last executing test programs: 170.318135ms ago: executing program 1 (id=2): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x4, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000003e80)=[{{0x0, 0x0, &(0x7f0000000f80)=[{&(0x7f0000000380)="a513f304aa20647413573091b4f17209e1aacacdf7a4c66bc95779", 0x1b}, {&(0x7f00000003c0)="a3aadf27d4097562d3e93c7e20a8dd978df98287d4a172e11f49093373c5b28c6487649b74a293dbe4be1f54f28afdf351893ce556a63f078aaa9b3723fc14ff02fe4c6f8875b962e747d545b50d69d4d8382d38b7952c5d522d40de406130bfc632259fc97f4fb6d4c4533e6ffa23257c7fd920f1c168301058b10b356c6fe09ff602d0de9dcdff42a18cff07bd1094629f8cc65b8654d8bf93c8683f060aca5a6df65f7b19760b73d9", 0xaa}], 0x2}}, {{0x0, 0x0, &(0x7f0000002800)=[{&(0x7f00000014c0)="cd5927a8b2a00ee8cc111509a5dcf0343c2c5b667c514bb3055b96ebda11b4c8308aef587ef82686dc7f027c402a00582f1b338d80160b21beef66b139a7061ff65ea9c6ed4de3c272fcce0b257c322f54ca01000000bb318d29a96c5035fd713f02f959dc5e55bd518d2ce967008eb6db0a89b4129c5b692bff14aeaa783a3cb22eb1004d87c97e8c8c587adeff394c43b74f5ba5ce66df35b3f4e7d9d7cbc36a20ec75e5dc96701ef447ee3160e70ad13117e96c171be8f0ba442afef0d073a33d7eb218dbb9c065f38a22096306c1e1c7a8268d7373f2f6ca476174e543a37052c6e08007c7afd75fabaf6645dfaad713688d9af3e70e752f3698b8cd0d75efd5eb50f5c4ef48aa62b641104abb1ce0e8ebcea9485d77bb9b523a47f1de80c1456f62e1387435d3f41d2d6c9e04c1f51401aa6b5204972b93c5783233a1002a1c0d9680", 0x145}], 0x1}}, {{0x0, 0x0, &(0x7f0000003d40)=[{&(0x7f0000002b00)="9bb6070844984ef2b734ee2b740e32647974b7cfb8150605a2c635efcbc832fa56569acc96052ed730ec4473a0af21e1f7881620a9062897d734a7dac3c85d6973f29880e626e5e231b1b4edd98b9363876048487f344b980de2c6f0806915a8bb26e264035f0a378fe6662cfd45296d1cc391c761c06d689dd572f822269ffc2625c6d2a6d4228a91b303f6b9d8b45a6a9f8c7b49ec5bc49acd786101e2308bbaee6d51d8c582fe4bfedd220cae98dc1a86cbe3b3d03636b5c1c2951d9b0f18503ac03e3f52a34b9be308d86ced9df5c42e152849ff5ad87e599f2fd3af561520a835d3222667cb80625d2058ea5dcec77b644cb4927e43838cb632b09b823885e5729f163bdc6ab9725aa575d034c67d1985e0d1ac60f597a2747c3d6d6a366b9ab1f791d0ef4196371671865ad407d3d21586847479d116ebcd97848f0d846b4995eeb5aeed68a3b391c9b3005d6ab1ba83b799a7b1fc0cfbd5f17b87636f1fb152d26fd6e587c346ec7328af785abb3c79900f200031c65c088747256aa4e7375159471d2a1acc15dd6b1ea1ffd7360414542b7a9756ecdfd603447c657c792953f5870ae3459d19713abdb0d87c65c3aadd315f937cdbfdeb424745b4e856fbc6a5d8796cf0fc9ee7825d8fbddf5f781a87a3013e4d6b6d0706b633f96772f094fac96ab13446b4332916986d918ad6b97e87b016aab1e4176aa5fb26f22aa8e6b1c1213b68854ed35873bd8ff7b8dfe29850b8ef803af5ba20b31f8156a1be352c65c5e4f94690fe2042958847db79a25b7ae2c6cda84e07aeb33e332f39a7c43122261e9eec6eb5e9edce83ea6a570bade1332e4e68d7bc60551a2af820b9c3c74f", 0x265}], 0x1}}], 0x3, 0x42054) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) syz_io_uring_setup(0x4e2a, &(0x7f0000000180)={0x0, 0x6499, 0x8000, 0x0, 0x354}, 0x0, 0x0, &(0x7f0000000000)) syz_usb_connect(0x5, 0x64, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000cb8be7406d04230807000102030109025200010000000009044000000e0100390a240108000b020102082407010500070e01000606000009000600040007000300390c2402050302060254df000a092402050001031f04092403c6d445"], 0x0) 166.273205ms ago: executing program 3 (id=4): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000080)={0x4, &(0x7f00000000c0)=[{0x6, 0x55, 0x0, 0x7fff7ffc}, {0x7, 0x4, 0x3, 0x9}, {0xcf, 0x8, 0xe4, 0x9}, {0x2, 0xd3, 0x80, 0x5}]}) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000040)=0x3b) syz_clone(0x8800311, 0x0, 0x0, 0x0, 0x0, 0x0) 156.880375ms ago: executing program 2 (id=3): r0 = socket$inet6(0xa, 0x3, 0x1003a) fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f0000000000)='\xb5\xafL\x19\xa1\x1e\xf1 \f\x05\x00\x00\x00\x00\x00\x00\x00\xa0\xf3\x92\xcd\x00\x01\xd1\x97O\x16)\xe4[\x11\x0eM\xf7_\xef\x8b\x16\xe4VKwm\vw\xd1\x85Uqse:\a\xda\xe7\xc8G~\xc6\xed)\x94\bp\xd9(\r<\v\xdaq\xc9\xfd\xe7\xf8\xee\xa8\xc9\xcfbe567\t\x99]:\xe8\xfe\x95\xcd\x81\xd4\xf8\xe6$\xb2\xba\x0fQko\xd5\x16S\xb8\xd7\x93\x8a\xfd\xaf\xa2\xb2,qQ\x18\xb5\x8e\xb2\x9e\xb2j\xc9\xa7A\x17?\x89u]|.\xbfPKn\\y\xbf\xe5x\x01gD\xb5\xa9\xae\xc9=\x92w\x9bK\xce\xca!\x0f\xd3\xf2,\x01\xd7eeA\x99\xf2exh\xcb1)J\xfcV6\x956\xff\xa3@O8\x89\xa0', 0x0, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x3, 0xc, @empty, 0xd}, 0x1c) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x33, &(0x7f0000000100)=[{&(0x7f0000000000)=',', 0x588}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 144.155516ms ago: executing program 0 (id=1): prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x5bbf91a1e7f99074, &(0x7f0000000000)) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000, &(0x7f0000000040)='%((@\x00') prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, &(0x7f0000000000)='[\xe2\x00') 75.189748ms ago: executing program 0 (id=5): r0 = syz_usb_connect$uac3(0x0, 0x80, &(0x7f0000000100)=ANY=[@ANYBLOB="1201010200000040b421810040000102030109026e0003017f0006080b0002012230230904000000010130000a2401100a00090000000904014cbcda4430000904010101010230000905010960"], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) ioctl$KVM_SET_DEBUGREGS(0xffffffffffffffff, 0x4080aea2, &(0x7f0000000080)={[0x100000, 0x60000, 0xf7f0f002, 0x5000], 0x9, 0x8, 0x6}) r1 = socket$inet6(0x10, 0x2, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000240)={0x2, &(0x7f0000000140)=[{0x48, 0x0, 0xfe, 0xffeffffe}, {0x16}]}, 0x10) sendto$inet6(r1, &(0x7f00000002c0)="1c000000120044c182668d867d3d94863449050f0c1000001049b23a", 0x5e, 0x0, 0x0, 0x0) syz_usb_control_io$uac3(r0, 0x0, &(0x7f00000002c0)={0x44, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac3(r0, 0x0, &(0x7f00000007c0)={0x44, &(0x7f0000000040)={0x40}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac3(r0, 0x0, &(0x7f0000000880)={0x44, &(0x7f0000001580)={0x20, 0xc, 0x4, "198d65a0"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac3(r0, &(0x7f0000000480)={0x14, 0x0, 0x0}, &(0x7f0000000900)={0x44, &(0x7f00000004c0)={0x40, 0xe, 0x8, "f4c15ba0e325b5e7"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 74.939968ms ago: executing program 2 (id=6): r0 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) prlimit64(0x0, 0x7, &(0x7f0000000300), 0x0) sendmmsg$unix(r2, &(0x7f0000001fc0)=[{{0x0, 0x0, &(0x7f0000000cc0)=[{&(0x7f0000000bc0)="8c", 0x1}], 0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000000c0), 0xa4}], 0x1, &(0x7f0000000280)=[@rights={{0x14, 0x1, 0x1, [r1]}}], 0x18, 0x841}}], 0x2, 0x11) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) clock_settime(0x0, &(0x7f0000000000)={0x0, 0x989680}) syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), r0) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'veth1_to_hsr\x00', 0x0}) r6 = socket$pppl2tp(0x18, 0x1, 0x1) r7 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r7, {0x2, 0x0, @dev}, 0x2}}, 0x2e) ioctl$PPPIOCGL2TPSTATS(r6, 0x80487436, 0x0) setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000040)=0xf3c, 0x4) setsockopt$packet_int(r4, 0x107, 0x14, &(0x7f0000000200)=0x10001, 0x1) sendto$packet(r4, &(0x7f0000000180)="3f031c000300140006001e0089e9aaa911d7c2290f0086dd1327c9167c64114a1b6800000cc9", 0x26, 0x0, &(0x7f0000000540)={0xc9, 0x0, r5, 0x1, 0x0, 0x6, @local}, 0x14) r8 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r8, &(0x7f0000000200)={0x28, 0x0, 0x2711, @host}, 0x10) setsockopt$SO_TIMESTAMPING(r8, 0x1, 0x41, &(0x7f0000000080)=0x480, 0x4) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000a80)=ANY=[@ANYRES16=r3, @ANYRES16=r3, @ANYBLOB="21032abd7000fedbdf250100000004000300140002800c00012b021590000300000004000180"], 0x2c}, 0x1, 0x0, 0x0, 0x24044094}, 0x40001) 74.563998ms ago: executing program 3 (id=7): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) ioctl$BLKRRPART(r0, 0x125f, 0x0) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='exfat\x00', 0x200000, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.sched_load_balance\x00', 0x2, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) futex(&(0x7f000000cffc)=0x1, 0xc, 0x1, 0x0, &(0x7f0000048000), 0x1) r3 = openat$cgroup_ro(r1, &(0x7f0000000100)='memory.stat\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xd) syz_usb_connect$uac1(0x5, 0x81, &(0x7f0000000000)=ANY=[@ANYBLOB="12011001000000086307032040000102030109026f0003010890050904000000010100000a240108000a0002010209040100000102000009040101010102000007240102020210082402212f0300230905010910"], 0x0) syz_usb_connect$uac3(0x1, 0x97, &(0x7f0000000080)=ANY=[@ANYBLOB="1201010200000010ca15061840000102030109028500030110b007080b0000012030020904000002010130000a2401090a00010400000904010000010230000904010101010230000905010900040509400a252504000000ee020009040200000102300009040201010102300006240201020606240201040c0b2402016c0306027ac8e80905820900020702020a252505000000050600"], &(0x7f0000000340)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x110, 0x9, 0x5, 0x1, 0x8, 0x8}, 0x5, &(0x7f0000000180)={0x5, 0xf, 0x5}, 0x2, [{0x4b, &(0x7f00000001c0)=@string={0x4b, 0x3, "5d2fe93ce77ca7b370117e1a52c1cddcd5e57be9fca35fecb18efdceda922ca5afcbb17daaebe9e1e41470c589d474a37efadf10f8b71709e77c2d8d8f5495a0eeaf41510ae6785dc1"}}, {0xf4, &(0x7f0000000240)=@string={0xf4, 0x3, "2f80c3103ee208f6a3af23ad80a7975e74e0f88c7e227f6b6dd79ebf568d694d16d234068f2d8b842e7ae1712a69e75b3bb6916a633abb281b8abb4db6698ba7d09756fe7367d145479397842e85f0819fc06446aa6896b7a52f9f2ee56dc9effa0b1b82592016f7c1c818d0e05cabab5b83c52aa2aaf70299240e53b6b054bd0f3624bd624ac9d9a352c733ed87cdfd9092b1884b3939fca13e66d59e842b79570e044670dcb0f1855f45d71680a947650f099a4ed9f1ee1ea2d593ec08f82c7594bca015889015d6df47c1470da7901ff214ed0fe394f24100b87226dca17e3719b1721d8792fd7f871d832ce9d4226985"}}]}) 64.013238ms ago: executing program 2 (id=8): mkdirat(0xffffffffffffff9c, &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r0 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) write$selinux_context(r0, 0x0, 0x0) write$selinux_context(r0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_FPU(r3, 0x41a0ae8d, &(0x7f0000000440)={'\x00', 0x4, 0x9, 0x99, 0x0, 0x0, 0x10000, 0x30000, '\x00', 0xc95}) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r5 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_LOOPBACK(r5, 0x65, 0x3, &(0x7f0000000000)=0xffffffed, 0x4) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, &(0x7f0000000180)=0x5e8e, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000001c0)={'vcan0\x00', 0x0}) sendmsg$can_raw(r5, &(0x7f00000003c0)={&(0x7f0000000280)={0x1d, r6}, 0x10, &(0x7f0000000380)={&(0x7f00000002c0)=@can={{0x3, 0x0, 0x1}, 0x5, 0x0, 0x0, 0x0, "e3997e3df56fe25b"}, 0x10}, 0x1, 0x0, 0x0, 0x8800}, 0x40) ioctl$sock_inet6_SIOCSIFDSTADDR(r4, 0x8918, &(0x7f0000000080)={@ipv4={'\x00', '\xff\xff', @broadcast}, 0x9, r6}) chdir(&(0x7f00000001c0)='./bus\x00') rename(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000040)='./bus\x00') 0s ago: executing program 2 (id=9): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0a41, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002}) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r2) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_PROTOINFO={0x8, 0x5, 0x0, 0x1, @CTA_PROTOINFO_TCP={0x4}}]}, 0x6c}}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000040000000374000614000600697036677265300000000000000000000800070000000000080004006431010108000500ac"], 0x40}, 0x1, 0xffffffff00000003}, 0x0) ioctl$TUNSETLINK(r0, 0x400454cd, 0x18) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = dup(r5) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0a41, 0x0) (async) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002}) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r2) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_PROTOINFO={0x8, 0x5, 0x0, 0x1, @CTA_PROTOINFO_TCP={0x4}}]}, 0x6c}}, 0x0) (async) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000040000000374000614000600697036677265300000000000000000000800070000000000080004006431010108000500ac"], 0x40}, 0x1, 0xffffffff00000003}, 0x0) (async) ioctl$TUNSETLINK(r0, 0x400454cd, 0x18) (async) socket$inet6_tcp(0xa, 0x1, 0x0) (async) dup(r5) (async) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) (async) kernel console output (not intermixed with test programs): cess permissive=1 [ 14.117306][ T36] audit: type=1400 audit(1781835594.769:63): avc: denied { siginh } for pid=232 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.27' (ED25519) to the list of known hosts. [ 21.474557][ T36] audit: type=1400 audit(1781835602.139:64): avc: denied { mounton } for pid=286 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.475649][ T286] cgroup: Unknown subsys name 'net' [ 21.497223][ T36] audit: type=1400 audit(1781835602.139:65): avc: denied { mount } for pid=286 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.524557][ T36] audit: type=1400 audit(1781835602.169:66): avc: denied { unmount } for pid=286 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.524792][ T286] cgroup: Unknown subsys name 'devices' [ 21.650882][ T286] cgroup: Unknown subsys name 'hugetlb' [ 21.656473][ T286] cgroup: Unknown subsys name 'rlimit' [ 21.748550][ T36] audit: type=1400 audit(1781835602.409:67): avc: denied { setattr } for pid=286 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.771711][ T36] audit: type=1400 audit(1781835602.409:68): avc: denied { mounton } for pid=286 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 21.796398][ T36] audit: type=1400 audit(1781835602.409:69): avc: denied { mount } for pid=286 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 21.824784][ T288] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 21.833559][ T36] audit: type=1400 audit(1781835602.499:70): avc: denied { relabelto } for pid=288 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.858989][ T36] audit: type=1400 audit(1781835602.499:71): avc: denied { write } for pid=288 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.887863][ T36] audit: type=1400 audit(1781835602.549:72): avc: denied { read } for pid=286 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.913422][ T36] audit: type=1400 audit(1781835602.549:73): avc: denied { open } for pid=286 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.913772][ T286] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.735972][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.743040][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.750247][ T293] bridge_slave_0: entered allmulticast mode [ 22.756443][ T293] bridge_slave_0: entered promiscuous mode [ 22.763656][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.770818][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.777869][ T294] bridge_slave_0: entered allmulticast mode [ 22.784155][ T294] bridge_slave_0: entered promiscuous mode [ 22.793295][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.800526][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.807571][ T294] bridge_slave_1: entered allmulticast mode [ 22.813800][ T294] bridge_slave_1: entered promiscuous mode [ 22.826950][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.834217][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.841347][ T293] bridge_slave_1: entered allmulticast mode [ 22.847508][ T293] bridge_slave_1: entered promiscuous mode [ 22.860496][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.867533][ T295] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.874635][ T295] bridge_slave_0: entered allmulticast mode [ 22.880882][ T295] bridge_slave_0: entered promiscuous mode [ 22.909269][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.916318][ T295] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.923421][ T295] bridge_slave_1: entered allmulticast mode [ 22.929563][ T295] bridge_slave_1: entered promiscuous mode [ 22.989087][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.997074][ T296] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.004315][ T296] bridge_slave_0: entered allmulticast mode [ 23.010558][ T296] bridge_slave_0: entered promiscuous mode [ 23.030810][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.037852][ T296] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.044970][ T296] bridge_slave_1: entered allmulticast mode [ 23.051162][ T296] bridge_slave_1: entered promiscuous mode [ 23.132309][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.139369][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.146635][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.153668][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.175738][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.182810][ T296] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.190100][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.197121][ T296] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.206664][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.213713][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.220995][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.228015][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.248708][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.255772][ T295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.263049][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.270098][ T295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.297861][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.305272][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.312793][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.320184][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.327308][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.334916][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.342592][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.350085][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.370915][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.377954][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.385571][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.392599][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.404159][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.411209][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.421436][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.428467][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.449969][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.456992][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.464890][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.471932][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.483244][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.490293][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.500760][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.508227][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.547595][ T294] veth0_vlan: entered promiscuous mode [ 23.559865][ T296] veth0_vlan: entered promiscuous mode [ 23.579947][ T295] veth0_vlan: entered promiscuous mode [ 23.590998][ T293] veth0_vlan: entered promiscuous mode [ 23.597611][ T294] veth1_macvtap: entered promiscuous mode [ 23.611693][ T295] veth1_macvtap: entered promiscuous mode [ 23.618301][ T296] veth1_macvtap: entered promiscuous mode [ 23.639986][ T293] veth1_macvtap: entered promiscuous mode [ 23.667100][ T294] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 23.777746][ T331] exFAT-fs (rnullb0): invalid boot record signature [ 23.784448][ T331] exFAT-fs (rnullb0): failed to read boot sector [ 23.792136][ T331] exFAT-fs (rnullb0): failed to recognize exfat type [ 23.807223][ T333] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 23.866701][ T295] ------------[ cut here ]------------ [ 23.872209][ T295] WARNING: CPU: 0 PID: 295 at fs/inode.c:340 drop_nlink+0xce/0x110 [ 23.880160][ T295] Modules linked in: [ 23.884075][ T295] CPU: 0 UID: 0 PID: 295 Comm: syz-executor Not tainted syzkaller #0 471281939cd7bfdfff4c6b6074d5d68627c837ba [ 23.895712][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 23.905821][ T295] RIP: 0010:drop_nlink+0xce/0x110 [ 23.910968][ T295] Code: 04 00 00 be 08 00 00 00 e8 6f 06 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 f2 4f 95 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c [ 23.930682][ T295] RSP: 0018:ffffc9000b72fc60 EFLAGS: 00010293 [ 23.936754][ T295] RAX: ffffffff81f271be RBX: ffff88810ffc7480 RCX: ffff88812801b900 [ 23.944820][ T295] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 23.952833][ T295] RBP: ffffc9000b72fc88 R08: 0000000000000003 R09: 0000000000000004 [ 23.960861][ T295] R10: dffffc0000000000 R11: fffff520016e5f7c R12: dffffc0000000000 [ 23.968827][ T295] R13: 1ffff11021ff8e99 R14: ffff88810ffc74c8 R15: 0000000000000000 [ 23.969054][ T31] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 23.976841][ T295] FS: 000055558002b500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 23.993266][ T295] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.999123][ T45] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 23.999903][ T295] CR2: 000055558004e958 CR3: 0000000128030000 CR4: 00000000003526b0 [ 24.015304][ T295] Call Trace: [ 24.018568][ T295] [ 24.021525][ T295] shmem_rmdir+0x5f/0x90 [ 24.025775][ T295] vfs_rmdir+0x3e3/0x560 [ 24.030044][ T295] incfs_kill_sb+0x109/0x230 [ 24.034656][ T295] deactivate_locked_super+0xd5/0x2a0 [ 24.040096][ T295] deactivate_super+0xb8/0xe0 [ 24.044781][ T295] cleanup_mnt+0x406/0x4a0 [ 24.048936][ T326] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 24.049229][ T295] __cleanup_mnt+0x1d/0x40 [ 24.061068][ T295] task_work_run+0x1e5/0x260 [ 24.065651][ T295] ? __cfi_task_work_run+0x10/0x10 [ 24.070822][ T295] ? __x64_sys_umount+0x12e/0x180 [ 24.075853][ T295] ? __cfi___x64_sys_umount+0x10/0x10 [ 24.081241][ T295] resume_user_mode_work+0x35/0x50 [ 24.086353][ T295] syscall_exit_to_user_mode+0x63/0xb0 [ 24.091837][ T295] do_syscall_64+0x63/0xf0 [ 24.096256][ T295] ? clear_bhb_loop+0x50/0xa0 [ 24.100955][ T295] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 24.106852][ T295] RIP: 0033:0x7f6a9319e097 [ 24.111285][ T295] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 24.130034][ T31] usb 2-1: config 0 has an invalid interface number: 64 but max is 0 [ 24.130966][ T295] RSP: 002b:00007ffed059dd98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 24.139788][ T31] usb 2-1: config 0 has no interface number 0 [ 24.147392][ T295] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f6a9319e097 [ 24.147409][ T295] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffed059de50 [ 24.147422][ T295] RBP: 00007ffed059de50 R08: 00007ffed059ee50 R09: 00000000ffffffff [ 24.155607][ T31] usb 2-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07 [ 24.161472][ T295] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffed059eee0 [ 24.161489][ T295] R13: 00007f6a932322ca R14: 0000000000005d07 R15: 00007ffed059ef20 [ 24.161504][ T295] [ 24.161510][ T295] ---[ end trace 0000000000000000 ]--- [ 24.163081][ T295] ================================================================== [ 24.169843][ T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 24.177457][ T295] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70 [ 24.177487][ T295] Write of size 4 at addr 0000000000000168 by task syz-executor/295 [ 24.186958][ T31] usb 2-1: Product: syz [ 24.194446][ T295] [ 24.194458][ T295] CPU: 0 UID: 0 PID: 295 Comm: syz-executor Tainted: G W syzkaller #0 471281939cd7bfdfff4c6b6074d5d68627c837ba [ 24.194485][ T295] Tainted: [W]=WARN [ 24.194491][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 24.194500][ T295] Call Trace: [ 24.194506][ T295] [ 24.194519][ T295] __dump_stack+0x21/0x30 [ 24.194549][ T295] dump_stack_lvl+0x140/0x1c0 [ 24.194571][ T295] ? __cfi_dump_stack_lvl+0x10/0x10 [ 24.194597][ T295] print_report+0x3d/0x70 [ 24.194619][ T295] kasan_report+0x162/0x1a0 [ 24.194643][ T295] ? ihold+0x24/0x70 [ 24.194664][ T295] ? _raw_spin_unlock+0x45/0x60 [ 24.194687][ T295] ? ihold+0x24/0x70 [ 24.194706][ T295] kasan_check_range+0x25a/0x2b0 [ 24.194728][ T295] __kasan_check_write+0x18/0x20 [ 24.194745][ T295] ihold+0x24/0x70 [ 24.194764][ T295] vfs_rmdir+0x26a/0x560 [ 24.194787][ T295] incfs_kill_sb+0x109/0x230 [ 24.194806][ T295] deactivate_locked_super+0xd5/0x2a0 [ 24.194830][ T295] deactivate_super+0xb8/0xe0 [ 24.194853][ T295] cleanup_mnt+0x406/0x4a0 [ 24.194874][ T295] __cleanup_mnt+0x1d/0x40 [ 24.194894][ T295] task_work_run+0x1e5/0x260 [ 24.194916][ T295] ? __cfi_task_work_run+0x10/0x10 [ 24.194937][ T295] ? __x64_sys_umount+0x12e/0x180 [ 24.194954][ T295] ? __cfi___x64_sys_umount+0x10/0x10 [ 24.194971][ T295] resume_user_mode_work+0x35/0x50 [ 24.194988][ T295] syscall_exit_to_user_mode+0x63/0xb0 [ 24.195009][ T295] do_syscall_64+0x63/0xf0 [ 24.195031][ T295] ? clear_bhb_loop+0x50/0xa0 [ 24.195049][ T295] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 24.195075][ T295] RIP: 0033:0x7f6a9319e097 [ 24.195091][ T295] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 24.195105][ T295] RSP: 002b:00007ffed059dd98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 24.195124][ T295] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f6a9319e097 [ 24.195136][ T295] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffed059de50 [ 24.195147][ T295] RBP: 00007ffed059de50 R08: 00007ffed059ee50 R09: 00000000ffffffff [ 24.195160][ T295] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffed059eee0 [ 24.195171][ T295] R13: 00007f6a932322ca R14: 0000000000005d07 R15: 00007ffed059ef20 [ 24.195186][ T295] [ 24.195193][ T295] ================================================================== [ 24.202811][ T326] usb 4-1: Using ep0 maxpacket: 8 [ 24.206724][ T295] Disabling lock debugging due to kernel taint [ 24.212629][ T45] usb 1-1: unable to get BOS descriptor or descriptor too short [ 24.219596][ T295] BUG: kernel NULL pointer dereference, address: 0000000000000168 [ 24.228254][ T45] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 24.233265][ T295] #PF: supervisor write access in kernel mode [ 24.233277][ T295] #PF: error_code(0x0002) - not-present page [ 24.233287][ T295] PGD 8000000132bfb067 P4D 8000000132bfb067 PUD 0 [ 24.233310][ T295] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI [ 24.233328][ T295] CPU: 0 UID: 0 PID: 295 Comm: syz-executor Tainted: G B W syzkaller #0 471281939cd7bfdfff4c6b6074d5d68627c837ba [ 24.233357][ T295] Tainted: [B]=BAD_PAGE, [W]=WARN [ 24.243469][ T326] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 24.245435][ T295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 24.247758][ T326] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 24.260827][ T295] RIP: 0010:ihold+0x2a/0x70 [ 24.260859][ T295] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 dd 46 95 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 2c fd ed ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 ed [ 24.260872][ T295] RSP: 0018:ffffc9000b72fca0 EFLAGS: 00010246 [ 24.260888][ T295] RAX: ffff88812801b900 RBX: 0000000000000000 RCX: ffff88812801b900 [ 24.260900][ T295] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 24.260910][ T295] RBP: ffffc9000b72fcb0 R08: ffffffff88bbe947 R09: 1ffffffff1177d28 [ 24.260922][ T295] R10: dffffc0000000000 R11: fffffbfff1177d29 R12: ffff88810ffc748c [ 24.265495][ T45] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 24.274741][ T295] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 24.274758][ T295] FS: 000055558002b500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 24.274772][ T295] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.274783][ T295] CR2: 0000000000000168 CR3: 0000000128030000 CR4: 00000000003526b0 [ 24.274798][ T295] Call Trace: [ 24.274804][ T295] [ 24.274813][ T295] vfs_rmdir+0x26a/0x560 [ 24.278746][ T31] usb 2-1: Manufacturer: syz [ 24.281012][ T295] incfs_kill_sb+0x109/0x230 [ 24.281036][ T295] deactivate_locked_super+0xd5/0x2a0 [ 24.281061][ T295] deactivate_super+0xb8/0xe0 [ 24.281083][ T295] cleanup_mnt+0x406/0x4a0 [ 24.285528][ T31] usb 2-1: SerialNumber: syz [ 24.290035][ T295] __cleanup_mnt+0x1d/0x40 [ 24.290057][ T295] task_work_run+0x1e5/0x260 [ 24.290080][ T295] ? __cfi_task_work_run+0x10/0x10 [ 24.295722][ T326] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 24.299550][ T295] ? __x64_sys_umount+0x12e/0x180 [ 24.299574][ T295] ? __cfi___x64_sys_umount+0x10/0x10 [ 24.299591][ T295] resume_user_mode_work+0x35/0x50 [ 24.305595][ T31] usb 2-1: config 0 descriptor?? [ 24.307935][ T295] syscall_exit_to_user_mode+0x63/0xb0 [ 24.313091][ T45] usb 1-1: too many endpoints for config 1 interface 1 altsetting 76: 188, using maximum allowed: 30 [ 24.316646][ T295] do_syscall_64+0x63/0xf0 [ 24.316674][ T295] ? clear_bhb_loop+0x50/0xa0 [ 24.316692][ T295] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 24.322373][ T45] usb 1-1: config 1 interface 1 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188 [ 24.326522][ T295] RIP: 0033:0x7f6a9319e097 [ 24.326543][ T295] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 24.326557][ T295] RSP: 002b:00007ffed059dd98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 24.326577][ T295] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f6a9319e097 [ 24.331232][ T326] usb 4-1: New USB device found, idVendor=0763, idProduct=2003, bcdDevice= 0.40 [ 24.334490][ T295] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffed059de50 [ 24.334512][ T295] RBP: 00007ffed059de50 R08: 00007ffed059ee50 R09: 00000000ffffffff [ 24.334524][ T295] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffed059eee0 [ 24.339607][ T326] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 24.344433][ T295] R13: 00007f6a932322ca R14: 0000000000005d07 R15: 00007ffed059ef20 [ 24.344452][ T295] [ 24.344459][ T295] Modules linked in: [ 24.349539][ T45] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 24.353544][ T295] CR2: 0000000000000168 [ 24.357947][ T45] usb 1-1: config 1 interface 1 has no altsetting 0 [ 24.362499][ T295] ---[ end trace 0000000000000000 ]--- [ 24.362508][ T295] RIP: 0010:ihold+0x2a/0x70 [ 24.362535][ T295] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 dd 46 95 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 2c fd ed ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 ed [ 24.362549][ T295] RSP: 0018:ffffc9000b72fca0 EFLAGS: 00010246 [ 24.362566][ T295] RAX: ffff88812801b900 RBX: 0000000000000000 RCX: ffff88812801b900 [ 24.362579][ T295] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 24.362590][ T295] RBP: ffffc9000b72fcb0 R08: ffffffff88bbe947 R09: 1ffffffff1177d28 [ 24.362604][ T295] R10: dffffc0000000000 R11: fffffbfff1177d29 R12: ffff88810ffc748c [ 24.362618][ T295] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 24.368007][ T326] usb 4-1: Product: syz [ 24.372698][ T295] FS: 000055558002b500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 24.372716][ T295] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.372730][ T295] CR2: 0000000000000168 CR3: 0000000128030000 CR4: 00000000003526b0 [ 24.378970][ T326] usb 4-1: Manufacturer: syz [ 24.383164][ T295] Kernel panic - not syncing: Fatal exception [ 24.388835][ T295] Kernel Offset: disabled