last executing test programs: 3.69283618s ago: executing program 0 (id=1): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, &(0x7f00000002c0)="01a4acc7cf28ab9f6c7fc745c30bfc165466072a660bbf56352083db9d40454a67f8010000004bd29585885c89773ca3ba28a1e85ffe2a9220e0ecd440e345b745bf2146835ad015c801f95be5b890e44fb3dfbe8e88a1e5176e584c970207f23b0073ca5375abddf56331be396eaa2398ea66b93a74fd4147e826abed1b5d1de578682288c19ac23c1ccc1cdd936d2571c3510b0000000000000000000000000000000000f32bb3874c926a8944caa4677d2eae3bc831e748000000", 0xfffffffffffffe88, 0x5e, 0x0, 0x0) 3.639925542s ago: executing program 0 (id=6): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000240)=[@increfs], 0x0, 0x0, 0x0}) 3.587858884s ago: executing program 0 (id=8): r0 = syz_usb_connect$uac1(0x2, 0xb8, &(0x7f0000000100)=ANY=[@ANYBLOB="12010103000000106b1d01014000010203010902a600030156c0020904000000010100000a24010101bb02010211240601040507000a0008000300020005052405060f0f2406020504020002200a000a00040c24020203020250800009010d2406050203078887000a00000924030101010505"], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x2000000000000046}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000240)={0x0, 0xe, 0x2, "c5d0"}, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000c80)={0x84, &(0x7f0000000040)=ANY=[@ANYBLOB="400702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$sierra_net(r0, 0x0, &(0x7f0000000280)={0x1c, &(0x7f00000006c0)={0x40, 0x12, 0x2, "00a3"}, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000b00)={0x44, &(0x7f0000000500)=ANY=[@ANYBLOB="000502"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f0000000480)={0x40, 0x12, 0x3, 'gK@'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000005c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000400)={0x20, 0x81, 0x2, 'Z1'}, 0x0, 0x0, 0x0, 0x0}) 3.579145985s ago: executing program 3 (id=4): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xb, 0x0, 0x100000}, 0x20) mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x11c0, 0x0) 3.540139646s ago: executing program 3 (id=9): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_usb_connect$uac1(0x0, 0xb1, 0x0, 0x0) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6) write$bt_hci(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000ffff3201"], 0x138) 3.366522933s ago: executing program 3 (id=11): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed, 0x1}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) r3 = eventfd2(0x0, 0x80801) io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7, 0x90, r3, &(0x7f0000000180)="d1e8624a6b0e", 0x6, 0x4}]) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x6, 0x6700000000000000, 0x3, 0x4002004c0, 0x7f, 0x8000000000000000, 0xcd99, 0x2, 0x1, 0xfffffffffffffffb, 0x1003, 0x0, 0x39da], 0x50000, 0x2010d3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.366180764s ago: executing program 2 (id=3): socket(0x10, 0x2, 0x0) epoll_create1(0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x0, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x8, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0xc7c, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x1, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x9, 0x8, 0x3fc, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x4e, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x2, 0x400, 0x3e55, 0x4005, 0xd3, 0x8, 0x97f7, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x8922, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0x10000, 0xfffffffd, 0x5, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d82, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x100009, 0xc, 0xffffffff, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x1, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) pipe2(&(0x7f0000000580), 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304}) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x31}}, 0x2, 0x0, 0x4}}, 0x2e) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r6 = dup(r5) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) 3.22380187s ago: executing program 2 (id=13): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) lsetxattr$security_capability(&(0x7f0000002580)='./file0\x00', &(0x7f00000025c0), 0x0, 0x0, 0x0) write$binfmt_elf32(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7f454c4607000caa090000000000000002000300050000007a03000038000000ff02000005000000ff0320000400feff060072520000000050e574640a0000"], 0x7f5) close(r0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 3.183609302s ago: executing program 2 (id=14): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x1085408, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') renameat2(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x2) 3.152423823s ago: executing program 2 (id=15): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004898b610c2154100201f0102030109021b0001000500ea09040002018c78fd000905"], 0x0) r2 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000000)=ANY=[], 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) r3 = syz_usb_connect$uac1(0x0, 0x0, 0x0, 0x0) syz_usb_control_io$uac2(r3, 0x0, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0x8, &(0x7f00000002c0)=ANY=[@ANYRES16]) syz_usb_connect$cdc_ncm(0x1, 0x80, &(0x7f0000000080)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6e, 0x2, 0x1, 0x6, 0x0, 0x55, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "573d9269205d"}, {0x5, 0x24, 0x0, 0x1}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x5, 0x2, 0x9}, {0x6, 0x24, 0x1a, 0xb893, 0x29}, [@country_functional={0xc, 0x24, 0x7, 0x3, 0x1, [0x7, 0x200, 0x10]}]}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x6, 0x0, 0x4}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0x8, 0x6, 0x2}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0xc, 0x83}}}}}}}]}}, &(0x7f0000000880)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x201, 0x5, 0x2, 0xc0, 0x10, 0x1}, 0x162, &(0x7f0000000200)={0x5, 0xf, 0x162, 0x5, [@ssp_cap={0xc, 0x10, 0xa, 0xc5, 0x0, 0x3c, 0xff00, 0x9}, @generic={0xd4, 0x10, 0xa, "64e39c712d007179e754cafbe63e7a75f25f07dae062d1e26fdd4fdb5b178c24539e37472767858cfdbfdb14e87889118874a549038432c80e29563e343f5495feadde5baf44c0f278a12f827e25a74b81e86ae3c6355bc2310bab98fbf0138caee13cc41080b61fb1e46b099c8182b40f05aea8ee090748c77b85a23ee0b8837676665a90ac848a62bf2cb24ce176f769d275fbdae29730c9429e48eccf1d74320b80e0e54fe59a7f27a09a94ac33d3b0d0d73249d2eb37599c84f0c858c2808599475d68d29eecdf9cd7809247c30df4"}, @generic={0x2e, 0x10, 0xa, "cde63596b7b51ce0442b3a54d4c824be5a55f083a45c24bebf5d0077c6d90426c00bce01e4027a6ffc8413"}, @ss_container_id={0x14, 0x10, 0x4, 0x40, "a92f08001d7ff47bbf4346130c4f2f11"}, @generic={0x3b, 0x10, 0x2, "b1af4e4677f832764a339da399113d7780916c2dcadbe61c6d0285a20ff68d4e2ac62f7097058c8ebeb8cd26d711ecac73c0eb32fa2ee607"}]}}) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00222200000096231306e53f070c0000002a940107900000008300"], 0x0}, 0x0) 2.713734932s ago: executing program 3 (id=11): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed, 0x1}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) r3 = eventfd2(0x0, 0x80801) io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7, 0x90, r3, &(0x7f0000000180)="d1e8624a6b0e", 0x6, 0x4}]) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x6, 0x6700000000000000, 0x3, 0x4002004c0, 0x7f, 0x8000000000000000, 0xcd99, 0x2, 0x1, 0xfffffffffffffffb, 0x1003, 0x0, 0x39da], 0x50000, 0x2010d3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.686122303s ago: executing program 3 (id=17): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000200)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x419, 0x600, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, "", [{{0x9, 0x4, 0x0, 0x0, 0xfe, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x1, 0xfc, 0x1, {0x22, 0x28}}, {{{0x9, 0x5, 0x81, 0x3, 0x420, 0x8, 0x81, 0x3}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)={0x20, 0x23, 0x29, {0x29, 0x23, "83efb930f0187ff0478fa22a61a54607b71ea9e43d359c479c37f525cde38bf7914077366b487a"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 2.346702998s ago: executing program 1 (id=20): ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000000)={0x6, 'lo\x00', {0x1}, 0x4}) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) userfaultfd(0x801) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed, 0x1}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = eventfd2(0x0, 0x80801) io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7, 0x90, r3, &(0x7f0000000180)="d1e8624a6b0e", 0x6, 0x4}]) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.320468449s ago: executing program 1 (id=21): bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x4, @loopback, 0x3ff}, 0x1c) listen(0xffffffffffffffff, 0xb) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000000)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x5, @empty, 0xfffffffe}, 0x1c, 0x0}}], 0x1, 0x20080058) accept$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x0, @private0}, &(0x7f00000001c0)=0x1c) 2.262544561s ago: executing program 1 (id=22): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, 0xffffffffffffffff, 0x1000) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0xf}) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r2, 0x0, 0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000180)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/43, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/80, &(0x7f0000000880)=""/91}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000380)={0x0, 0x9c28, 0x7fff}) ioctl$XFS_IOC_SWAPEXT(0xffffffffffffffff, 0xc0c0586d, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xc, 0xf34, '\x00', {0x7483, 0x2d35, 0xfff, 0x9, 0x6, 0xd, 0x4, 0xa967, {0x4, 0xe}, {0x400, 0x5}, {0x1, 0x2}, 0x8, 0x5, 0x6, 0x7fff, 0x37bf, 0x1, 0x0, 0x7fff, 0x1, 0x401, '\x00', 0x9, 0x4, 0x4, 0x7}}) 1.270304244s ago: executing program 1 (id=23): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.220416597s ago: executing program 1 (id=24): mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x404, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 1.162097839s ago: executing program 1 (id=25): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x1085408, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') renameat2(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x2) 1.093603942s ago: executing program 2 (id=26): mkdirat(0xffffffffffffff9c, 0x0, 0x1c1) openat$incfs(0xffffffffffffffff, 0x0, 0x10002, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x161140, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000015c0)={0x1, 0x0, [{0x1, 0x9, 0x7, 0x1, 0x8}]}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000002c0)={0x2, 0x0, [{0xb, 0x6, 0x3, 0x9, 0x81}, {0x80000019, 0x5, 0x0, 0x5}]}) ioctl$KVM_TDX_FINALIZE_VM(r1, 0xc004aeba, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000880)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1000700000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd673c1eeda4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d06c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235eaa92143ce4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05be23dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6f89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) 703.441999ms ago: executing program 3 (id=28): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r0, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb1000008747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb80035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22383e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485a4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2245eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e4c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8652b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad64c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc590800", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x78, 0x0, 0x6, {0x8, 0xfffffffe, 0x0, {0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3966, 0x1, 0x0, 0xfffffffc, r1, r2, 0x1, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x4901, 0x101) write$tcp_congestion(r3, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_CREATE(r3, 0xc02054a5, 0x0) 615.354793ms ago: executing program 4 (id=31): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) lsetxattr$security_capability(&(0x7f0000002580)='./file0\x00', &(0x7f00000025c0), 0x0, 0x0, 0x0) write$binfmt_elf32(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7f454c4607000caa090000000000000002000300050000007a03000038000000ff02000005000000ff0320000400feff060072520000000050e574640a0000"], 0x7f5) close(r0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 585.633664ms ago: executing program 4 (id=32): bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x4, @loopback, 0x3ff}, 0x1c) listen(0xffffffffffffffff, 0xb) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000000000)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x5, @empty, 0xfffffffe}, 0x1c, 0x0}}], 0x1, 0x20080058) accept$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x0, @private0}, &(0x7f00000001c0)=0x1c) 518.459527ms ago: executing program 4 (id=33): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed, 0x1}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) r3 = eventfd2(0x0, 0x80801) io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7, 0x90, r3, &(0x7f0000000180)="d1e8624a6b0e", 0x6, 0x4}]) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x6, 0x6700000000000000, 0x3, 0x4002004c0, 0x7f, 0x8000000000000000, 0xcd99, 0x2, 0x1, 0xfffffffffffffffb, 0x1003, 0x0, 0x39da], 0x50000, 0x2010d3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 455.4365ms ago: executing program 4 (id=34): ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000000)={0x6, 'lo\x00', {0x1}, 0x4}) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) userfaultfd(0x801) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed, 0x1}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = eventfd2(0x0, 0x80801) io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7, 0x90, r3, &(0x7f0000000180)="d1e8624a6b0e", 0x6, 0x4}]) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 452.23516ms ago: executing program 0 (id=35): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 385.807123ms ago: executing program 0 (id=36): mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x404, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 352.197644ms ago: executing program 0 (id=37): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) sendmsg$IEEE802154_START_REQ(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) 307.475026ms ago: executing program 4 (id=38): mknod(0x0, 0x1000, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000100)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f0000000140)={@val={0x0, 0xc}, @val={0x0, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @loopback}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0x8, 0x0, 0x2, 0x0, 0x4, {[@sack_perm={0x4, 0x2}, @nop, @generic={0x0, 0x8, "d58838068b91"}]}}}}}}, 0x42) 0s ago: executing program 4 (id=39): write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000100)="7bda", 0x2) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000007c0)=[@text32={0x20, 0x0}], 0x1, 0x9, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) kernel console output (not intermixed with test programs): T30] audit: type=1400 audit(1778624945.837:62): avc: denied { rlimitinh } for pid=237 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 16.518570][ T30] audit: type=1400 audit(1778624945.837:63): avc: denied { siginh } for pid=237 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.17' (ED25519) to the list of known hosts. [ 23.616744][ T30] audit: type=1400 audit(1778624952.987:64): avc: denied { mounton } for pid=277 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 23.617829][ T277] cgroup: Unknown subsys name 'net' [ 23.639560][ T30] audit: type=1400 audit(1778624952.987:65): avc: denied { mount } for pid=277 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.666786][ T30] audit: type=1400 audit(1778624953.017:66): avc: denied { unmount } for pid=277 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.666923][ T277] cgroup: Unknown subsys name 'devices' [ 23.749553][ T277] cgroup: Unknown subsys name 'hugetlb' [ 23.755330][ T277] cgroup: Unknown subsys name 'rlimit' [ 23.861572][ T30] audit: type=1400 audit(1778624953.237:67): avc: denied { setattr } for pid=277 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.874915][ T279] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 23.885017][ T30] audit: type=1400 audit(1778624953.237:68): avc: denied { mounton } for pid=277 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 23.918285][ T30] audit: type=1400 audit(1778624953.237:69): avc: denied { mount } for pid=277 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 23.941512][ T30] audit: type=1400 audit(1778624953.297:70): avc: denied { relabelto } for pid=279 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.967269][ T30] audit: type=1400 audit(1778624953.297:71): avc: denied { write } for pid=279 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.996144][ T30] audit: type=1400 audit(1778624953.367:72): avc: denied { read } for pid=277 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.021906][ T30] audit: type=1400 audit(1778624953.367:73): avc: denied { open } for pid=277 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.021939][ T277] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 24.509617][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.516760][ T285] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.524158][ T285] device bridge_slave_0 entered promiscuous mode [ 24.531992][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.539047][ T285] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.546448][ T285] device bridge_slave_1 entered promiscuous mode [ 24.644452][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.651541][ T286] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.658964][ T286] device bridge_slave_0 entered promiscuous mode [ 24.665766][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.672859][ T286] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.680173][ T286] device bridge_slave_1 entered promiscuous mode [ 24.694235][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.701466][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.708948][ T289] device bridge_slave_0 entered promiscuous mode [ 24.725890][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.732987][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.740409][ T288] device bridge_slave_0 entered promiscuous mode [ 24.754209][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.761285][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.768803][ T289] device bridge_slave_1 entered promiscuous mode [ 24.776537][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.783622][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.790954][ T288] device bridge_slave_1 entered promiscuous mode [ 24.867693][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.874753][ T287] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.882409][ T287] device bridge_slave_0 entered promiscuous mode [ 24.889240][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.896271][ T287] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.904337][ T287] device bridge_slave_1 entered promiscuous mode [ 24.983801][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.990958][ T285] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.998244][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.005355][ T285] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.026775][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.033930][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.041385][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.048560][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.074704][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.081903][ T286] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.089190][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.096300][ T286] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.124125][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.131212][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.138499][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.145516][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.154575][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.162116][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.169410][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.176500][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.184102][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.191333][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.198556][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.205744][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.214175][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 25.221558][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.258407][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.265917][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.274224][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.281273][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.289413][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.297619][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.304714][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.312089][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.320239][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.327267][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.334788][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.342996][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.350163][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.364329][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.372099][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.380093][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.395903][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.408205][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.427559][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.443588][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.451600][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.460521][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.467602][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.475383][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.483593][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.490637][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.498167][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.518012][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.526121][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.533914][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.559739][ T285] device veth0_vlan entered promiscuous mode [ 25.566631][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.574709][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.583078][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.590124][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.598033][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.606137][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.613261][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.620571][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.628832][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.635926][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.643322][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.651321][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.659318][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.667645][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.675818][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 25.684279][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.692479][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.699600][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.706917][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.714952][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.722898][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.731243][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.739126][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.747452][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.755860][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 25.767757][ T286] device veth0_vlan entered promiscuous mode [ 25.775517][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.783481][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.791869][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.799578][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.812230][ T288] device veth0_vlan entered promiscuous mode [ 25.827205][ T285] device veth1_macvtap entered promiscuous mode [ 25.834814][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.843232][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.851772][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.859754][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.867866][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.875818][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.883831][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.891976][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.900296][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.908530][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.916547][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.924286][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.931789][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.940199][ T286] device veth1_macvtap entered promiscuous mode [ 25.950630][ T288] device veth1_macvtap entered promiscuous mode [ 25.957759][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.965409][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.973501][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.982274][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.990673][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.998852][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 26.016910][ T289] device veth0_vlan entered promiscuous mode [ 26.023117][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.031555][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.039975][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.048394][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.056606][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.064855][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.073142][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.081427][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.089725][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 26.097644][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.105549][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 26.113074][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 26.126397][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.134968][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 26.152507][ T285] request_module fs-gadgetfs succeeded, but still no fs? [ 26.157724][ T289] device veth1_macvtap entered promiscuous mode [ 26.175451][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.184033][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.192869][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.201366][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.210124][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 26.218389][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.226542][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 26.242741][ T287] device veth0_vlan entered promiscuous mode [ 26.266744][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.295419][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 26.318167][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 26.319228][ T318] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 26.346104][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.360494][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.375047][ T318] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 26.375469][ T287] device veth1_macvtap entered promiscuous mode [ 26.388602][ T318] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 26.410526][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.419096][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.428365][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.448690][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.457135][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.465788][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.474974][ T307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.504712][ T288] syz-executor (288) used greatest stack depth: 21760 bytes left [ 26.545200][ T329] input: syz0 as /devices/virtual/input/input4 [ 26.647394][ T6] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 26.713174][ T344] process 'syz.2.13' launched './file0' with NULL argv: empty string added [ 26.725278][ T338] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.725318][ T344] Invalid argument reading file caps for ./file0 [ 26.739046][ T338] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.747107][ T338] device bridge_slave_0 entered promiscuous mode [ 26.754448][ T338] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.763345][ T338] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.771086][ T338] device bridge_slave_1 entered promiscuous mode [ 26.849752][ T338] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.856810][ T338] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.864114][ T338] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.871161][ T338] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.892407][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.900045][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.907799][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.918357][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.926536][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.933598][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.945209][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.953468][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.960508][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.973716][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.983500][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.998298][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.012950][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.021591][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.029622][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.038449][ T307] device bridge_slave_1 left promiscuous mode [ 27.044595][ T307] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.052234][ T307] device bridge_slave_0 left promiscuous mode [ 27.058392][ T307] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.066234][ T307] device veth1_macvtap left promiscuous mode [ 27.072516][ T307] device veth0_vlan left promiscuous mode [ 27.087716][ T26] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 27.117425][ T6] usb 1-1: unable to get BOS descriptor or descriptor too short [ 27.117425][ T63] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 27.150372][ T338] device veth0_vlan entered promiscuous mode [ 27.161897][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.172212][ T338] device veth1_macvtap entered promiscuous mode [ 27.178617][ T6] usb 1-1: not running at top speed; connect to a high speed hub [ 27.189413][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 27.198307][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 27.267595][ T6] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 27.278049][ T6] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 27.327460][ T26] usb 3-1: Using ep0 maxpacket: 16 [ 27.357470][ T63] usb 5-1: Using ep0 maxpacket: 8 [ 27.447516][ T26] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.458622][ T26] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 27.468465][ T26] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 27.481436][ T63] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 27.493307][ T26] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 27.502414][ T63] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 27.515539][ T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.523987][ T63] usb 5-1: New USB device found, idVendor=06a3, idProduct=0621, bcdDevice= 0.00 [ 27.533487][ T26] usb 3-1: config 0 descriptor?? [ 27.537365][ T20] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 27.538565][ T63] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.554713][ T63] usb 5-1: config 0 descriptor?? [ 27.567613][ T6] usb 1-1: string descriptor 0 read error: -22 [ 27.574092][ T6] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 27.583758][ T6] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 27.628466][ T6] usb 1-1: 0:2 : does not exist [ 27.807442][ T20] usb 4-1: Using ep0 maxpacket: 8 [ 27.937490][ T20] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 27.948486][ T20] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1056, setting to 1024 [ 27.959761][ T20] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 27.973579][ T20] usb 4-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 27.982804][ T20] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.991747][ T20] usb 4-1: config 0 descriptor?? [ 27.997695][ T350] UDC core: couldn't find an available UDC or it's busy: -16 [ 28.005194][ T350] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 28.012774][ T358] raw-gadget.3 gadget: fail, usb_ep_enable returned -22 [ 28.013301][ T350] UDC core: couldn't find an available UDC or it's busy: -16 [ 28.028080][ T350] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 28.038533][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.038913][ T350] UDC core: couldn't find an available UDC or it's busy: -16 [ 28.048812][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.054100][ T350] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 28.071006][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.079685][ T26] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 28.087419][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.094452][ T26] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 28.101951][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.109009][ T26] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 28.116398][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.123632][ T26] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 28.131186][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.138254][ T26] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 28.145635][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.152801][ T26] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 28.160286][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.167312][ T26] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 28.174741][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.181791][ T26] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 28.189203][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.196224][ T26] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 28.203621][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.210783][ T26] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 28.218178][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.227391][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.236657][ T26] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0002/input/input5 [ 28.250109][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.257223][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.264407][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.271510][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.278675][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.285715][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.292923][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.300118][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.307261][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.314328][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.323149][ T26] microsoft 0003:045E:07DA.0002: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 28.336525][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.343622][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.352692][ T26] usb 3-1: USB disconnect, device number 2 [ 28.358652][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.371669][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.378873][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.385900][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.393442][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.400641][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.407845][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.415206][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.422573][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.430329][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.437583][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.444793][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.452017][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.462190][ T63] saitek 0003:06A3:0621.0001: unknown main item tag 0x0 [ 28.468455][ T20] samsung 0003:0419:0600.0003: ignoring exceeding usage max [ 28.471144][ T375] fido_id[375]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 28.487800][ T20] samsung 0003:0419:0600.0003: hidraw0: USB HID v0.01 Device [HID 0419:0600] on usb-dummy_hcd.3-1/input0 [ 28.509290][ T63] saitek 0003:06A3:0621.0001: hidraw1: USB HID v0.05 Device [HID 06a3:0621] on usb-dummy_hcd.4-1/input0 [ 28.525461][ T63] usb 5-1: USB disconnect, device number 2 [ 28.580898][ T376] fido_id[376]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 28.693104][ T42] usb 4-1: USB disconnect, device number 2 [ 28.715396][ T30] kauditd_printk_skb: 63 callbacks suppressed [ 28.715413][ T30] audit: type=1400 audit(1778624958.087:137): avc: denied { mounton } for pid=381 comm="syz.1.24" path="/8/bus" dev="incremental-fs" ino=55 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 28.745337][ T30] audit: type=1400 audit(1778624958.087:138): avc: denied { write } for pid=381 comm="syz.1.24" name="/" dev="incremental-fs" ino=55 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 28.768534][ T30] audit: type=1400 audit(1778624958.087:139): avc: denied { add_name } for pid=381 comm="syz.1.24" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 28.789151][ T30] audit: type=1400 audit(1778624958.087:140): avc: denied { create } for pid=381 comm="syz.1.24" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 28.809594][ T30] audit: type=1400 audit(1778624958.087:141): avc: denied { associate } for pid=381 comm="syz.1.24" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 28.811812][ T289] ------------[ cut here ]------------ [ 28.836790][ T30] audit: type=1400 audit(1778624958.117:142): avc: denied { unmount } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 28.837629][ T289] WARNING: CPU: 0 PID: 289 at fs/inode.c:335 drop_nlink+0xc5/0x110 [ 28.876442][ T289] Modules linked in: [ 28.887442][ T30] audit: type=1400 audit(1778624958.117:143): avc: denied { remove_name } for pid=289 comm="syz-executor" name=".pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 28.899235][ T289] CPU: 0 PID: 289 Comm: syz-executor Not tainted syzkaller #0 [ 28.916315][ T30] audit: type=1400 audit(1778624958.117:144): avc: denied { unlink } for pid=289 comm="syz-executor" name=".pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 28.920640][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 28.957727][ T289] RIP: 0010:drop_nlink+0xc5/0x110 [ 28.962910][ T289] Code: 1b 48 8d bb b8 04 00 00 be 08 00 00 00 e8 a3 03 f2 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 9b cb b2 ff <0f> 0b eb 86 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5e ff ff ff 4c [ 28.977372][ T30] audit: type=1400 audit(1778624958.287:145): avc: denied { read } for pid=383 comm="syz.2.26" name="msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 29.013105][ T289] RSP: 0018:ffffc900007d7b28 EFLAGS: 00010293 [ 29.020061][ T389] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 29.028555][ T289] RAX: ffffffff81b6ffd5 RBX: ffff88812c39e300 RCX: ffff88811b89a780 [ 29.035588][ T30] audit: type=1400 audit(1778624958.287:146): avc: denied { open } for pid=383 comm="syz.2.26" path="/dev/cpu/0/msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 29.036815][ T289] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 29.068702][ T389] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 29.086284][ T289] RBP: ffffc900007d7b50 R08: 0000000000000003 R09: 0000000000000004 [ 29.096312][ T289] R10: dffffc0000000000 R11: fffff520000faf54 R12: dffffc0000000000 [ 29.104388][ T289] R13: 1ffff11025873c69 R14: ffff88812c39e348 R15: 0000000000000000 [ 29.113028][ T289] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 29.122147][ T289] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.129211][ T289] CR2: 0000001b2ea22ff8 CR3: 0000000123e5f000 CR4: 00000000003526b0 [ 29.137353][ T289] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 29.145477][ T289] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 29.153707][ T289] Call Trace: [ 29.157148][ T289] [ 29.160288][ T289] shmem_rmdir+0x5b/0x90 [ 29.164626][ T289] vfs_rmdir+0x313/0x460 [ 29.169175][ T289] incfs_kill_sb+0x105/0x220 [ 29.173820][ T289] deactivate_locked_super+0xa0/0x100 [ 29.179419][ T289] deactivate_super+0xaf/0xe0 [ 29.184137][ T289] cleanup_mnt+0x45b/0x510 [ 29.187415][ T6] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5) [ 29.189010][ T289] __cleanup_mnt+0x19/0x20 [ 29.198776][ T6] usb 1-1: USB disconnect, device number 2 [ 29.205864][ T289] task_work_run+0x127/0x190 [ 29.211450][ T289] do_exit+0xa9e/0x27e0 [ 29.215668][ T289] ? put_task_struct+0x90/0x90 [ 29.230780][ T289] ? __fdget_pos+0x1f7/0x380 [ 29.236136][ T289] ? ksys_write+0x1e4/0x250 [ 29.241312][ T289] ? __ia32_sys_read+0x90/0x90 [ 29.247932][ T289] do_group_exit+0x141/0x310 [ 29.252971][ T289] ? debug_smp_processor_id+0x17/0x20 [ 29.260549][ T289] __x64_sys_exit_group+0x3f/0x40 [ 29.265772][ T289] x64_sys_call+0x832/0x9a0 [ 29.270593][ T289] do_syscall_64+0x4c/0xa0 [ 29.275083][ T289] ? clear_bhb_loop+0x50/0xa0 [ 29.279977][ T289] ? clear_bhb_loop+0x50/0xa0 [ 29.284738][ T289] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 29.290873][ T289] RIP: 0033:0x7fb9dab16e59 [ 29.295402][ T289] Code: Unable to access opcode bytes at RIP 0x7fb9dab16e2f. [ 29.307179][ T289] RSP: 002b:00007ffe4cac1248 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 29.315963][ T289] RAX: ffffffffffffffda RBX: 00007fb9dabac22a RCX: 00007fb9dab16e59 [ 29.324259][ T289] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 29.332720][ T398] Invalid argument reading file caps for ./file0 [ 29.332859][ T289] RBP: 0000000000000009 R08: 0000000000000000 R09: 00007fb9dabac1ca [ 29.347447][ T289] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe4cac2500 [ 29.355583][ T289] R13: 00007fb9dabac1ca R14: 0000555569e434e8 R15: 00007ffe4cac35d0 [ 29.363660][ T289] [ 29.366869][ T289] ---[ end trace fc1f15e84bc1710d ]--- [ 29.372493][ T289] ------------[ cut here ]------------ [ 29.378043][ T289] WARNING: CPU: 1 PID: 289 at fs/inode.c:335 drop_nlink+0xc5/0x110 [ 29.386185][ T289] Modules linked in: [ 29.390236][ T289] CPU: 1 PID: 289 Comm: syz-executor Tainted: G W syzkaller #0 [ 29.399256][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 29.409512][ T289] RIP: 0010:drop_nlink+0xc5/0x110 [ 29.414596][ T289] Code: 1b 48 8d bb b8 04 00 00 be 08 00 00 00 e8 a3 03 f2 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 9b cb b2 ff <0f> 0b eb 86 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5e ff ff ff 4c [ 29.434599][ T289] RSP: 0018:ffffc900007d7b28 EFLAGS: 00010293 [ 29.445911][ T289] RAX: ffffffff81b6ffd5 RBX: ffff88812c39db50 RCX: ffff88811b89a780 [ 29.469071][ T289] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 29.490843][ T289] RBP: ffffc900007d7b50 R08: 0000000000000003 R09: 0000000000000004 [ 29.499228][ T289] R10: dffffc0000000000 R11: fffff520000faf54 R12: dffffc0000000000 [ 29.510191][ T289] R13: 1ffff11025873b73 R14: ffff88812c39db98 R15: 0000000000000000 [ 29.519954][ T289] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 29.529228][ T289] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.535914][ T289] CR2: 000000110c2c4ea5 CR3: 000000012aff3000 CR4: 00000000003526a0 [ 29.544650][ T289] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 29.553196][ T289] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 29.561480][ T289] Call Trace: [ 29.564904][ T289] [ 29.568941][ T289] shmem_rmdir+0x5b/0x90 [ 29.573361][ T289] vfs_rmdir+0x313/0x460 [ 29.578252][ T289] incfs_kill_sb+0x198/0x220 [ 29.583171][ T289] deactivate_locked_super+0xa0/0x100 [ 29.588890][ T289] deactivate_super+0xaf/0xe0 [ 29.593711][ T289] cleanup_mnt+0x45b/0x510 [ 29.598395][ T289] __cleanup_mnt+0x19/0x20 [ 29.602940][ T289] task_work_run+0x127/0x190 [ 29.607987][ T289] do_exit+0xa9e/0x27e0 [ 29.612277][ T289] ? put_task_struct+0x90/0x90 [ 29.612940][ T285] ------------[ cut here ]------------ [ 29.623419][ T289] ? __fdget_pos+0x1f7/0x380 [ 29.623463][ T289] ? ksys_write+0x1e4/0x250 [ 29.623493][ T289] ? __ia32_sys_read+0x90/0x90 [ 29.623523][ T289] do_group_exit+0x141/0x310 [ 29.623553][ T289] ? debug_smp_processor_id+0x17/0x20 [ 29.623586][ T289] __x64_sys_exit_group+0x3f/0x40 [ 29.623616][ T289] x64_sys_call+0x832/0x9a0 [ 29.623648][ T289] do_syscall_64+0x4c/0xa0 [ 29.623679][ T289] ? clear_bhb_loop+0x50/0xa0 [ 29.623709][ T289] ? clear_bhb_loop+0x50/0xa0 [ 29.635174][ T285] WARNING: CPU: 0 PID: 285 at fs/inode.c:335 drop_nlink+0xc5/0x110 [ 29.638439][ T289] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 29.649414][ T285] Modules linked in: [ 29.653458][ T289] RIP: 0033:0x7fb9dab16e59 [ 29.662106][ T285] [ 29.662116][ T285] CPU: 0 PID: 285 Comm: syz-executor Tainted: G W syzkaller #0 [ 29.662136][ T285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 29.662146][ T285] RIP: 0010:drop_nlink+0xc5/0x110 [ 29.662169][ T285] Code: 1b 48 8d bb b8 04 00 00 be 08 00 00 00 e8 a3 03 f2 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 9b cb b2 ff <0f> 0b eb 86 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5e ff ff ff 4c [ 29.668724][ T289] Code: Unable to access opcode bytes at RIP 0x7fb9dab16e2f. [ 29.675373][ T285] RSP: 0018:ffffc90000a17b28 EFLAGS: 00010293 [ 29.680696][ T415] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 52 [ 29.696425][ T285] [ 29.705664][ T289] RSP: 002b:00007ffe4cac1248 EFLAGS: 00000246 [ 29.720861][ T285] RAX: ffffffff81b6ffd5 RBX: ffff88811af18bf0 RCX: ffff88811bbde2c0 [ 29.740348][ T289] ORIG_RAX: 00000000000000e7 [ 29.747939][ T285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 29.755894][ T289] RAX: ffffffffffffffda RBX: 00007fb9dabac22a RCX: 00007fb9dab16e59 [ 29.762459][ T285] RBP: ffffc90000a17b50 R08: 0000000000000003 R09: 0000000000000004 [ 29.764388][ T289] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 29.770518][ T285] R10: dffffc0000000000 R11: fffff52000142f54 R12: dffffc0000000000 [ 29.778596][ T289] RBP: 0000000000000009 R08: 0000000000000000 R09: 00007fb9dabac1ca [ 29.783220][ T285] R13: 1ffff110235e3187 R14: ffff88811af18c38 R15: 0000000000000000 [ 29.791412][ T289] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe4cac2500 [ 29.800072][ T285] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 29.807443][ T289] R13: 00007fb9dabac1ca R14: 0000555569e434e8 R15: 00007ffe4cac35d0 [ 29.815321][ T285] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 29.823502][ T289] [ 29.831912][ T285] CR2: 000000110c30bd19 CR3: 000000011a7f7000 CR4: 00000000003506b0 [ 29.839461][ T289] ---[ end trace fc1f15e84bc1710e ]--- [ 29.847490][ T285] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 29.896157][ T285] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 29.904326][ T285] Call Trace: [ 29.907860][ T285] [ 29.910873][ T285] shmem_rmdir+0x5b/0x90 [ 29.915257][ T285] vfs_rmdir+0x313/0x460 [ 29.919825][ T285] incfs_kill_sb+0x105/0x220 [ 29.924577][ T285] deactivate_locked_super+0xa0/0x100 [ 29.943853][ T285] deactivate_super+0xaf/0xe0 [ 29.956623][ T285] cleanup_mnt+0x45b/0x510 [ 29.961179][ T285] __cleanup_mnt+0x19/0x20 [ 29.965694][ T285] task_work_run+0x127/0x190 [ 29.970978][ T285] do_exit+0xa9e/0x27e0 [ 29.975218][ T285] ? put_task_struct+0x90/0x90 [ 29.975483][ T289] ================================================================== [ 29.980073][ T285] ? __fdget_pos+0x1f7/0x380 [ 29.988064][ T289] BUG: KASAN: use-after-free in fast_dput+0x1e9/0x290 [ 29.988084][ T289] Read of size 4 at addr ffff888111815000 by task syz-executor/289 [ 29.992719][ T285] ? ksys_write+0x1e4/0x250 [ 29.999409][ T289] [ 29.999417][ T289] CPU: 0 PID: 289 Comm: syz-executor Tainted: G W syzkaller #0 [ 30.007374][ T285] ? __ia32_sys_read+0x90/0x90 [ 30.011803][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 30.014175][ T285] do_group_exit+0x141/0x310 [ 30.023007][ T289] Call Trace: [ 30.023015][ T289] [ 30.023021][ T289] __dump_stack+0x21/0x30 [ 30.023041][ T289] dump_stack_lvl+0x110/0x170 [ 30.027852][ T285] ? debug_smp_processor_id+0x17/0x20 [ 30.037857][ T289] ? show_regs_print_info+0x20/0x20 [ 30.037891][ T289] ? load_image+0x3e0/0x3e0 [ 30.037910][ T289] print_address_description+0x7f/0x2c0 [ 30.037929][ T289] ? fast_dput+0x1e9/0x290 [ 30.042601][ T285] __x64_sys_exit_group+0x3f/0x40 [ 30.045801][ T289] kasan_report+0xf1/0x140 [ 30.048763][ T285] x64_sys_call+0x832/0x9a0 [ 30.053062][ T289] ? fast_dput+0x1e9/0x290 [ 30.053083][ T289] __asan_report_load4_noabort+0x14/0x20 [ 30.057898][ T285] do_syscall_64+0x4c/0xa0 [ 30.063378][ T289] fast_dput+0x1e9/0x290 [ 30.068850][ T285] ? clear_bhb_loop+0x50/0xa0 [ 30.073142][ T289] dput+0x26/0x90 [ 30.078698][ T285] ? clear_bhb_loop+0x50/0xa0 [ 30.083296][ T289] incfs_free_mount_info+0x60/0x200 [ 30.083317][ T289] incfs_kill_sb+0x1b8/0x220 [ 30.088399][ T285] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 30.092760][ T289] deactivate_locked_super+0xa0/0x100 [ 30.097268][ T285] RIP: 0033:0x7fcff62dce59 [ 30.101847][ T289] deactivate_super+0xaf/0xe0 [ 30.101873][ T289] cleanup_mnt+0x45b/0x510 [ 30.101891][ T289] __cleanup_mnt+0x19/0x20 [ 30.101908][ T289] task_work_run+0x127/0x190 [ 30.101926][ T289] do_exit+0xa9e/0x27e0 [ 30.107922][ T285] Code: Unable to access opcode bytes at RIP 0x7fcff62dce2f. [ 30.112251][ T289] ? put_task_struct+0x90/0x90 [ 30.116481][ T285] RSP: 002b:00007ffc144e2698 EFLAGS: 00000246 [ 30.121409][ T289] ? __fdget_pos+0x1f7/0x380 [ 30.121427][ T289] ? ksys_write+0x1e4/0x250 [ 30.121444][ T289] ? __ia32_sys_read+0x90/0x90 [ 30.121461][ T289] do_group_exit+0x141/0x310 [ 30.125313][ T285] ORIG_RAX: 00000000000000e7 [ 30.129935][ T289] ? debug_smp_processor_id+0x17/0x20 [ 30.129957][ T289] __x64_sys_exit_group+0x3f/0x40 [ 30.135138][ T285] RAX: ffffffffffffffda RBX: 00007fcff637222a RCX: 00007fcff62dce59 [ 30.139800][ T289] x64_sys_call+0x832/0x9a0 [ 30.139821][ T289] do_syscall_64+0x4c/0xa0 [ 30.145832][ T285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 30.151150][ T289] ? clear_bhb_loop+0x50/0xa0 [ 30.151169][ T289] ? clear_bhb_loop+0x50/0xa0 [ 30.155567][ T285] RBP: 0000000000000009 R08: 0000000000000000 R09: 00007fcff63721ca [ 30.160232][ T289] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 30.160256][ T289] RIP: 0033:0x7fb9dab16e59 [ 30.164809][ T285] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc144e3950 [ 30.169608][ T289] Code: Unable to access opcode bytes at RIP 0x7fb9dab16e2f. [ 30.169618][ T289] RSP: 002b:00007ffe4cac1248 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 30.169638][ T289] RAX: ffffffffffffffda RBX: 00007fb9dabac22a RCX: 00007fb9dab16e59 [ 30.169651][ T289] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 30.169660][ T289] RBP: 0000000000000009 R08: 0000000000000000 R09: 00007fb9dabac1ca [ 30.169670][ T289] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe4cac2500 [ 30.169680][ T289] R13: 00007fb9dabac1ca R14: 0000555569e434e8 R15: 00007ffe4cac35d0 [ 30.169696][ T289] [ 30.169702][ T289] [ 30.169707][ T289] Allocated by task 382: [ 30.169714][ T289] __kasan_slab_alloc+0xbd/0xf0 [ 30.169732][ T289] slab_post_alloc_hook+0x4f/0x2b0 [ 30.169749][ T289] kmem_cache_alloc+0xf7/0x260 [ 30.169764][ T289] __d_alloc+0x2d/0x6a0 [ 30.169777][ T289] d_alloc_parallel+0xe2/0x1370 [ 30.174355][ T285] R13: 00007fcff63721ca R14: 000055556a1614e8 R15: 00007ffc144e4a20 [ 30.178500][ T289] __lookup_slow+0x14c/0x410 [ 30.178517][ T289] lookup_one_len+0x19d/0x2d0 [ 30.178532][ T289] incfs_lookup_dentry+0x60/0xb0 [ 30.186024][ T285] [ 30.190723][ T289] open_or_create_special_dir+0x4f/0x1d0 [ 30.190743][ T289] incfs_mount_fs+0x42f/0x890 [ 30.196846][ T285] ---[ end trace fc1f15e84bc1710f ]--- [ 30.201367][ T289] legacy_get_tree+0xed/0x190 [ 30.201386][ T289] vfs_get_tree+0x89/0x260 [ 30.206053][ T285] ------------[ cut here ]------------ [ 30.210704][ T289] do_new_mount+0x25a/0xa20 [ 30.210722][ T289] path_mount+0x659/0xff0 [ 30.210737][ T289] __se_sys_mount+0x320/0x390 [ 30.215359][ T285] WARNING: CPU: 1 PID: 285 at fs/inode.c:335 drop_nlink+0xc5/0x110 [ 30.219985][ T289] __x64_sys_mount+0xbf/0xd0 [ 30.220002][ T289] x64_sys_call+0x6bf/0x9a0 [ 30.225364][ T285] Modules linked in: [ 30.230480][ T289] do_syscall_64+0x4c/0xa0 [ 30.230500][ T289] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 30.238521][ T285] CPU: 1 PID: 285 Comm: syz-executor Tainted: G W syzkaller #0 [ 30.242959][ T289] [ 30.242965][ T289] Freed by task 285: [ 30.247409][ T285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 30.255355][ T289] kasan_set_track+0x4a/0x70 [ 30.255373][ T289] kasan_set_free_info+0x23/0x40 [ 30.260178][ T285] RIP: 0010:drop_nlink+0xc5/0x110 [ 30.264786][ T289] ____kasan_slab_free+0x125/0x160 [ 30.272910][ T285] Code: 1b 48 8d bb b8 04 00 00 be 08 00 00 00 e8 a3 03 f2 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 9b cb b2 ff <0f> 0b eb 86 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5e ff ff ff 4c [ 30.278717][ T289] __kasan_slab_free+0x11/0x20 [ 30.278735][ T289] slab_free_freelist_hook+0xc2/0x190 [ 30.283191][ T285] RSP: 0018:ffffc90000a17b28 EFLAGS: 00010293 [ 30.291103][ T289] kmem_cache_free+0x100/0x320 [ 30.291122][ T289] __d_free+0x23/0x30 [ 30.298523][ T285] [ 30.306862][ T289] rcu_do_batch+0x532/0xbe0 [ 30.314940][ T285] RAX: ffffffff81b6ffd5 RBX: ffff88811af1aab0 RCX: ffff88811bbde2c0 [ 30.322812][ T289] rcu_core+0x5ee/0xf80 [ 30.322842][ T289] rcu_core_si+0x9/0x10 [ 30.322857][ T289] handle_softirqs+0x250/0x560 [ 30.322873][ T289] __irq_exit_rcu+0x52/0xf0 [ 30.322887][ T289] irq_exit_rcu+0x9/0x10 [ 30.322902][ T289] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 30.322918][ T289] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 30.322934][ T289] [ 30.322938][ T289] Last potentially related work creation: [ 30.322943][ T289] kasan_save_stack+0x3a/0x60 [ 30.322959][ T289] __kasan_record_aux_stack+0xd2/0x100 [ 30.322975][ T289] kasan_record_aux_stack_noalloc+0xb/0x10 [ 30.322990][ T289] call_rcu+0x10b/0xf80 [ 30.323004][ T289] dentry_free+0xbd/0x150 [ 30.323017][ T289] __dentry_kill+0x50a/0x650 [ 30.323031][ T289] dentry_kill+0xc0/0x2a0 [ 30.323044][ T289] dput+0x47/0x90 [ 30.323058][ T289] incfs_free_mount_info+0x60/0x200 [ 30.323074][ T289] incfs_kill_sb+0x1b8/0x220 [ 30.323090][ T289] deactivate_locked_super+0xa0/0x100 [ 30.323105][ T289] deactivate_super+0xaf/0xe0 [ 30.323120][ T289] cleanup_mnt+0x45b/0x510 [ 30.323135][ T289] __cleanup_mnt+0x19/0x20 [ 30.323148][ T289] task_work_run+0x127/0x190 [ 30.323160][ T289] do_exit+0xa9e/0x27e0 [ 30.323173][ T289] do_group_exit+0x141/0x310 [ 30.323190][ T289] __x64_sys_exit_group+0x3f/0x40 [ 30.323206][ T289] x64_sys_call+0x832/0x9a0 [ 30.323222][ T289] do_syscall_64+0x4c/0xa0 [ 30.331408][ T285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 30.339355][ T289] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 30.339382][ T289] [ 30.339386][ T289] Second to last potentially related work creation: [ 30.347597][ T285] RBP: ffffc90000a17b50 R08: 0000000000000003 R09: 0000000000000004 [ 30.350653][ T289] kasan_save_stack+0x3a/0x60 [ 30.352998][ T285] R10: dffffc0000000000 R11: fffff52000142f54 R12: dffffc0000000000 [ 30.357232][ T289] __kasan_record_aux_stack+0xd2/0x100 [ 30.362228][ T285] R13: 1ffff110235e355f R14: ffff88811af1aaf8 R15: 0000000000000000 [ 30.367268][ T289] kasan_record_aux_stack_noalloc+0xb/0x10 [ 30.783478][ T289] call_rcu+0x10b/0xf80 [ 30.787643][ T289] dentry_free+0xbd/0x150 [ 30.791968][ T289] __dentry_kill+0x50a/0x650 [ 30.796556][ T289] dentry_kill+0xc0/0x2a0 [ 30.800974][ T289] dput+0x47/0x90 [ 30.804606][ T289] proc_invalidate_siblings_dcache+0x2a0/0x3c0 [ 30.810754][ T289] proc_flush_pid+0x1d/0x20 [ 30.815272][ T289] release_task+0x10c6/0x1200 [ 30.820033][ T289] wait_consider_task+0x17fa/0x2800 [ 30.825233][ T289] do_wait+0x268/0x9a0 [ 30.829294][ T289] kernel_wait4+0x1d1/0x2a0 [ 30.833882][ T289] __x64_sys_wait4+0x163/0x230 [ 30.838659][ T289] x64_sys_call+0xec/0x9a0 [ 30.843080][ T289] do_syscall_64+0x4c/0xa0 [ 30.847491][ T289] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 30.853442][ T289] [ 30.855760][ T289] The buggy address belongs to the object at ffff888111815000 [ 30.855760][ T289] which belongs to the cache dentry of size 208 [ 30.869376][ T289] The buggy address is located 0 bytes inside of [ 30.869376][ T289] 208-byte region [ffff888111815000, ffff8881118150d0) [ 30.882561][ T289] The buggy address belongs to the page: [ 30.888186][ T289] page:ffffea0004460540 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x111815 [ 30.898423][ T289] flags: 0x4000000000000200(slab|zone=1) [ 30.904238][ T289] raw: 4000000000000200 dead000000000100 dead000000000122 ffff8881001c4a80 [ 30.912817][ T289] raw: 0000000000000000 00000000000f000f 00000001ffffffff 0000000000000000 [ 30.921394][ T289] page dumped because: kasan: bad access detected [ 30.927802][ T289] page_owner tracks the page as allocated [ 30.933512][ T289] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x12cd0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_RECLAIMABLE), pid 111, ts 4997114836, free_ts 0 [ 30.950259][ T289] post_alloc_hook+0x192/0x1b0 [ 30.955024][ T289] prep_new_page+0x1c/0x110 [ 30.959524][ T289] get_page_from_freelist+0x2d3a/0x2dc0 [ 30.965065][ T289] __alloc_pages+0x1a2/0x460 [ 30.969738][ T289] new_slab+0xa1/0x4d0 [ 30.973827][ T289] ___slab_alloc+0x381/0x810 [ 30.978685][ T289] __slab_alloc+0x49/0x90 [ 30.983028][ T289] kmem_cache_alloc+0x138/0x260 [ 30.987895][ T289] __d_alloc+0x2d/0x6a0 [ 30.992077][ T289] d_alloc_parallel+0xe2/0x1370 [ 30.996922][ T289] __lookup_slow+0x14c/0x410 [ 31.001507][ T289] lookup_slow+0x57/0x70 [ 31.005743][ T289] walk_component+0x325/0x460 [ 31.010413][ T289] link_path_walk+0x665/0xd60 [ 31.015097][ T289] path_openat+0x27b/0x2f20 [ 31.019593][ T289] do_filp_open+0x1e2/0x410 [ 31.024094][ T289] page_owner free stack trace missing [ 31.029452][ T289] [ 31.031779][ T289] Memory state around the buggy address: [ 31.037404][ T289] ffff888111814f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.045463][ T289] ffff888111814f80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 31.053522][ T289] >ffff888111815000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.061575][ T289] ^ [ 31.065637][ T289] ffff888111815080: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 31.073688][ T289] ffff888111815100: fc fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.081924][ T289] ================================================================== [ 31.089973][ T289] Disabling lock debugging due to kernel taint [ 31.097121][ T285] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 31.106818][ T289] ------------[ cut here ]------------ [ 31.106861][ T285] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.112387][ T289] WARNING: CPU: 0 PID: 289 at fs/dcache.c:769 fast_dput+0x210/0x290 [ 31.127138][ T289] Modules linked in: [ 31.131102][ T289] CPU: 0 PID: 289 Comm: syz-executor Tainted: G B W syzkaller #0 [ 31.140058][ T289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 31.150308][ T289] RIP: 0010:fast_dput+0x210/0x290 [ 31.155357][ T289] Code: e5 f2 ff e9 46 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 99 fe ff ff 48 89 df e8 ea e4 f2 ff e9 8c fe ff ff e8 10 af b3 ff <0f> 0b e9 0b ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c e4 fe ff [ 31.175569][ T289] RSP: 0018:ffffc900007d7b40 EFLAGS: 00010293 [ 31.181657][ T289] RAX: ffffffff81b61c60 RBX: ffff888111815000 RCX: ffff88811b89a780 [ 31.189647][ T289] RDX: 0000000000000000 RSI: 00000000ffffff80 RDI: 0000000000000001 [ 31.197736][ T289] RBP: ffffc900007d7b70 R08: 0000000000000003 R09: 0000000000000004 [ 31.205799][ T289] R10: dffffc0000000000 R11: fffff520000faf58 R12: 00000000ffffff80 [ 31.214056][ T289] R13: dffffc0000000000 R14: ffff888111815058 R15: 1ffff11022302a0b [ 31.222051][ T289] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 31.231064][ T289] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.237666][ T289] CR2: 000000110c30bd19 CR3: 00000001270a8000 CR4: 00000000003506b0 [ 31.245642][ T289] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.253804][ T289] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.261793][ T289] Call Trace: [ 31.265249][ T289] [ 31.268195][ T289] dput+0x26/0x90 [ 31.271832][ T289] incfs_free_mount_info+0x60/0x200 [ 31.277048][ T289] incfs_kill_sb+0x1b8/0x220 [ 31.281913][ T289] deactivate_locked_super+0xa0/0x100 [ 31.287285][ T289] deactivate_super+0xaf/0xe0 [ 31.291995][ T289] cleanup_mnt+0x45b/0x510 [ 31.296426][ T289] __cleanup_mnt+0x19/0x20 [ 31.300853][ T289] task_work_run+0x127/0x190 [ 31.305444][ T289] do_exit+0xa9e/0x27e0 [ 31.309613][ T289] ? put_task_struct+0x90/0x90 [ 31.314377][ T289] ? __fdget_pos+0x1f7/0x380 [ 31.318997][ T289] ? ksys_write+0x1e4/0x250 [ 31.323567][ T289] ? __ia32_sys_read+0x90/0x90 [ 31.328732][ T289] do_group_exit+0x141/0x310 [ 31.333326][ T289] ? debug_smp_processor_id+0x17/0x20 [ 31.338719][ T289] __x64_sys_exit_group+0x3f/0x40 [ 31.343743][ T289] x64_sys_call+0x832/0x9a0 [ 31.348355][ T289] do_syscall_64+0x4c/0xa0 [ 31.352773][ T289] ? clear_bhb_loop+0x50/0xa0 [ 31.357459][ T289] ? clear_bhb_loop+0x50/0xa0 [ 31.362165][ T289] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 31.368069][ T289] RIP: 0033:0x7fb9dab16e59 [ 31.372483][ T289] Code: Unable to access opcode bytes at RIP 0x7fb9dab16e2f. [ 31.379851][ T289] RSP: 002b:00007ffe4cac1248 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 31.388279][ T289] RAX: ffffffffffffffda RBX: 00007fb9dabac22a RCX: 00007fb9dab16e59 [ 31.396253][ T289] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 31.404264][ T289] RBP: 0000000000000009 R08: 0000000000000000 R09: 00007fb9dabac1ca [ 31.412441][ T289] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe4cac2500 [ 31.420529][ T289] R13: 00007fb9dabac1ca R14: 0000555569e434e8 R15: 00007ffe4cac35d0 [ 31.428786][ T289] [ 31.431820][ T289] ---[ end trace fc1f15e84bc17110 ]--- [ 31.440190][ T285] CR2: 000000110c2ee080 CR3: 000000010d793000 CR4: 00000000003506a0 [ 31.450885][ T285] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.460945][ T285] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.469717][ T285] Call Trace: [ 31.473283][ T285] [ 31.476268][ T285] shmem_rmdir+0x5b/0x90 [ 31.480632][ T285] vfs_rmdir+0x313/0x460 [ 31.517696][ T285] incfs_kill_sb+0x198/0x220 [ 31.522358][ T285] deactivate_locked_super+0xa0/0x100 [ 31.534184][ T285] deactivate_super+0xaf/0xe0 [ 31.539029][ T285] cleanup_mnt+0x45b/0x510 [ 31.543509][ T285] __cleanup_mnt+0x19/0x20 [ 31.549677][ T285] task_work_run+0x127/0x190 [ 31.554339][ T285] do_exit+0xa9e/0x27e0 [ 31.558628][ T285] ? put_task_struct+0x90/0x90 [ 31.563425][ T285] ? __fdget_pos+0x1f7/0x380 [ 31.568838][ T285] ? ksys_write+0x1e4/0x250 [ 31.573398][ T285] ? __ia32_sys_read+0x90/0x90 [ 31.578373][ T285] do_group_exit+0x141/0x310 [ 31.582995][ T285] ? debug_smp_processor_id+0x17/0x20 [ 31.588498][ T285] __x64_sys_exit_group+0x3f/0x40 [ 31.593597][ T285] x64_sys_call+0x832/0x9a0 [ 31.598325][ T285] do_syscall_64+0x4c/0xa0 [ 31.602808][ T285] ? clear_bhb_loop+0x50/0xa0 [ 31.607743][ T285] ? clear_bhb_loop+0x50/0xa0 [ 31.612489][ T285] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 31.618570][ T285] RIP: 0033:0x7fcff62dce59 [ 31.623012][ T285] Code: Unable to access opcode bytes at RIP 0x7fcff62dce2f. [ 31.630462][ T285] RSP: 002b:00007ffc144e2698 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 31.639077][ T285] RAX: ffffffffffffffda RBX: 00007fcff637222a RCX: 00007fcff62dce59 [ 31.647658][ T285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 31.655758][ T285] RBP: 0000000000000009 R08: 0000000000000000 R09: 00007fcff63721ca [ 31.663804][ T285] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc144e3950 [ 31.672153][ T285] R13: 00007fcff63721ca R14: 000055556a1614e8 R15: 00007ffc144e4a20 [ 31.680329][ T285] [ 31.683540][ T285] ---[ end trace fc1f15e84bc17111 ]--- [ 31.739852][ T285] ------------[ cut here ]------------ [ 31.745348][ T285] WARNING: CPU: 1 PID: 285 at fs/dcache.c:420 __dentry_kill+0x553/0x650 [ 31.753735][ T285] Modules linked in: [ 31.757677][ T285] CPU: 1 PID: 285 Comm: syz-executor Tainted: G B W syzkaller #0 [ 31.766524][ T285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 31.776688][ T285] RIP: 0010:__dentry_kill+0x553/0x650 [ 31.782097][ T285] Code: 89 ff e8 70 32 fe 02 2e 2e 2e 31 c0 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 37 96 b3 ff e9 b3 fe ff ff e8 2d 96 b3 ff <0f> 0b e9 36 fc ff ff e8 21 96 b3 ff e9 7e fe ff ff 89 d9 80 e1 07 [ 31.801725][ T285] RSP: 0018:ffffc90000a17ae8 EFLAGS: 00010293 [ 31.808006][ T285] RAX: ffffffff81b63543 RBX: ffff8881118ef440 RCX: ffff88811bbde2c0 [ 31.815990][ T285] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 00000000ffffffff [ 31.824094][ T285] RBP: ffffc90000a17b30 R08: 0000000000000003 R09: 0000000000000004 [ 31.832100][ T285] R10: dffffc0000000000 R11: fffff52000142f44 R12: 1ffff1102231de88 [ 31.840099][ T285] R13: dffffc0000000000 R14: 0000000000300000 R15: ffff8881118ef498 [ 31.848104][ T285] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 31.857131][ T285] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.863742][ T285] CR2: 0000200000027000 CR3: 000000012aff3000 CR4: 00000000003506a0 [ 31.871747][ T285] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 31.879844][ T285] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 31.887944][ T285] Call Trace: [ 31.891231][ T285] [ 31.894166][ T285] ? __asan_report_load4_noabort+0x14/0x20 [ 31.900012][ T285] dentry_kill+0xc0/0x2a0 [ 31.904351][ T285] dput+0x47/0x90 [ 31.908022][ T285] incfs_free_mount_info+0x80/0x200 [ 31.913249][ T285] incfs_kill_sb+0x1b8/0x220 [ 31.917872][ T285] deactivate_locked_super+0xa0/0x100 [ 31.923341][ T285] deactivate_super+0xaf/0xe0 [ 31.928063][ T285] cleanup_mnt+0x45b/0x510 [ 31.932496][ T285] __cleanup_mnt+0x19/0x20 [ 31.937022][ T285] task_work_run+0x127/0x190 [ 31.941656][ T285] do_exit+0xa9e/0x27e0 [ 31.945913][ T285] ? put_task_struct+0x90/0x90 [ 31.950715][ T285] ? __fdget_pos+0x1f7/0x380 [ 31.955313][ T285] ? ksys_write+0x1e4/0x250 [ 31.959855][ T285] ? __ia32_sys_read+0x90/0x90 [ 31.964630][ T285] do_group_exit+0x141/0x310 [ 31.969655][ T285] ? debug_smp_processor_id+0x17/0x20 [ 31.975042][ T285] __x64_sys_exit_group+0x3f/0x40 [ 31.980333][ T285] x64_sys_call+0x832/0x9a0 [ 31.984846][ T285] do_syscall_64+0x4c/0xa0 [ 31.989495][ T285] ? clear_bhb_loop+0x50/0xa0 [ 31.994194][ T285] ? clear_bhb_loop+0x50/0xa0 [ 31.998918][ T285] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 32.004835][ T285] RIP: 0033:0x7fcff62dce59 [ 32.009367][ T285] Code: Unable to access opcode bytes at RIP 0x7fcff62dce2f. [ 32.016738][ T285] RSP: 002b:00007ffc144e2698 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.025298][ T285] RAX: ffffffffffffffda RBX: 00007fcff637222a RCX: 00007fcff62dce59 [ 32.033306][ T285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 32.041312][ T285] RBP: 0000000000000009 R08: 0000000000000000 R09: 00007fcff63721ca [ 32.049396][ T285] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc144e3950 [ 32.057411][ T285] R13: 00007fcff63721ca R14: 000055556a1614e8 R15: 00007ffc144e4a20 [ 32.065395][ T285] [ 32.068441][ T285] ---[ end trace fc1f15e84bc17112 ]--- [ 32.073921][ T285] list_del corruption. prev->next should be ffff8881118ef4d0, but was ffff8881118ef3c0 [ 32.083747][ T285] ------------[ cut here ]------------ [ 32.089218][ T285] kernel BUG at lib/list_debug.c:61! [ 32.094507][ T285] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 32.100600][ T285] CPU: 1 PID: 285 Comm: syz-executor Tainted: G B W syzkaller #0 [ 32.109453][ T285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 32.119507][ T285] RIP: 0010:__list_del_entry_valid+0x10c/0x120 [ 32.125670][ T285] Code: 48 89 de e8 b6 e0 56 02 0f 0b 48 c7 c7 00 a9 63 85 48 89 de e8 a5 e0 56 02 0f 0b 48 c7 c7 60 a9 63 85 48 89 de e8 94 e0 56 02 <0f> 0b 48 c7 c7 c0 a9 63 85 48 89 de e8 83 e0 56 02 0f 0b 00 55 48 [ 32.145464][ T285] RSP: 0018:ffffc90000a17ab8 EFLAGS: 00010246 [ 32.151531][ T285] RAX: 0000000000000054 RBX: ffff8881118ef4d0 RCX: a49974467a6b5700 [ 32.159498][ T285] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 32.167464][ T285] RBP: ffffc90000a17ad8 R08: ffffc90000a17527 R09: 1ffff92000142ea4 [ 32.175606][ T285] R10: dffffc0000000000 R11: fffff52000142ea5 R12: dffffc0000000000 [ 32.183575][ T285] R13: dffffc0000000000 R14: ffff8881118ef3c0 R15: ffff8881118eed50 [ 32.191630][ T285] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 32.200730][ T285] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.207405][ T285] CR2: 0000200000027000 CR3: 000000012aff3000 CR4: 00000000003506a0 [ 32.215385][ T285] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.223349][ T285] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.231495][ T285] Call Trace: [ 32.234767][ T285] [ 32.237694][ T285] __dentry_kill+0x24c/0x650 [ 32.242397][ T285] dentry_kill+0xc0/0x2a0 [ 32.246730][ T285] dput+0x47/0x90 [ 32.250650][ T285] incfs_free_mount_info+0x80/0x200 [ 32.255846][ T285] incfs_kill_sb+0x1b8/0x220 [ 32.260434][ T285] deactivate_locked_super+0xa0/0x100 [ 32.265828][ T285] deactivate_super+0xaf/0xe0 [ 32.270497][ T285] cleanup_mnt+0x45b/0x510 [ 32.274911][ T285] __cleanup_mnt+0x19/0x20 [ 32.279339][ T285] task_work_run+0x127/0x190 [ 32.283928][ T285] do_exit+0xa9e/0x27e0 [ 32.288199][ T285] ? put_task_struct+0x90/0x90 [ 32.292967][ T285] ? __fdget_pos+0x1f7/0x380 [ 32.297569][ T285] ? ksys_write+0x1e4/0x250 [ 32.302093][ T285] ? __ia32_sys_read+0x90/0x90 [ 32.306872][ T285] do_group_exit+0x141/0x310 [ 32.311469][ T285] ? debug_smp_processor_id+0x17/0x20 [ 32.316837][ T285] __x64_sys_exit_group+0x3f/0x40 [ 32.321859][ T285] x64_sys_call+0x832/0x9a0 [ 32.326360][ T285] do_syscall_64+0x4c/0xa0 [ 32.330776][ T285] ? clear_bhb_loop+0x50/0xa0 [ 32.335449][ T285] ? clear_bhb_loop+0x50/0xa0 [ 32.340123][ T285] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 32.346020][ T285] RIP: 0033:0x7fcff62dce59 [ 32.350443][ T285] Code: Unable to access opcode bytes at RIP 0x7fcff62dce2f. [ 32.357890][ T285] RSP: 002b:00007ffc144e2698 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 32.366311][ T285] RAX: ffffffffffffffda RBX: 00007fcff637222a RCX: 00007fcff62dce59 [ 32.374522][ T285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 32.382511][ T285] RBP: 0000000000000009 R08: 0000000000000000 R09: 00007fcff63721ca [ 32.390489][ T285] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc144e3950 [ 32.398468][ T285] R13: 00007fcff63721ca R14: 000055556a1614e8 R15: 00007ffc144e4a20 [ 32.406467][ T285] [ 32.409486][ T285] Modules linked in: [ 32.413804][ T285] ---[ end trace fc1f15e84bc17113 ]--- [ 32.419405][ T285] RIP: 0010:__list_del_entry_valid+0x10c/0x120 [ 32.425582][ T285] Code: 48 89 de e8 b6 e0 56 02 0f 0b 48 c7 c7 00 a9 63 85 48 89 de e8 a5 e0 56 02 0f 0b 48 c7 c7 60 a9 63 85 48 89 de e8 94 e0 56 02 <0f> 0b 48 c7 c7 c0 a9 63 85 48 89 de e8 83 e0 56 02 0f 0b 00 55 48 [ 32.445488][ T285] RSP: 0018:ffffc90000a17ab8 EFLAGS: 00010246 [ 32.451764][ T285] RAX: 0000000000000054 RBX: ffff8881118ef4d0 RCX: a49974467a6b5700 [ 32.459776][ T285] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 32.467861][ T285] RBP: ffffc90000a17ad8 R08: ffffc90000a17527 R09: 1ffff92000142ea4 [ 32.475839][ T285] R10: dffffc0000000000 R11: fffff52000142ea5 R12: dffffc0000000000 [ 32.483840][ T285] R13: dffffc0000000000 R14: ffff8881118ef3c0 R15: ffff8881118eed50 [ 32.492122][ T285] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 32.501108][ T285] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.507719][ T285] CR2: 0000200000027000 CR3: 000000012aff3000 CR4: 00000000003506a0 [ 32.515703][ T285] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.523806][ T285] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.531832][ T285] Kernel panic - not syncing: Fatal exception [ 32.538258][ T285] Kernel Offset: disabled [ 32.542580][ T285] Rebooting in 86400 seconds..