last executing test programs: 1.53719956s ago: executing program 3 (id=123): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'sit0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x6}, {0xfff1, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0xfffffffb}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0xfffffffa}, @TCA_RATE={0x6, 0x5, {0x6, 0x7}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4024}, 0x0) 1.497592581s ago: executing program 3 (id=126): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) read(r0, &(0x7f0000000240)=""/179, 0xb3) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_submit(r2, 0x2000000000000326, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f00000001c0)='m', 0xfffffdfc}]) 1.439251312s ago: executing program 4 (id=131): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000280)='kfree\x00', r0}, 0x18) r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0) write$selinux_access(r1, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374656d5f683a6f626a6563745f723a6c645f736f5f7420704a122f7362696e2f6468636c69656e742030"], 0x41) 1.412495873s ago: executing program 4 (id=133): r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macsec0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x1, 0x10, 0x25dfdbff, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_PORT={0x6, 0x2, 0x1, 0x0, 0x4e20}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 1.402631853s ago: executing program 4 (id=134): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = userfaultfd(0x80001) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x27c}) 1.344626234s ago: executing program 4 (id=137): pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x3) splice(r1, 0x0, r0, 0x0, 0x406f413, 0x0) 1.329526684s ago: executing program 4 (id=138): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f00000055c0), 0x400023c, 0x300, 0x0) shutdown(r0, 0x0) 712.248276ms ago: executing program 2 (id=164): sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x44) r0 = socket$key(0xf, 0x3, 0x2) recvmmsg(r0, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400}) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) 650.080178ms ago: executing program 2 (id=167): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001580)=ANY=[@ANYBLOB="0500000001000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x47, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000010000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x4cf68d79c8eac253, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 615.357469ms ago: executing program 2 (id=168): r0 = open(&(0x7f00009e1000)='./file0\x00', 0x149040, 0x10) fcntl$setlease(r0, 0x400, 0x0) fcntl$setown(r0, 0x8, 0x0) fcntl$setlease(r0, 0x400, 0x2) 592.547329ms ago: executing program 3 (id=169): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20f42, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'nr0\x00', 0x6132}) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd"], 0xfdef) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfe3a) 574.635769ms ago: executing program 2 (id=171): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6}]}) 501.30879ms ago: executing program 3 (id=174): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000480)='fd/3\x00') io_setup(0x9, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x7, 0x8, r0, 0x0}]) 483.278441ms ago: executing program 4 (id=176): r0 = getpgrp(0x0) r1 = syz_pidfd_open(r0, 0x0) process_madvise(r1, &(0x7f0000000100)=[{0x0}, {0x0}], 0x2, 0x4, 0x0) syz_usb_connect$uac1(0x2, 0xc2, &(0x7f0000000200)=ANY=[@ANYBLOB="12010003090000406b1d01014000010203010902b00003010e10040904000000010100000a24010100050201020c24070510b5c6a1cfd29608090401000001020000090401010101020000072401090600000c240201fe02090404d875b1082402011004060c0905010910005209060725010008ff01090402000001020000090402010101020000072401010801000d24020104020501ceb739b26b0724012b8a05000724010900071008240201000208a209058209fc"], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0}) 453.915001ms ago: executing program 0 (id=178): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000000009e"]) 400.871462ms ago: executing program 3 (id=179): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x800000000003) ioctl$KVM_CAP_HYPERV_DIRECT_TLBFLUSH(r2, 0x4068aea3, &(0x7f0000000400)) 352.387444ms ago: executing program 0 (id=181): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x1}, 0x1c) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000005300)=[{0x28, 0x0, 0xfb, 0xfffff034}, {0x80000006, 0x66}]}, 0x10) syz_emit_ethernet(0x4e, &(0x7f0000007880)={@multicast, @remote, @val={@void, {0x8100, 0x4, 0x1, 0x3}}, {@ipv6={0x86dd, @tcp={0x1, 0x6, "3af199", 0x14, 0x6, 0x1, @empty, @dev={0xfe, 0x80, '\x00', 0x2c}, {[], {{0x4e20, 0x4e21, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x20, 0x0, 0x0, 0x3}}}}}}}, 0x0) 347.258624ms ago: executing program 1 (id=182): bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x18) geteuid() 333.083734ms ago: executing program 1 (id=183): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000014c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000702000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe000000008500000053000000b7000000000000009500001000000000a80501363034fdb117168bd07ba00af739d1a1ee35fe163a255c33282044b32495ef8ab9adc67ccc945f105d802f5132143c0a9fc7a84452569957c1002ed7d4d8e17f791f4798c8eb483e9973320d046c3126c6afcfd84de03352c69b3edff5be26f8ffa5f8f2879021c2ea53ea79acd7fb38dd1abb75aa393cea26d465637d11f705000000473e7b7c4ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a057844f226ef4e912f01a201e694e3806e8c70e8b69524cd19f7525d8d66bb766f7f3f918c86a70252236800001897133af94a5a4cfc794d8b9d7c33632152c48eaf302f0b2e0c252b00000000000000006f1bbefbe08de65e3762e194ba4cae8b13535d7d11ee917bca4885bbf597a14ab2458efce78510d86272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36bed435000025ecd201d2ffb0a7fa4f5d11060cdcf071defd0a8be3b69ce3e4f361aca75827426dde87fdf4617222674280f55e98107450c19b9d86329bd5b4697336112b0b8754ce3574046bf6114d1a88597850b77378fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f3faf37ebdfccea0c002ad2b42047c9ec43193ccf617dbf8a12b4f189edbf9fb7c42b1f435ccd4d96822e6b70100912c92e3943e9c4f45d8bcd528fa8a3ea847f10e9b2506f3bb506f1d7fbde8010000000000a073d0de5538ab42e170b3baae34c35987b0dda497ac3f5e97e6e6aeea15c6d5ed24310100000003bb6030f84b63aaf8690db0221b1705c501f802ff59b4e683efa4b6e77e042072bd2ac37d413008ec9eb8166f6e28b49a77ed91befc65315896f88a8fb1dd679fb4c515f8b7a5b7aca6a251a89d47b728502f7e621cc0e3ba04000000c149ee6601728c750d304197c22da8650579475afd96187d881e93b42a5fdfd686d8900c44c67133dad58037fda65885a15a429edfe3027a5ebf95254744f10fd607bc3300b94932b8d944e0b083bbd86b19cb074577a25ff581d92af08a06f857310a2f14326b0b290205e91a682e00c8762cbc6b904c980eef6e6a1def886c95676dce6a8194479700a02b92bdc8d05eae1f24fdd7b80d1bb404c22f681594de2ebb9687219de8d73ac83823feb402a2415a9850d5f0183ec67be96dc0e4c2d7acf1dfe79d6771903b76e21190c22d641030e1ddacf006c3116e1803af20a5f2b5f7ba58aca5bcabbbab24414a3810788e5503e4be66d683daac5f0001000077339b4200000000108a3c87b19d5b9a00c75d84a92d6dcf00ba96edf35ede0e2b57c26e94801b498924166bde57d5f24258d9fd028096cc15a8b912b494d4bbe609031ea1ca65a548971d5d16296dd08e020000007a27310d5d01f8a8a0f5212d7f628f554afea715ccbc66cbb1016490f5d579308cb3188cf2fcaf67e0c16443d526ba4b968f07ae362c2133c168313e84beb871203880dd453c45d0a137d7f5a8b039dbfa62fb2b4214f8e69f967bf1fbd89e77fcca110000000800000000000000f8877994ebdc35f7efd41e3babd9b3782edd6776d5b6cb4ecd72c9de9b5503747d71440378cf2c2c7ea2dc5febb654a867f853713cf4c0bb322fbbe446d18dee4c821275ef18259cafc346c8b3b9fb0f3adcf6ea310a6b9a3f59e29a5909ea047fb61affb4bc8bbea1fb761b8933795b1a91358a7791aa843d07020e8bb6fc18458c49ac6313e7165b7d9f65e94a62b69f1011b94340cdb7303f01e5cdb5682ddf73d65c3de1d88dd7496d6345d5b9de0223988056a53e19a8b96b9640bc6c09d3c2ff894d626b57c776ed53f94d5e22ff148061b37f72bd92924cb1d0a725e19b264346b7cae0251a850de78316503f3c3d395c7e3f04fc8d52583327cd2341ce4b2d092815376299686f41353b2823814563011a2223b9dd00000000000000000000003a131374a3371cb3e2a9bb4d798b91cefa444501f40b7c9589e8c0bb6c82123d2b45ce905d0903b32ecf30e828c71a07a83f3275f3d661d1af0ffbd5d7f0"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r0, 0xfeffff, 0x380, 0x3f000002, &(0x7f0000000700)="c45c57ce395de5b289f07d637a223920f181c2e57d71483cfb2d075a3ff07258e080a194805cdb0c26d3f7ffb1e0d9cf4fa36dcb2168b72de48ac8f93e6804f1c4d70898d0810e044d7e1778eaac5dfdcc9f1208905522025bcfdf1b6f969b094d5c022c2b7ffefde71e0627b9a2069cc1e0175c4b8860aad4b0a103c589f676b6c4e85eb3950c533b6e62c39ccf9ae9bfe54ee5887358d44f46337fbe090d7c7e55847edee8130ffd3d1e719e01a68b0e691c0d35b0b56e0b514036342fd56f08ac0083f3c2fe41a1295a3d23cf3d160d4fd90f66beba68860456ed41272e1e68d16c2564c85f5556e18784113c493d13253e14d6eb891707fba3c30d07d5ee8619e4426cafec4cf6a3723c455d09b586b248", 0x0, 0xf0, 0x0, 0xf0, 0xffffff0c}, 0x40) 323.987804ms ago: executing program 0 (id=184): unshare(0x22020600) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000007000000e27f000003"], 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x3, 0x4, 0x4, 0x9, 0x0, r0, 0x3}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r1}, &(0x7f0000000880), &(0x7f00000008c0)=r0}, 0x20) 313.215754ms ago: executing program 1 (id=185): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x18) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0) fdatasync(r1) 306.434114ms ago: executing program 0 (id=186): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x1, 0x70bd2a, 0x4, {0x0, 0x0, 0x0, 0x0, 0x2180, 0x4c40}, [@IFLA_IFNAME={0x14, 0x3, 'veth1\x00'}, @IFLA_MTU={0x8, 0x4, 0x40e}]}, 0x3c}}, 0x800) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0) 292.169515ms ago: executing program 3 (id=187): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f00000055c0), 0x400023c, 0x300, 0x0) shutdown(r0, 0x0) 287.145665ms ago: executing program 1 (id=188): unshare(0x6020400) r0 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000)) lseek(r0, 0x7ffffffffffffffe, 0x1) sendfile(r0, r0, &(0x7f0000000040)=0x7, 0x6) 273.317815ms ago: executing program 2 (id=189): mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') rmdir(&(0x7f0000000000)='./bus\x00') 259.171016ms ago: executing program 1 (id=190): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x0, r1, 0x0, 0x4, 0x0) 252.967246ms ago: executing program 0 (id=191): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x1, 0x0) preadv(r0, &(0x7f0000000480)=[{&(0x7f00000000c0)=""/148, 0x94}], 0x1, 0x1, 0x0) ioctl$MON_IOCX_GETX(r0, 0x80089203, 0x0) 241.720586ms ago: executing program 2 (id=192): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x200000, 0x208000}) ioctl$VT_SETMODE(r0, 0x5602, 0x0) 19.50388ms ago: executing program 0 (id=193): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./bus\x00', 0xc0d6, &(0x7f0000000140)={[{@noload}, {@discard}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x6}}, {@errors_remount}, {@lazytime}, {@minixdf}, {@noquota}, {@minixdf}]}, 0x1, 0x46f, &(0x7f0000000240)="$eJzs289vFFUcAPDvTH/IT1sJ/uCHUkUi8UdLCyIHLxpNPGhiogc81raQykINrYkQomAMHg2Jd+PRhL/Ak16MejJ6Vc+GhBguoKc1sztD2+1u2Tbd3bL7+SQD78287XvfnXmzb+bNBNCzRrJ/kogdEfFHRAxVs8sLjFT/u3Pr0tS/ty5NJVEuv/NPUil3+9alqaJo8bntRaY/Iv08iX116p2/cPHMZKk0cz7Pjy2c/XBs/sLFF2bPTp6eOT1zbuLEiWNHx186PvHihsSZxXV77ydz+/e88d61t6ZOXnv/5+tJEX9NHM3ou3eRkdU2HiqXk/61VLjJ7VyS7qrAulxftZvGQKX/D0VfLO68oXj9s442DmipcrlcfqTx5uuVAkCXSnRx6FHFD312/VssbRp6bAo3X6leAGVx38mX6pb+SPMyAzXXtxtpJCJOXv7v62yJ2vsQW1tUKQDQ077Pxj/P1xv/pbH0vtCD+RzKcEQ8FBG7IuJ4ROyOiIcjKmUfjYjH1lh/7STJyvFnemNdgTUpG/+9nM9tLR//FaO/GO7Lczsr8Q8kp2ZLM0ey7+S3A9USs6WZ8VXq+OG1379stG3p+C9bsvqLsWDejhv9Dyz/zPTkwuS6A65x80rE3v568Sd3ZwKSiNgTEXvXWcfss9/ub7StQfyDTf3hDZhnKn8T8Ux1/1+Oavwr6k5Wn58c2xKlmSNj+VFRXlnHL79efbtR/ffe/61180oUR9eK/V/113CydL52fu11XP3zi4bXlOs9/geTd5et+3hyYeH8eMRg8mYlP7x0/URNuYnF8tnxf/hg/f6/Kxa/iX0RkR3Ej0fEExFxIG/7kxHxVEQcXCX+n159+oP1x1/RsivBLP7puue/u08B1Oz/xcRg1K6pn+g78+N3yyodXkv82f4/Vkkdztc0c/5rpl3rO5oBAADg/pNGxI5I0tG76TQdHa0+w787tqWlufmF507NfXRuuvqOwHAMpMX9z6El90PH88v6Ij+RP1tc5I/m942/6ttayY9OzZWmOx089LjtDfp/5u8mXnIB7nO182jbOtQOoP28rwm9S/+H3pTU6f8DhzrUGKDt6vz+e/UMekS98f+nHWgH0H41/X/VaT8DA+guTd7/29LqdgDt16D/mxaAHtC4o6dtbQfQVvNb494vyXdHIjuXbYJmdEsi0k3RDIkWJTp9ZgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgY/wcAAP//G7/jdA==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000640)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x6611, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) 0s ago: executing program 1 (id=194): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x7fa962bfffff, 0x13012, r0, 0x0) madvise(&(0x7f0000ff2000/0x2000)=nil, 0x2000, 0x15) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.27' (ED25519) to the list of known hosts. [ 19.978686][ T28] audit: type=1400 audit(1758044110.877:64): avc: denied { mounton } for pid=275 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 19.979775][ T275] cgroup: Unknown subsys name 'net' [ 20.001357][ T28] audit: type=1400 audit(1758044110.877:65): avc: denied { mount } for pid=275 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.028597][ T28] audit: type=1400 audit(1758044110.907:66): avc: denied { unmount } for pid=275 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 20.028754][ T275] cgroup: Unknown subsys name 'devices' [ 20.141503][ T275] cgroup: Unknown subsys name 'hugetlb' [ 20.147104][ T275] cgroup: Unknown subsys name 'rlimit' [ 20.279294][ T28] audit: type=1400 audit(1758044111.177:67): avc: denied { setattr } for pid=275 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 20.298197][ T277] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 20.302493][ T28] audit: type=1400 audit(1758044111.177:68): avc: denied { mounton } for pid=275 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 20.335665][ T28] audit: type=1400 audit(1758044111.177:69): avc: denied { mount } for pid=275 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 20.347947][ T275] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 20.358805][ T28] audit: type=1400 audit(1758044111.217:70): avc: denied { relabelto } for pid=277 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.392936][ T28] audit: type=1400 audit(1758044111.217:71): avc: denied { write } for pid=277 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.418550][ T28] audit: type=1400 audit(1758044111.247:72): avc: denied { read } for pid=275 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.444054][ T28] audit: type=1400 audit(1758044111.247:73): avc: denied { open } for pid=275 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.111286][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.118346][ T283] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.125945][ T283] device bridge_slave_0 entered promiscuous mode [ 21.134249][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.141312][ T283] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.148703][ T283] device bridge_slave_1 entered promiscuous mode [ 21.208849][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.216057][ T286] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.223461][ T286] device bridge_slave_0 entered promiscuous mode [ 21.230150][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.237175][ T285] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.244599][ T285] device bridge_slave_0 entered promiscuous mode [ 21.251426][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.258448][ T285] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.265906][ T285] device bridge_slave_1 entered promiscuous mode [ 21.273740][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.280790][ T286] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.288064][ T286] device bridge_slave_1 entered promiscuous mode [ 21.325252][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.332344][ T284] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.339798][ T284] device bridge_slave_0 entered promiscuous mode [ 21.354712][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.361815][ T284] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.369245][ T284] device bridge_slave_1 entered promiscuous mode [ 21.431843][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.438879][ T287] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.446363][ T287] device bridge_slave_0 entered promiscuous mode [ 21.466251][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.473382][ T287] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.480796][ T287] device bridge_slave_1 entered promiscuous mode [ 21.594036][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.601110][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.608380][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.615427][ T283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.637113][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.644181][ T285] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.651456][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.658472][ T285] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.686957][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.694049][ T286] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.701361][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.708382][ T286] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.717105][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.724299][ T287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.731567][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.738575][ T287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.756613][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.763685][ T284] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.770962][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.777985][ T284] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.816093][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.823402][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.830660][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.838171][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.846107][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.853326][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.860852][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.868021][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.875283][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.882476][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.890519][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.897815][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.923604][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.931621][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.940351][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.947378][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.954814][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 21.962526][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.970038][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.978125][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.985146][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.992578][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.000855][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.007868][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.015240][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.023412][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.030458][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.037849][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.046107][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.053153][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.060662][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.068787][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.075814][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.102422][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.110871][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.117881][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.125385][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.133594][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.141797][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.149355][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.156832][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 22.165235][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.173454][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.180483][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.187835][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.195954][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.204293][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.212418][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.219419][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.226802][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.234843][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.243312][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.251483][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.258486][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.265934][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.274145][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.296847][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.305089][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.313187][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.321527][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.338762][ T286] device veth0_vlan entered promiscuous mode [ 22.351546][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.359568][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.367577][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.375653][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.383839][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.392239][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.400585][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.408365][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.416495][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.424574][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.432649][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.440277][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.457100][ T283] device veth0_vlan entered promiscuous mode [ 22.468702][ T285] device veth0_vlan entered promiscuous mode [ 22.476576][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.484808][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.493124][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.501621][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.509418][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.517415][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.525885][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.534308][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.542202][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.550200][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.558436][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.566957][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.574489][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.582011][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.589352][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.597501][ T286] device veth1_macvtap entered promiscuous mode [ 22.610110][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.618332][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.625827][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.633457][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.641906][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.650052][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.661704][ T285] device veth1_macvtap entered promiscuous mode [ 22.674508][ T283] device veth1_macvtap entered promiscuous mode [ 22.681936][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.689500][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.697723][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.707216][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.714922][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.723357][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.731880][ T287] device veth0_vlan entered promiscuous mode [ 22.741753][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.750046][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.759154][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.777572][ T284] device veth0_vlan entered promiscuous mode [ 22.783928][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.791787][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.799154][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.807637][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.816024][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.824289][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.832689][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.841066][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.854519][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.863182][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.871809][ T283] request_module fs-gadgetfs succeeded, but still no fs? [ 22.886833][ T284] device veth1_macvtap entered promiscuous mode [ 22.903244][ T287] device veth1_macvtap entered promiscuous mode [ 22.912514][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.922207][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.962037][ T342] loop1: detected capacity change from 0 to 128 [ 22.966084][ T343] loop0: detected capacity change from 0 to 1024 [ 22.976049][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.984716][ T343] ======================================================= [ 22.984716][ T343] WARNING: The mand mount option has been deprecated and [ 22.984716][ T343] and is ignored by this kernel. Remove the mand [ 22.984716][ T343] option from the mount to silence this warning. [ 22.984716][ T343] ======================================================= [ 23.020966][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.030771][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 23.039084][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.040069][ T342] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 23.047717][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.056543][ T342] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 23.064896][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.075038][ T343] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 23.100403][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 23.130189][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.145521][ T285] EXT4-fs (loop1): unmounting filesystem. [ 23.191527][ T283] EXT4-fs (loop0): unmounting filesystem. [ 23.374873][ T382] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 23.487448][ T387] SELinux: failed to load policy [ 23.604830][ T360] loop2: detected capacity change from 0 to 131072 [ 23.613629][ T360] F2FS-fs (loop2): Wrong CP boundary, start(512) end(1536) blocks(0) [ 23.621779][ T360] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 23.630815][ T360] F2FS-fs (loop2): invalid crc value [ 23.657412][ T360] F2FS-fs (loop2): Found nat_bits in checkpoint [ 23.698537][ T360] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 23.705676][ T360] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 23.791502][ T414] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.798596][ T414] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.851395][ T425] xt_hashlimit: max too large, truncated to 1048576 [ 23.925409][ T436] loop3: detected capacity change from 0 to 16 [ 23.971710][ T436] erofs: (device loop3): mounted with root inode @ nid 36. [ 23.980755][ T436] erofs: (device loop3): z_erofs_read_folio: failed to read, err [-22] [ 23.989378][ T436] erofs: (device loop3): z_erofs_read_folio: failed to read, err [-22] [ 23.999533][ T436] erofs: (device loop3): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 24.037344][ T451] loop3: detected capacity change from 0 to 512 [ 24.050452][ T451] EXT4-fs: Ignoring removed orlov option [ 24.056488][ T451] EXT4-fs (loop3): Test dummy encryption mode enabled [ 24.063571][ T451] EXT4-fs (loop3): can't mount with data_err=abort, fs mounted w/o journal [ 24.955451][ T490] loop2: detected capacity change from 0 to 4096 [ 24.986994][ T490] EXT4-fs (loop2): Test dummy encryption mode enabled [ 24.994240][ T493] Driver unsupported XDP return value 0 on prog (id 12) dev N/A, expect packet loss! [ 25.010477][ T490] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 25.023017][ T490] System zones: 0-5 [ 25.040703][ T490] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 25.078113][ T28] kauditd_printk_skb: 116 callbacks suppressed [ 25.078126][ T28] audit: type=1400 audit(1758044115.977:190): avc: denied { create } for pid=489 comm="syz.2.63" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 25.110104][ T313] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 25.117079][ T490] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 25.133026][ T28] audit: type=1400 audit(1758044116.037:191): avc: denied { write } for pid=489 comm="syz.2.63" name="bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 25.155981][ T286] EXT4-fs (loop2): unmounting filesystem. [ 25.410824][ T28] audit: type=1400 audit(1758044116.037:192): avc: denied { add_name } for pid=489 comm="syz.2.63" name=2E02 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 26.929729][ C1] sched: RT throttling activated [ 26.953726][ T28] audit: type=1400 audit(1758044116.037:193): avc: denied { create } for pid=489 comm="syz.2.63" name=2E02 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 27.019247][ T498] loop2: detected capacity change from 0 to 8192 [ 27.037681][ T28] audit: type=1400 audit(1758044117.937:194): avc: denied { mount } for pid=497 comm="syz.2.65" name="/" dev="loop2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 27.062454][ T313] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.084909][ T313] usb 5-1: config 0 interface 0 has no altsetting 0 [ 27.092705][ T313] usb 5-1: New USB device found, idVendor=057e, idProduct=2009, bcdDevice= 0.00 [ 27.123298][ T28] audit: type=1400 audit(1758044117.997:195): avc: denied { unmount } for pid=286 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 27.147034][ T313] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.158715][ T313] usb 5-1: config 0 descriptor?? [ 27.159508][ T508] caif0: tun_chr_ioctl cmd 2147767511 [ 27.165237][ T28] audit: type=1400 audit(1758044118.027:196): avc: denied { connect } for pid=505 comm="syz.3.69" lport=5 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 27.190547][ T28] audit: type=1400 audit(1758044118.057:197): avc: denied { write } for pid=505 comm="syz.3.69" laddr=::1 lport=5 faddr=::1 fport=20004 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 27.214406][ T28] audit: type=1400 audit(1758044118.127:198): avc: denied { setopt } for pid=505 comm="syz.3.69" laddr=::1 lport=5 faddr=::1 fport=20004 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 27.267346][ T28] audit: type=1400 audit(1758044118.167:199): avc: denied { create } for pid=510 comm="syz.3.71" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 27.334168][ T515] netlink: 4 bytes leftover after parsing attributes in process `syz.2.74'. [ 27.353749][ T521] loop0: detected capacity change from 0 to 16 [ 27.365697][ T521] erofs: (device loop0): mounted with root inode @ nid 36. [ 27.381815][ T525] netlink: 24 bytes leftover after parsing attributes in process `syz.2.78'. [ 27.385066][ T521] erofs: (device loop0): erofs_readdir: invalid de[0].nameoff 0 @ nid 36 [ 27.567907][ T313] nintendo 0003:057E:2009.0001: unknown main item tag 0x0 [ 27.576507][ T313] nintendo 0003:057E:2009.0001: hidraw0: USB HID v80.00 Device [HID 057e:2009] on usb-dummy_hcd.4-1/input0 [ 27.586638][ T564] kvm [563]: vcpu0, guest rIP: 0xfff0 Hyper-V unhandled rdmsr: 0x40000018 [ 27.649882][ T313] nintendo 0003:057E:2009.0001: failed reading SPI flash; ret=-38 [ 27.657764][ T313] nintendo 0003:057E:2009.0001: using factory cal for left stick [ 27.665763][ T313] nintendo 0003:057E:2009.0001: failed reading SPI flash; ret=-38 [ 27.720195][ T313] nintendo 0003:057E:2009.0001: using factory cal for right stick [ 27.728126][ T313] nintendo 0003:057E:2009.0001: failed reading SPI flash; ret=-38 [ 27.736344][ T313] nintendo 0003:057E:2009.0001: Failed to read left stick cal, using defaults; e=-38 [ 27.751749][ T313] nintendo 0003:057E:2009.0001: failed reading SPI flash; ret=-38 [ 27.777545][ T313] nintendo 0003:057E:2009.0001: Failed to read right stick cal, using defaults; e=-38 [ 27.792028][ T313] nintendo 0003:057E:2009.0001: failed reading SPI flash; ret=-38 [ 27.800260][ T313] nintendo 0003:057E:2009.0001: using factory cal for IMU [ 27.802334][ T592] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.815424][ T313] nintendo 0003:057E:2009.0001: failed reading SPI flash; ret=-38 [ 27.823915][ T313] nintendo 0003:057E:2009.0001: Failed to read IMU cal, using defaults; ret=-38 [ 27.833781][ T313] nintendo 0003:057E:2009.0001: Unable to read IMU calibration data [ 27.842012][ T313] nintendo 0003:057E:2009.0001: Failed to set report mode; ret=-38 [ 27.850162][ T313] nintendo 0003:057E:2009.0001: Failed to initialize controller; ret=-38 [ 27.859393][ T313] nintendo 0003:057E:2009.0001: probe - fail = -38 [ 27.874223][ T313] nintendo: probe of 0003:057E:2009.0001 failed with error -38 [ 27.888508][ T594] netlink: 'syz.3.108': attribute type 5 has an invalid length. [ 27.891171][ T313] usb 5-1: USB disconnect, device number 2 [ 27.901738][ T594] netlink: 24 bytes leftover after parsing attributes in process `syz.3.108'. [ 27.945081][ T597] fido_id[597]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 27.960734][ T600] loop2: detected capacity change from 0 to 7 [ 27.999814][ T59] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 28.129780][ T339] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 28.182603][ T611] loop3: detected capacity change from 0 to 128 [ 28.191918][ T59] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 28.204556][ T611] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 28.216714][ T59] usb 3-1: config 1 has an invalid descriptor of length 32, skipping remainder of the config [ 28.227518][ T59] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 28.236860][ T59] usb 3-1: config 1 has no interface number 1 [ 28.243119][ T59] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 28.256417][ T611] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 28.270581][ T59] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 28.279649][ T59] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 28.299764][ T59] usb 3-1: Product: syz [ 28.304428][ T423] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 28.320202][ T59] usb 3-1: Manufacturer: syz [ 28.321125][ T339] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 28.324832][ T59] usb 3-1: SerialNumber: syz [ 28.327662][ T613] loop4: detected capacity change from 0 to 2048 [ 28.361782][ T339] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 28.375926][ T339] usb 1-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 28.390051][ T613] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 28.412450][ T423] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 28.435732][ T339] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.444011][ T423] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 28.461636][ T423] EXT4-fs (loop4): This should not happen!! Data will be lost [ 28.461636][ T423] [ 28.464438][ T339] usb 1-1: config 0 descriptor?? [ 28.471825][ T423] EXT4-fs (loop4): Total free blocks count 0 [ 28.483015][ T423] EXT4-fs (loop4): Free/Dirty block details [ 28.488954][ T423] EXT4-fs (loop4): free_blocks=66060288 [ 28.492172][ T339] usbhid 1-1:0.0: can't add hid device: -22 [ 28.494931][ T423] EXT4-fs (loop4): dirty_blocks=16 [ 28.505715][ T423] EXT4-fs (loop4): Block reservation details [ 28.509965][ T339] usbhid: probe of 1-1:0.0 failed with error -22 [ 28.511737][ T423] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 28.533072][ T287] EXT4-fs (loop4): unmounting filesystem. [ 28.552881][ T59] usb 3-1: USB disconnect, device number 2 [ 28.583146][ T632] loop2: detected capacity change from 0 to 7 [ 28.615817][ T636] capability: warning: `syz.4.124' uses deprecated v2 capabilities in a way that may be insecure [ 28.720461][ T24] usb 1-1: USB disconnect, device number 2 [ 28.746134][ T658] loop1: detected capacity change from 0 to 256 [ 28.752877][ T658] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 28.765140][ T334] udevd[334]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 28.793546][ T662] loop2: detected capacity change from 0 to 7 [ 28.888323][ T668] loop1: detected capacity change from 0 to 512 [ 28.897471][ T668] EXT4-fs: Ignoring removed nobh option [ 28.908539][ T668] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 28.916987][ T668] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.139: invalid indirect mapped block 2683928664 (level 1) [ 28.931302][ T668] EXT4-fs (loop1): 1 truncate cleaned up [ 28.937035][ T668] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 28.957902][ T285] EXT4-fs (loop1): unmounting filesystem. [ 29.003047][ T673] netlink: 4 bytes leftover after parsing attributes in process `syz.1.141'. [ 29.026049][ T675] syz.1.142[675] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 29.026123][ T675] syz.1.142[675] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 29.145984][ T690] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 29.197629][ T692] loop2: detected capacity change from 0 to 7 [ 29.265991][ T59] kernel write not supported for file /48/net/sockstat6 (pid: 59 comm: kworker/1:2) [ 29.402762][ T720] loop1: detected capacity change from 0 to 128 [ 29.443074][ T720] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 29.453386][ T720] ext4 filesystem being mounted at /39/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 29.501182][ T720] fscrypt (loop1, inode 12): Mutually exclusive encryption flags (0x0c) [ 29.546483][ T285] EXT4-fs (loop1): unmounting filesystem. [ 29.843950][ T776] netlink: 165 bytes leftover after parsing attributes in process `syz.0.186'. [ 29.885701][ T286] ------------[ cut here ]------------ [ 29.891328][ T286] WARNING: CPU: 0 PID: 286 at fs/inode.c:332 drop_nlink+0xc5/0x110 [ 29.899240][ T286] Modules linked in: [ 29.903376][ T286] CPU: 0 PID: 286 Comm: syz-executor Not tainted syzkaller #0 [ 29.910964][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 29.921131][ T286] RIP: 0010:drop_nlink+0xc5/0x110 [ 29.926168][ T286] Code: 1b 48 8d bb b8 04 00 00 be 08 00 00 00 e8 03 ea f0 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 5b 81 ac ff <0f> 0b eb 86 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5e ff ff ff 4c [ 29.945882][ T286] RSP: 0018:ffffc9000d2afc38 EFLAGS: 00010293 [ 29.952131][ T286] RAX: ffffffff81c38805 RBX: ffff888131216288 RCX: ffff888113449440 [ 29.960208][ T286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 29.968184][ T286] RBP: ffffc9000d2afc60 R08: 0000000000000004 R09: 0000000000000003 [ 29.976265][ T286] R10: fffff52001a55f78 R11: 1ffff92001a55f78 R12: dffffc0000000000 [ 29.984273][ T286] R13: 1ffff11026242c5a R14: ffff8881312162d0 R15: 0000000000000000 [ 29.992325][ T286] FS: 000055555a788500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 30.001287][ T286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.007876][ T286] CR2: 000055555a7ab4e8 CR3: 000000012fbfe000 CR4: 00000000003506b0 [ 30.015901][ T286] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.023892][ T286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.031884][ T286] Call Trace: [ 30.035162][ T286] [ 30.038093][ T286] shmem_rmdir+0x5b/0x90 [ 30.042376][ T286] vfs_rmdir+0x393/0x500 [ 30.046627][ T286] incfs_kill_sb+0x105/0x220 [ 30.051266][ T286] deactivate_locked_super+0xb5/0x120 [ 30.056657][ T286] deactivate_super+0xaf/0xe0 [ 30.061408][ T286] cleanup_mnt+0x45f/0x4e0 [ 30.065838][ T286] __cleanup_mnt+0x19/0x20 [ 30.070327][ T286] task_work_run+0x1db/0x240 [ 30.074917][ T286] ? __cfi_task_work_run+0x10/0x10 [ 30.080060][ T286] ? __x64_sys_umount+0x125/0x160 [ 30.085102][ T286] ? __cfi___x64_sys_umount+0x10/0x10 [ 30.090528][ T286] exit_to_user_mode_loop+0x9b/0xb0 [ 30.095729][ T286] exit_to_user_mode_prepare+0x5a/0xa0 [ 30.099027][ T790] loop0: detected capacity change from 0 to 512 [ 30.101217][ T286] syscall_exit_to_user_mode+0x1a/0x30 [ 30.101243][ T286] do_syscall_64+0x58/0xa0 [ 30.101256][ T286] ? clear_bhb_loop+0x30/0x80 [ 30.122365][ T286] ? clear_bhb_loop+0x30/0x80 [ 30.127189][ T286] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 30.133282][ T286] RIP: 0033:0x7ff1abf8fed7 [ 30.137712][ T286] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 30.149509][ T790] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 30.157364][ T286] RSP: 002b:00007ffd704b6b48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 30.178796][ T286] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ff1abf8fed7 [ 30.186902][ T286] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd704b6c00 [ 30.194944][ T286] RBP: 00007ffd704b6c00 R08: 0000000000000000 R09: 0000000000000000 [ 30.197808][ T790] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 30.202938][ T286] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd704b7c90 [ 30.202956][ T286] R13: 00007ff1ac011c05 R14: 00000000000074a0 R15: 00007ffd704b7cd0 [ 30.202970][ T286] [ 30.202976][ T286] ---[ end trace 0000000000000000 ]--- [ 30.204094][ T313] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 30.228588][ T28] kauditd_printk_skb: 54 callbacks suppressed [ 30.228601][ T28] audit: type=1400 audit(1758044121.127:254): avc: denied { accept } for pid=791 comm="syz.1.194" path="socket:[18864]" dev="sockfs" ino=18864 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 30.229148][ T286] ================================================================== [ 30.237630][ T790] EXT4-fs (loop0): 1 truncate cleaned up [ 30.244713][ T286] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60 [ 30.244736][ T286] Write of size 4 at addr 0000000000000170 by task syz-executor/286 [ 30.244749][ T286] [ 30.244755][ T286] CPU: 0 PID: 286 Comm: syz-executor Tainted: G W syzkaller #0 [ 30.244771][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 30.244780][ T286] Call Trace: [ 30.244785][ T286] [ 30.244792][ T286] __dump_stack+0x21/0x24 [ 30.244816][ T286] dump_stack_lvl+0xee/0x150 [ 30.244837][ T286] ? __cfi_dump_stack_lvl+0x8/0x8 [ 30.244858][ T286] ? ihold+0x20/0x60 [ 30.264704][ T790] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 30.274134][ T286] ? ihold+0x20/0x60 [ 30.274157][ T286] print_report+0x3d/0x60 [ 30.274178][ T286] kasan_report+0x122/0x150 [ 30.327951][ T28] audit: type=1400 audit(1758044121.197:255): avc: denied { ioctl } for pid=789 comm="syz.0.193" path="/39/bus/blkio.bfq.avg_queue_size" dev="loop0" ino=18 ioctlcmd=0x6611 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 30.329458][ T286] ? ihold+0x20/0x60 [ 30.397390][ T286] kasan_check_range+0x280/0x290 [ 30.402339][ T286] __kasan_check_write+0x14/0x20 [ 30.407290][ T286] ihold+0x20/0x60 [ 30.411014][ T286] vfs_rmdir+0x25f/0x500 [ 30.415260][ T286] incfs_kill_sb+0x105/0x220 [ 30.419854][ T286] deactivate_locked_super+0xb5/0x120 [ 30.425232][ T286] deactivate_super+0xaf/0xe0 [ 30.429922][ T286] cleanup_mnt+0x45f/0x4e0 [ 30.434346][ T286] __cleanup_mnt+0x19/0x20 [ 30.438766][ T286] task_work_run+0x1db/0x240 [ 30.443363][ T286] ? __cfi_task_work_run+0x10/0x10 [ 30.448479][ T286] ? __x64_sys_umount+0x125/0x160 [ 30.453510][ T286] ? __cfi___x64_sys_umount+0x10/0x10 [ 30.458889][ T286] exit_to_user_mode_loop+0x9b/0xb0 [ 30.464096][ T286] exit_to_user_mode_prepare+0x5a/0xa0 [ 30.469556][ T286] syscall_exit_to_user_mode+0x1a/0x30 [ 30.475022][ T286] do_syscall_64+0x58/0xa0 [ 30.479435][ T286] ? clear_bhb_loop+0x30/0x80 [ 30.484111][ T286] ? clear_bhb_loop+0x30/0x80 [ 30.488810][ T286] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 30.494709][ T286] RIP: 0033:0x7ff1abf8fed7 [ 30.499124][ T286] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 30.518730][ T286] RSP: 002b:00007ffd704b6b48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 30.527152][ T286] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ff1abf8fed7 [ 30.535125][ T286] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd704b6c00 [ 30.543101][ T286] RBP: 00007ffd704b6c00 R08: 0000000000000000 R09: 0000000000000000 [ 30.551074][ T286] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd704b7c90 [ 30.559052][ T286] R13: 00007ff1ac011c05 R14: 00000000000074a0 R15: 00007ffd704b7cd0 [ 30.567035][ T286] [ 30.570057][ T286] ================================================================== [ 30.578656][ T286] Disabling lock debugging due to kernel taint [ 30.585082][ T286] BUG: kernel NULL pointer dereference, address: 0000000000000170 [ 30.590380][ T283] EXT4-fs (loop0): unmounting filesystem. [ 30.592971][ T286] #PF: supervisor write access in kernel mode [ 30.592981][ T286] #PF: error_code(0x0002) - not-present page [ 30.592991][ T286] PGD 133164067 P4D 133164067 PUD 0 [ 30.615987][ T286] Oops: 0002 [#1] PREEMPT SMP KASAN [ 30.620960][ T28] audit: type=1400 audit(1758044121.497:256): avc: denied { read } for pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 30.621183][ T286] CPU: 0 PID: 286 Comm: syz-executor Tainted: G B W syzkaller #0 [ 30.621201][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 30.661820][ T286] RIP: 0010:ihold+0x26/0x60 [ 30.666314][ T286] Code: 33 36 7c df 55 48 89 e5 41 56 53 48 89 fb e8 c1 78 ac ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 40 e1 f0 ff 41 be 01 00 00 00 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 b1 [ 30.685902][ T286] RSP: 0018:ffffc9000d2afc78 EFLAGS: 00010246 [ 30.691951][ T286] RAX: ffff888113449400 RBX: 0000000000000000 RCX: ffff888113449440 [ 30.699904][ T286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 30.707856][ T286] RBP: ffffc9000d2afc88 R08: dffffc0000000000 R09: fffffbfff0f2d6fd [ 30.715814][ T286] R10: fffffbfff0f2d6fd R11: 1ffffffff0f2d6fc R12: ffff888131216294 [ 30.723770][ T286] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000 [ 30.731721][ T286] FS: 000055555a788500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 30.740634][ T286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.747199][ T286] CR2: 0000000000000170 CR3: 000000012fbfe000 CR4: 00000000003506b0 [ 30.755160][ T286] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.763116][ T286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 30.771073][ T286] Call Trace: [ 30.774336][ T286] [ 30.777251][ T286] vfs_rmdir+0x25f/0x500 [ 30.781484][ T286] incfs_kill_sb+0x105/0x220 [ 30.786059][ T286] deactivate_locked_super+0xb5/0x120 [ 30.791507][ T286] deactivate_super+0xaf/0xe0 [ 30.796177][ T286] cleanup_mnt+0x45f/0x4e0 [ 30.800581][ T286] __cleanup_mnt+0x19/0x20 [ 30.804981][ T286] task_work_run+0x1db/0x240 [ 30.809556][ T286] ? __cfi_task_work_run+0x10/0x10 [ 30.814651][ T286] ? __x64_sys_umount+0x125/0x160 [ 30.819660][ T286] ? __cfi___x64_sys_umount+0x10/0x10 [ 30.825014][ T286] exit_to_user_mode_loop+0x9b/0xb0 [ 30.830196][ T286] exit_to_user_mode_prepare+0x5a/0xa0 [ 30.835636][ T286] syscall_exit_to_user_mode+0x1a/0x30 [ 30.841082][ T286] do_syscall_64+0x58/0xa0 [ 30.845483][ T286] ? clear_bhb_loop+0x30/0x80 [ 30.850147][ T286] ? clear_bhb_loop+0x30/0x80 [ 30.854807][ T286] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 30.860688][ T286] RIP: 0033:0x7ff1abf8fed7 [ 30.865085][ T286] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 30.884671][ T286] RSP: 002b:00007ffd704b6b48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 30.893072][ T286] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ff1abf8fed7 [ 30.901027][ T286] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd704b6c00 [ 30.908984][ T286] RBP: 00007ffd704b6c00 R08: 0000000000000000 R09: 0000000000000000 [ 30.916941][ T286] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd704b7c90 [ 30.924896][ T286] R13: 00007ff1ac011c05 R14: 00000000000074a0 R15: 00007ffd704b7cd0 [ 30.932856][ T286] [ 30.935861][ T286] Modules linked in: [ 30.939753][ T286] CR2: 0000000000000170 [ 30.943887][ T286] ---[ end trace 0000000000000000 ]--- [ 30.949321][ T286] RIP: 0010:ihold+0x26/0x60 [ 30.953814][ T286] Code: 33 36 7c df 55 48 89 e5 41 56 53 48 89 fb e8 c1 78 ac ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 40 e1 f0 ff 41 be 01 00 00 00 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 b1 [ 30.973401][ T286] RSP: 0018:ffffc9000d2afc78 EFLAGS: 00010246 [ 30.979451][ T286] RAX: ffff888113449400 RBX: 0000000000000000 RCX: ffff888113449440 [ 30.987405][ T286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 30.995361][ T286] RBP: ffffc9000d2afc88 R08: dffffc0000000000 R09: fffffbfff0f2d6fd [ 31.003314][ T286] R10: fffffbfff0f2d6fd R11: 1ffffffff0f2d6fc R12: ffff888131216294 [ 31.011268][ T286] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000 [ 31.019221][ T286] FS: 000055555a788500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 31.028134][ T286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.034703][ T286] CR2: 0000000000000170 CR3: 000000012fbfe000 CR4: 00000000003506b0 [ 31.042661][ T286] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.050619][ T286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.058579][ T286] Kernel panic - not syncing: Fatal exception [ 31.064846][ T286] Kernel Offset: disabled [ 31.069156][ T286] Rebooting in 86400 seconds..