142370][ T297] CPU: 0 PID: 297 Comm: syz-executor Not tainted 5.10.226-syzkaller-00001-g6a01908517df #0 [ 43.152682][ T5] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 43.172053][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 43.183814][ T5] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 43.192953][ T297] RIP: 0010:drop_nlink+0xc1/0x110 [ 43.206578][ T5] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 43.214398][ T297] Code: 1e 48 8d bb b8 04 00 00 be 08 00 00 00 e8 a7 cc f0 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 8f 2f b3 ff <0f> 0b eb 88 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c [ 43.246262][ T297] RSP: 0018:ffffc90000bb7cc0 EFLAGS: 00010293 [ 43.252245][ T692] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 43.259092][ T297] RAX: ffffffff81b77d61 RBX: 0000000000000000 RCX: ffff88810adf93c0 [ 43.267022][ T297] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 43.274827][ T297] RBP: ffffc90000bb7ce8 R08: ffffffff81b77ce4 R09: 0000000000000003 [ 43.282821][ T297] R10: fffff52000176f88 R11: dffffc0000000001 R12: dffffc0000000000 [ 43.291061][ T5] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 43.306548][ T297] R13: 1ffff11024d6b511 R14: ffff888126b5a840 R15: ffff888126b5a888 [ 43.314767][ T5] cdc_acm 5-1:1.0: ttyACM0: USB ACM device [ 43.320516][ T297] FS: 000055558c50a500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 43.329355][ T297] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 43.335675][ T297] CR2: 00007f64ca204f98 CR3: 000000010b819000 CR4: 00000000003506b0 [ 43.353635][ T297] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 43.361490][ T297] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 43.376537][ T297] Call Trace: [ 43.379674][ T297] ? show_regs+0x58/0x60 [ 43.383718][ T297] ? __warn+0x160/0x2f0 [ 43.387875][ T297] ? drop_nlink+0xc1/0x110 [ 43.392429][ T297] ? report_bug+0x3d9/0x5b0 [ 43.396762][ T297] ? drop_nlink+0xc1/0x110 [ 43.400991][ T297] ? handle_bug+0x41/0x70 [ 43.406596][ T297] ? exc_invalid_op+0x1b/0x50 [ 43.411088][ T297] ? asm_exc_invalid_op+0x12/0x20 [ 43.415980][ T297] ? drop_nlink+0x44/0x110 [ 43.420231][ T297] ? drop_nlink+0xc1/0x110 [ 43.424459][ T297] ? drop_nlink+0xc1/0x110 [ 43.428764][ T297] shmem_rmdir+0x59/0x90 [ 43.432781][ T297] vfs_rmdir+0x2b7/0x3f0 [ 43.436907][ T297] incfs_kill_sb+0x108/0x220 [ 43.441325][ T297] deactivate_locked_super+0xad/0x110 [ 43.446491][ T297] deactivate_super+0xbe/0xf0 [ 43.451053][ T297] cleanup_mnt+0x45c/0x510 [ 43.455292][ T297] __cleanup_mnt+0x19/0x20 [ 43.459555][ T297] task_work_run+0x129/0x190 [ 43.463942][ T297] exit_to_user_mode_loop+0xbf/0xd0 [ 43.476561][ T297] syscall_exit_to_user_mode+0xa2/0x1a0 [ 43.486315][ T297] do_syscall_64+0x40/0x70 [ 43.492665][ T297] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 43.500354][ T5] usb 5-1: USB disconnect, device number 4 [ 43.508715][ T297] RIP: 0033:0x7fd7c3de0b47 [ 43.513314][ T297] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 43.532980][ T297] RSP: 002b:00007ffd470ae338 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 43.541332][ T297] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd7c3de0b47 [ 43.556642][ T297] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd470ae3f0 [ 43.564528][ T297] RBP: 00007ffd470ae3f0 R08: 0000000000000000 R09: 0000000000000000 [ 43.576566][ T297] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd470af470 [ 43.587686][ T297] R13: 00007fd7c3e525fc R14: 000000000000a821 R15: 00007ffd470af4b0 [ 43.598393][ T297] ---[ end trace 5aa9ee8b96c9e6bf ]--- [ 43.603849][ T297] ================================================================== [ 43.611718][ T297] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60 [ 43.617787][ T297] Write of size 4 at addr 0000000000000170 by task syz-executor/297 [ 43.625590][ T297] [ 43.627770][ T297] CPU: 0 PID: 297 Comm: syz-executor Tainted: G W 5.10.226-syzkaller-00001-g6a01908517df #0 [ 43.638961][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 43.648852][ T297] Call Trace: [ 43.651988][ T297] dump_stack_lvl+0x1e2/0x24b [ 43.656503][ T297] ? panic+0x812/0x812 [ 43.662275][ T297] ? bfq_pos_tree_add_move+0x43b/0x43b [ 43.667565][ T297] ? __kasan_check_write+0x14/0x20 [ 43.672502][ T297] ? _raw_spin_lock+0xa4/0x1b0 [ 43.677100][ T297] ? _raw_spin_trylock_bh+0x190/0x190 [ 43.682306][ T297] kasan_report+0x167/0x1c0 [ 43.686646][ T297] ? ihold+0x20/0x60 [ 43.690381][ T297] ? ihold+0x20/0x60 [ 43.694256][ T297] kasan_check_range+0x293/0x2a0 [ 43.699025][ T297] __kasan_check_write+0x14/0x20 [ 43.703806][ T297] ihold+0x20/0x60 [ 43.707361][ T297] vfs_rmdir+0x200/0x3f0 [ 43.711434][ T297] incfs_kill_sb+0x108/0x220 [ 43.715864][ T297] deactivate_locked_super+0xad/0x110 [ 43.721072][ T297] deactivate_super+0xbe/0xf0 [ 43.725580][ T297] cleanup_mnt+0x45c/0x510 [ 43.729834][ T297] __cleanup_mnt+0x19/0x20 [ 43.734082][ T297] task_work_run+0x129/0x190 [ 43.738512][ T297] exit_to_user_mode_loop+0xbf/0xd0 [ 43.743546][ T297] syscall_exit_to_user_mode+0xa2/0x1a0 [ 43.748927][ T297] do_syscall_64+0x40/0x70 [ 43.753178][ T297] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 43.758906][ T297] RIP: 0033:0x7fd7c3de0b47 [ 43.763159][ T297] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 43.782597][ T297] RSP: 002b:00007ffd470ae338 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 43.790845][ T297] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd7c3de0b47 [ 43.798655][ T297] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd470ae3f0 [ 43.806464][ T297] RBP: 00007ffd470ae3f0 R08: 0000000000000000 R09: 0000000000000000 [ 43.814278][ T297] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd470af470 [ 43.822088][ T297] R13: 00007fd7c3e525fc R14: 000000000000a821 R15: 00007ffd470af4b0 [ 43.829899][ T297] ================================================================== [ 43.837793][ T297] Disabling lock debugging due to kernel taint [ 43.845829][ T297] BUG: kernel NULL pointer dereference, address: 0000000000000170 [ 43.853434][ T297] #PF: supervisor write access in kernel mode [ 43.859334][ T297] #PF: error_code(0x0002) - not-present page [ 43.865147][ T297] PGD 10f24f067 P4D 10f24f067 PUD 0 [ 43.870271][ T297] Oops: 0002 [#1] PREEMPT SMP KASAN [ 43.875309][ T297] CPU: 1 PID: 297 Comm: syz-executor Tainted: G B W 5.10.226-syzkaller-00001-g6a01908517df #0 [ 43.888081][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 43.897984][ T297] RIP: 0010:ihold+0x25/0x60 [ 43.902314][ T297] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 a1 27 b3 ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 90 c4 f0 ff bb 01 00 00 00 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 24 2b b3 [ 43.921760][ T297] RSP: 0018:ffffc90000bb7d00 EFLAGS: 00010246 [ 43.927657][ T297] RAX: ffff88810adf9300 RBX: 0000000000000001 RCX: ffff88810adf93c0 [ 43.935465][ T297] RDX: 0000000000000000 RSI: 0000000000000286 RDI: 00000000ffffffff [ 43.943284][ T297] RBP: ffffc90000bb7d10 R08: ffffffff813e2a7b R09: 0000000000000003 [ 43.951090][ T297] R10: fffffbfff0e10e48 R11: dffffc0000000001 R12: dffffc0000000000 [ 43.958899][ T297] R13: ffff88811bc83660 R14: 0000000000000000 R15: 0000000000000000 [ 43.966713][ T297] FS: 000055558c50a500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 43.975477][ T297] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 43.981899][ T297] CR2: 0000000000000170 CR3: 000000010b819000 CR4: 00000000003506a0 [ 43.989715][ T297] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 43.997523][ T297] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 44.005330][ T297] Call Trace: [ 44.008467][ T297] ? __die_body+0x62/0xb0 [ 44.012628][ T297] ? __die+0x7e/0x90 [ 44.016379][ T297] ? no_context+0x9f9/0xd20 [ 44.020703][ T297] ? is_prefetch+0x5c0/0x5c0 [ 44.025126][ T297] ? preempt_schedule+0xd9/0xe0 [ 44.029815][ T297] ? __kasan_check_read+0x11/0x20 [ 44.034674][ T297] ? preempt_schedule_common+0xbe/0xf0 [ 44.039966][ T297] ? preempt_schedule+0xd9/0xe0 [ 44.044653][ T297] ? schedule_preempt_disabled+0x20/0x20 [ 44.050123][ T297] ? sysvec_apic_timer_interrupt+0xcb/0xe0 [ 44.055763][ T297] ? __bad_area_nosemaphore+0xc4/0x430 [ 44.061057][ T297] ? bad_area_nosemaphore+0x2d/0x40 [ 44.066095][ T297] ? exc_page_fault+0x3df/0x5b0 [ 44.070779][ T297] ? asm_exc_page_fault+0x1e/0x30 [ 44.075639][ T297] ? check_panic_on_warn+0x5b/0xb0 [ 44.080592][ T297] ? ihold+0x25/0x60 [ 44.084318][ T297] vfs_rmdir+0x200/0x3f0 [ 44.088399][ T297] incfs_kill_sb+0x108/0x220 [ 44.092826][ T297] deactivate_locked_super+0xad/0x110 [ 44.098032][ T297] deactivate_super+0xbe/0xf0 [ 44.102544][ T297] cleanup_mnt+0x45c/0x510 [ 44.106797][ T297] __cleanup_mnt+0x19/0x20 [ 44.111051][ T297] task_work_run+0x129/0x190 [ 44.115478][ T297] exit_to_user_mode_loop+0xbf/0xd0 [ 44.120527][ T297] syscall_exit_to_user_mode+0xa2/0x1a0 [ 44.125892][ T297] do_syscall_64+0x40/0x70 [ 44.130148][ T297] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 44.135873][ T297] RIP: 0033:0x7fd7c3de0b47 [ 44.140128][ T297] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 44.159569][ T297] RSP: 002b:00007ffd470ae338 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 44.167810][ T297] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd7c3de0b47 [ 44.175623][ T297] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd470ae3f0 [ 44.183434][ T297] RBP: 00007ffd470ae3f0 R08: 0000000000000000 R09: 0000000000000000 [ 44.191246][ T297] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd470af470 [ 44.199054][ T297] R13: 00007fd7c3e525fc R14: 000000000000a821 R15: 00007ffd470af4b0 [ 44.206869][ T297] Modules linked in: [ 44.210610][ T297] CR2: 0000000000000170 [ 44.214604][ T297] ---[ end trace 5aa9ee8b96c9e6c0 ]--- [ 44.219898][ T297] RIP: 0010:ihold+0x25/0x60 [ 44.224226][ T297] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 a1 27 b3 ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 90 c4 f0 ff bb 01 00 00 00 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 24 2b b3 [ 44.243677][ T297] RSP: 0018:ffffc90000bb7d00 EFLAGS: 00010246 [ 44.249570][ T297] RAX: ffff88810adf9300 RBX: 0000000000000001 RCX: ffff88810adf93c0 [ 44.257379][ T297] RDX: 0000000000000000 RSI: 0000000000000286 RDI: 00000000ffffffff [ 44.266941][ T297] RBP: ffffc90000bb7d10 R08: ffffffff813e2a7b R09: 0000000000000003 [ 44.274739][ T297] R10: fffffbfff0e10e48 R11: dffffc0000000001 R12: dffffc0000000000 [ 44.282549][ T297] R13: ffff88811bc83660 R14: 0000000000000000 R15: 0000000000000000 [ 44.290361][ T297] FS: 000055558c50a500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 44.299125][ T297] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.305549][ T297] CR2: 0000000000000170 CR3: 000000010b819000 CR4: 00000000003506a0 [ 44.313484][ T297] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 44.321285][ T297] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 44.329097][ T297] Kernel panic - not syncing: Fatal exception [ 44.335059][ T297] Kernel Offset: disabled [ 44.339163][ T297] Rebooting in 86400 seconds..