last executing test programs: 4.195984799s ago: executing program 0 (id=374): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r1, 0x0, 0xf3a, 0x0) tee(r0, r4, 0x8f5, 0xb) ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, 0x0) write(r2, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000680)=@ccm_128={{0x303}, "390111bb53bd3749", "55195c6e8302422a7e3430521b39888a", "193fe5dd", "106575a22f5ff125"}, 0x28) 3.962356746s ago: executing program 0 (id=376): pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = open(&(0x7f0000000100)='./bus\x00', 0x141b42, 0xa) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r2, 0x0, 0x1000, 0x800000000000000) r5 = inotify_init1(0x80000) inotify_add_watch(r5, &(0x7f0000000140)='./bus\x00', 0x400002a2) splice(r0, 0x0, r4, 0x0, 0x80, 0x8) write$tun(r1, &(0x7f00000033c0)=ANY=[], 0x107c) 3.86493511s ago: executing program 0 (id=378): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000772904202404019957c2010203010902240001000010000904430002317d5500090502020002020000090582020002"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000005c0)={r1, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x9, 0x0, 0x0, 0x13, 0x14, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f000000040000000000000000002d0800", [0x4, 0x40000000000000]}}) dup(0xffffffffffffffff) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000540)={0x2c, &(0x7f0000000280)={0x0, 0x0, 0x4, "48d7e852"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac2(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f00000005c0)={0x34, &(0x7f0000000600)=ANY=[@ANYBLOB="000de30000004559"], 0x0, 0x0, 0x0, 0x0, 0x0}) 3.482203982s ago: executing program 1 (id=384): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x94, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x94}, 0x1, 0x0, 0x0, 0x4041}, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) 3.445337032s ago: executing program 1 (id=385): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000040)={0x1, &(0x7f0000000200)=[{0x9, 0x4, 0x6, 0x7f}]}) sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="340277f2b053a3304b89f8a7a80b00db96f248dabd7fac3c2f9e2b99a67f20a1cd09c0c843e5635493bbfa23b72d98a0c37a3e5805f5e2ec75e9d98b09"], 0x20}, 0x1, 0x0, 0x0, 0x80000}, 0x40800) r0 = syz_create_resource$binfmt(&(0x7f0000000440)='./file0\x00') r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) write$binfmt_script(r1, &(0x7f0000000080)={'#! ', './file1', [{}]}, 0x2) write$binfmt_elf64(r1, &(0x7f0000000200)=ANY=[], 0x1cb) close(r1) execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0) 3.314680037s ago: executing program 1 (id=388): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000300)={0x1, 0x0, [{0xa, 0x0, 0x5, 0x7, 0x760}]}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000000c0)=@x86={0x60, 0x4, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x1, 0x0, 0x0, 0x8, 0x0, 0xff, 0xff, 0x0, '\x00', 0x0, 0x1}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x6d, 0x0, 0x100000000005, 0x20, 0x3, 0x2, 0x80000000106c, 0x100, 0x9, 0x80000004400080, 0x1c00000, 0x6, 0x0, 0x4, 0x0, 0x8000], 0x1, 0x3c4210}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.262758258s ago: executing program 1 (id=389): openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x40, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000008340)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x490420, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0x50) syz_fuse_handle_req(r0, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000c0a200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20801, 0x0) fallocate(r2, 0x40, 0x460e, 0x3) 1.886846821s ago: executing program 2 (id=396): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f00000004c0)={0xa, 0xfffe, 0x0, @mcast2, 0x7}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmmsg$inet6(r0, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000500)="82", 0x1}, {&(0x7f0000000180)='K', 0x1}], 0x2}}], 0x1, 0x4400c800) r1 = socket(0x2, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6, 0x1, 0x6, 0x6}]}, 0x10) write(r0, &(0x7f00000001c0)="c606d3a94e66cc5cbe53", 0xa) 1.859335282s ago: executing program 2 (id=397): r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x85) lseek(r2, 0x100, 0x1) openat$sysfs(0xffffffffffffff9c, 0x0, 0x101000, 0x2) getdents64(r2, 0x0, 0x4f) 1.799459964s ago: executing program 2 (id=398): setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000080)={{{@in=@broadcast, @in=@multicast1, 0x4e20, 0xfd95, 0x4e23, 0x394, 0x2, 0xa0, 0xa0, 0x32, 0x0, 0xee00}, {0x9ea, 0x53, 0xffff, 0x8000000000000000, 0x3ff, 0xffffffffffffff00, 0x8, 0xfffffffffffffffe}, {0x100000000003, 0x5, 0xc, 0x9}, 0x3, 0x6e6bb1, 0x2, 0x1, 0x3, 0x3}, {{@in6=@private1, 0x4d2, 0x6c}, 0x2, @in6=@dev={0xfe, 0x80, '\x00', 0x19}, 0x3503, 0x1, 0xf8a3eceea9e5829a, 0x2, 0x392daa26, 0xfffffffe}}, 0xe8) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000100)={0x0, 0xd, 0x3, 0xf6, 0x16, "b0bf2ebb48c849ac0000000003000018bfff40"}) write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd0700100000001400000060"], 0xfdef) 1.798923284s ago: executing program 0 (id=399): socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_DIRENTPLUS(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="10000000", @ANYRES64=r0], 0x10) 1.687157578s ago: executing program 0 (id=400): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0x78b}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000080)=@x86={0x6b, 0x4, 0x7, 0x0, 0x0, 0x0, 0x4, 0xa, 0xd, 0xa0, 0x8, 0x5, 0x0, 0x2, 0x9, 0x0, 0x3, 0x2e, 0x4, '\x00', 0x1, 0xffffffffffffff7f}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x68, 0x0, 0x0) 1.686762047s ago: executing program 2 (id=401): sched_setaffinity(0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='huge=always']) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x28011, r0, 0x1000) 1.643749189s ago: executing program 2 (id=402): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = syz_ublk_setup_io_uring(0x1d, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x158}, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0, &(0x7f0000000140)=0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_ublk_add_dev(r0, r1, r2, r3, &(0x7f0000000200)={0x2e, 0x0, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f0000000440)=@new_dev={0x4, 0x3c9, 0x0, 0x0, 0x1000, 0xffffffff, 0x0, 0x0, 0x40}}}, &(0x7f0000000300)=0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = dup(r6) syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, &(0x7f0000000540)={0x34, 0x0, 0x0, &(0x7f0000000440)={0x0, 0x8, 0x1, 0x6}, 0x0, 0x0, 0x0}) syz_ublk_setup_queues(r7, r5, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x257}, &(0x7f0000000800)=[{0x0, 0x0, 0xffffffffffffffff, {0x0, 0x880000, 0x4, 0x1000000, 0x4, 0x0, r7}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x0, 0x800, 0x0, 0x146, 0x0, r7}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x1f70, 0x8c, 0x4}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x0, 0x1000, 0x1, 0x9d7c}}], 0x1, &(0x7f0000001000)={0x2e, 0x4c, 0x0, r7, 0xc0107520, 0x0, 0x0, 0x0, 0x0, {}, 0x0, r4, '\x00', {0x3, 0x5, 0x0, 0x0}}, 0x0) 1.362796097s ago: executing program 3 (id=404): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CAP_X2APIC_API(r1, 0x4068aea3, &(0x7f0000002a80)={0x81, 0x0, 0x3}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8d}) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@x86={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc, 0x3}) 1.294899429s ago: executing program 3 (id=405): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80402, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2d) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000240)={"645c06b2b1666e2135eb07ced7df6739e9e59d11ba43be0eee19f880fa98f83ff72e0cc87471a76650306eede62653ba797f3d978b267023a5380567b849d454a5bef5f41ebc9f26f5cf7fd0911f87479a957f9e94668e30acf18f999e26d21f4a2d8fcebbc7cca422563f9e690e68bdc9dc606ead78c0aa43904c0f80a64f27b4a5208533593c2fc13e9a05f96cdbfb98f9f939349095cac397b4156fedb0d775c5f6afb94a0707452a691501fa6bec0da0d8dd4ef042c2340a36a626a123a4ebef0853c8288778f1b3bff252949aaf99007ab33e768261d46cc278c86262346f2febe699d2eb54a7ff584ace59a4262e7761ad7821f105d875e471d77519b0c2c34fea29b8c16919aa1dd8db9f87a3482a4f7d4791f829300b050208e127e08aeb223e78e039462afdcb7a601cff2681c7a15d6a5e3baca3b7d489fadab6914d69298bb8b6ff8f35c78cd78974da43359bbe1c9b00ab538d4588d8b70e17f96e0ea72d0f7d4ba37e403a3afd60462e779150cec8829c0abb70c1f454236b34f803eaaf43537a594789554041f667ba834cac55498cbeb7d09907efd604b2370f936fe992cdf4313ca504d6e9569bdd1e865908cb3c0dd9de1a1b4425a1d02758006501700ef59fa728c52979c0e2f2428ffb5fe8f66c621a74467bf4f73d62bab4c464f38cade5fc59d5fae4b97f3a1da7df08bcdde48c29e47af1103e58e0e0658f26282a42453eb04ac5f4c46ba4f25eb26f65015716a2e0f17bf296a3dbe398c45f0530acd086d9484cebc049eb3d50b39c5fbed407a0dd8202aba3fc80d202a9f21cf5a96894dbc6e1023e6d6f8f40b2a0c8038280f57b19b5f61a423e9f3b4d70820a22e13e941460b81f4700df0c206271ce8c3abd76c034d2f69f3d5d8459c4406fe8ed3a2a5da71ba8dee4b3359b75d5b4771f924df00d8a164a0c787940ca11e8b2b387506a990f5e4c4dcc8f31045021fda022cc3fa3fdbc76e50bad5414d098e02f2f1db884528e5f9904b86f127931b8392ff33746d0c8e7969762142fb925252da0b57a40e8cff3d55bb3edf8f48857707cb06e44e79491f40013579852c3e52ab692fa7bec7c2b6680b942dd166aed774f7456716617685693fab17a98ec7a48c961d344108d453ddc5e4b02d68892803d485111ae4ef4b81a28364d6e4b127b07f928515c4fc92af733af22130dfa82dd794c9d571bef3033df2adc58896d9c2a1354f4557dbd8a69eeb895017b3353ec44961c42e0ffd1ec024a9843ab14b73788f12051d21c2005fee2c3237b1c8ba40eb35882d1392b4eddc1532cd444ace61e247a8164597fa83795dccbbc3c3ff90f2922a72658bb5b74bd41819bc57ce15c063d0444eaee775c7c1c976ca39ca0f1120da7bec2589dee67b266f38b00c28434793c37826ae343b75ebb77dcf6c6a7a450459b0603"}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000100)="d8df0f23b3b9ce000000b807000000ba000000000f301b8154fea900c1210680320000c4e28ddc8dcd000000c182fd3f0000c8b950020000b801000400b9a608cc56b80000010066b87a000f00d80f300f300fc79d53bf0000c4b9e16dc30101220f01c3", 0x64}], 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.105547235s ago: executing program 3 (id=406): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0xdfffffff, 0x5e490420, 0x4, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88}}, 0x50) creat(&(0x7f00000000c0)='./file0\x00', 0x0) syz_fuse_handle_req(r0, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20, 0x0, 0x3731, {0x0, 0x7f69ff17f1e1ab77}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) umount2(&(0x7f00000002c0)='./file0\x00', 0xb) 957.50052ms ago: executing program 3 (id=407): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f0000000080)=0x100000001, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000100)=0x3b23, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@window={0x3, 0x4, 0x6}, @window={0x3, 0x6, 0x7}, @window={0x3, 0x4, 0x8}, @window={0x3, 0x400, 0x4}, @window={0x3, 0x2, 0x6}, @sack_perm, @window={0x3, 0x324}, @sack_perm], 0x8) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0) 914.014091ms ago: executing program 2 (id=408): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000000000407d1ef62c00000000000109022400010000000009040000010300020009210000000122070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000400)={0x18, &(0x7f0000000940)=ANY=[@ANYBLOB='\x000\b'], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="200182"], 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000007c0)={0x2c, 0x0, 0x0, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="20010d"], 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000003c0)={0x2c, 0x0, &(0x7f0000000280)={0x0, 0xa, 0x1, 0x26}, &(0x7f00000002c0)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000300)={0x20, 0x1, 0xd, "8e773aa55941b2d5093dfdf760"}, 0x0}) 881.975882ms ago: executing program 3 (id=409): setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x6, 0x9, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) timerfd_settime(0xffffffffffffffff, 0x3, 0x0, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f00000043c0)=ANY=[@ANYBLOB="080000f607000000000014"], 0x10be) 817.058814ms ago: executing program 3 (id=410): sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000007c0)={0x20, 0x0, 0x200, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x0, 0x26}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f00000000c0)={0xcf47, 0x4cc, 0xffff, 0x9dff, 0x1, "8003e3ffff072000"}) write$binfmt_aout(r0, &(0x7f00000006c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x3, 0x7fff, 0x16, "b0bf2ebb48c849ac0000000003000018bfff40"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0xff) 731.257517ms ago: executing program 0 (id=411): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="c60009"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001640)={0x24, 0x0, 0x0, &(0x7f0000001bc0)={0x0, 0x22, 0x1, {[@main=@item_012={0x0, 0x0, 0x9}]}}, 0x0}, 0x0) syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340"], 0x0) syz_usb_disconnect(r1) 137.829985ms ago: executing program 1 (id=412): mkdir(&(0x7f0000000000)='./file0\x00', 0x73) mkdir(&(0x7f00000000c0)='./bus\x00', 0x11e) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') rename(&(0x7f0000000380)='./file0\x00', &(0x7f0000000500)='./file1\x00') mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000a80)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) 0s ago: executing program 1 (id=413): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10) setsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000040), 0x4) sendmsg$tipc(r1, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}, 0x8820) close(0x4) kernel console output (not intermixed with test programs): syzkaller syzkaller login: [ 14.055660][ T36] kauditd_printk_skb: 31 callbacks suppressed [ 14.055678][ T36] audit: type=1400 audit(1781336714.350:59): avc: denied { transition } for pid=232 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.060571][ T36] audit: type=1400 audit(1781336714.350:60): avc: denied { noatsecure } for pid=232 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.064997][ T36] audit: type=1400 audit(1781336714.360:61): avc: denied { write } for pid=232 comm="sh" path="pipe:[1512]" dev="pipefs" ino=1512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 14.068719][ T36] audit: type=1400 audit(1781336714.360:62): avc: denied { rlimitinh } for pid=232 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.073016][ T36] audit: type=1400 audit(1781336714.360:63): avc: denied { siginh } for pid=232 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.200' (ED25519) to the list of known hosts. [ 22.471871][ T36] audit: type=1400 audit(1781336722.760:64): avc: denied { mounton } for pid=287 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.475458][ T287] cgroup: Unknown subsys name 'net' [ 22.494907][ T36] audit: type=1400 audit(1781336722.760:65): avc: denied { mount } for pid=287 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.522085][ T36] audit: type=1400 audit(1781336722.790:66): avc: denied { unmount } for pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.522465][ T287] cgroup: Unknown subsys name 'devices' [ 22.646737][ T287] cgroup: Unknown subsys name 'hugetlb' [ 22.652392][ T287] cgroup: Unknown subsys name 'rlimit' [ 22.767760][ T36] audit: type=1400 audit(1781336723.060:67): avc: denied { setattr } for pid=287 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.791007][ T36] audit: type=1400 audit(1781336723.060:68): avc: denied { mounton } for pid=287 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.815893][ T36] audit: type=1400 audit(1781336723.060:69): avc: denied { mount } for pid=287 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 22.840405][ T289] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 22.849322][ T36] audit: type=1400 audit(1781336723.140:70): avc: denied { relabelto } for pid=289 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.874869][ T36] audit: type=1400 audit(1781336723.140:71): avc: denied { write } for pid=289 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.904532][ T36] audit: type=1400 audit(1781336723.200:72): avc: denied { read } for pid=287 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.930169][ T36] audit: type=1400 audit(1781336723.200:73): avc: denied { open } for pid=287 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.930722][ T287] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 24.347902][ T297] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.355000][ T297] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.362068][ T297] bridge_slave_0: entered allmulticast mode [ 24.368563][ T297] bridge_slave_0: entered promiscuous mode [ 24.375323][ T297] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.382386][ T297] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.389501][ T297] bridge_slave_1: entered allmulticast mode [ 24.395747][ T297] bridge_slave_1: entered promiscuous mode [ 24.401797][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.409007][ T296] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.416143][ T296] bridge_slave_0: entered allmulticast mode [ 24.422408][ T296] bridge_slave_0: entered promiscuous mode [ 24.437116][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.444221][ T296] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.451350][ T296] bridge_slave_1: entered allmulticast mode [ 24.457820][ T296] bridge_slave_1: entered promiscuous mode [ 24.514572][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.521657][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.528834][ T294] bridge_slave_0: entered allmulticast mode [ 24.535162][ T294] bridge_slave_0: entered promiscuous mode [ 24.541830][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.548925][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.556102][ T294] bridge_slave_1: entered allmulticast mode [ 24.562341][ T294] bridge_slave_1: entered promiscuous mode [ 24.584087][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.591228][ T295] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.598467][ T295] bridge_slave_0: entered allmulticast mode [ 24.604797][ T295] bridge_slave_0: entered promiscuous mode [ 24.614275][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.621325][ T295] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.628458][ T295] bridge_slave_1: entered allmulticast mode [ 24.634765][ T295] bridge_slave_1: entered promiscuous mode [ 24.759154][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.766348][ T296] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.773648][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.780726][ T296] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.824836][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.832013][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.839353][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.846436][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.855351][ T297] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.862422][ T297] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.869727][ T297] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.876787][ T297] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.885225][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.892292][ T295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.899608][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.906747][ T295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.935327][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.942646][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.950150][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.957460][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.964970][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.972148][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.979594][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.986851][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.003649][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.010747][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.021473][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.028656][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.060117][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.067211][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.074892][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.081930][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.089671][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.096749][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.118419][ T296] veth0_vlan: entered promiscuous mode [ 25.130012][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.137096][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.158312][ T296] veth1_macvtap: entered promiscuous mode [ 25.183817][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.190894][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.206770][ T297] veth0_vlan: entered promiscuous mode [ 25.222564][ T297] veth1_macvtap: entered promiscuous mode [ 25.230723][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.237841][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.268411][ T295] veth0_vlan: entered promiscuous mode [ 25.275907][ T296] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 25.332827][ T294] veth0_vlan: entered promiscuous mode [ 25.347233][ T295] veth1_macvtap: entered promiscuous mode [ 25.382048][ T294] veth1_macvtap: entered promiscuous mode [ 25.719157][ T341] mmap: syz.0.10 (341) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 26.334668][ T385] syzkaller1: entered promiscuous mode [ 26.340212][ T385] syzkaller1: entered allmulticast mode [ 26.371589][ T389] syzkaller1: entered promiscuous mode [ 26.377181][ T389] syzkaller1: entered allmulticast mode [ 27.102581][ T412] netlink: 20 bytes leftover after parsing attributes in process `syz.0.38'. [ 27.147440][ T412] team_slave_1: entered promiscuous mode [ 27.153170][ T412] team_slave_1: entered allmulticast mode [ 27.597605][ T36] kauditd_printk_skb: 38 callbacks suppressed [ 27.597626][ T36] audit: type=1400 audit(1781336727.890:112): avc: denied { create } for pid=425 comm="syz.3.42" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 27.653286][ T36] audit: type=1400 audit(1781336727.900:113): avc: denied { setopt } for pid=425 comm="syz.3.42" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 28.154646][ T36] audit: type=1400 audit(1781336728.450:114): avc: denied { write } for pid=477 comm="syz.0.59" name="mcfilter" dev="proc" ino=4026532339 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 28.193706][ T480] syzkaller1: entered promiscuous mode [ 28.199364][ T480] syzkaller1: entered allmulticast mode [ 28.247353][ T36] audit: type=1400 audit(1781336728.540:115): avc: denied { create } for pid=483 comm="syz.3.62" anonclass=[userfaultfd] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 28.273719][ T36] audit: type=1400 audit(1781336728.540:116): avc: denied { create } for pid=483 comm="syz.3.62" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 28.294465][ T36] audit: type=1400 audit(1781336728.590:117): avc: denied { read write } for pid=485 comm="syz.0.63" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 28.317823][ T36] audit: type=1400 audit(1781336728.590:118): avc: denied { open } for pid=485 comm="syz.0.63" path="/dev/raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 28.342570][ T36] audit: type=1400 audit(1781336728.590:119): avc: denied { ioctl } for pid=485 comm="syz.0.63" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 28.371130][ T488] syzkaller1: entered promiscuous mode [ 28.376710][ T488] syzkaller1: entered allmulticast mode [ 28.383948][ T488] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 28.389859][ T488] syzkaller1: Linktype set failed because interface is up [ 28.534222][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 28.568194][ T36] audit: type=1400 audit(1781336728.860:120): avc: denied { block_suspend } for pid=493 comm="syz.2.67" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 28.601394][ T36] audit: type=1400 audit(1781336728.890:121): avc: denied { create } for pid=495 comm="syz.2.68" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 28.694210][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 28.710555][ T508] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 28.761051][ T9] usb 1-1: unable to get BOS descriptor or descriptor too short [ 28.770136][ T9] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 28.780201][ T9] usb 1-1: can't read configurations, error -71 [ 29.351678][ T553] netlink: 'syz.3.93': attribute type 27 has an invalid length. [ 29.369945][ T553] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.377291][ T553] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.408621][ T554] netlink: 'syz.3.93': attribute type 27 has an invalid length. [ 29.434629][ T554] veth0_vlan: left promiscuous mode [ 29.440191][ T554] veth0_vlan: entered promiscuous mode [ 29.447363][ T554] veth1_macvtap: left promiscuous mode [ 29.453860][ T554] veth1_macvtap: entered promiscuous mode [ 29.461484][ T310] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.468604][ T310] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.476957][ T310] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.484045][ T310] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.158246][ T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 30.344252][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 30.354005][ T9] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 30.374204][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 30.394195][ T9] usb 3-1: config 0 has no interface number 0 [ 30.400340][ T9] usb 3-1: config 0 interface 67 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 30.423322][ T9] usb 3-1: config 0 interface 67 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 30.444999][ T9] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 30.461296][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 30.469423][ T9] usb 3-1: Product: syz [ 30.473623][ T9] usb 3-1: Manufacturer: syz [ 30.482179][ T9] usb 3-1: SerialNumber: syz [ 30.493438][ T9] usb 3-1: config 0 descriptor?? [ 30.499288][ T608] syzkaller1: entered promiscuous mode [ 30.505123][ T608] syzkaller1: entered allmulticast mode [ 30.512276][ T9] smsc95xx v2.0.0 [ 30.516004][ T9] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 30.530793][ T9] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -22 [ 30.794331][ T9] usb 3-1: USB disconnect, device number 2 [ 31.112662][ T643] syzkaller1: entered promiscuous mode [ 31.118224][ T643] syzkaller1: entered allmulticast mode [ 31.434255][ T311] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 31.584206][ T311] usb 1-1: Using ep0 maxpacket: 32 [ 31.590657][ T311] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 31.598877][ T311] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 31.610367][ T311] usb 1-1: config 0 has no interface number 0 [ 31.616669][ T311] usb 1-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 31.628285][ T311] usb 1-1: config 0 interface 1 has no altsetting 0 [ 31.642336][ T311] usb 1-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 31.651898][ T311] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 31.660112][ T311] usb 1-1: Product: syz [ 31.664480][ T311] usb 1-1: Manufacturer: syz [ 31.669389][ T311] usb 1-1: SerialNumber: syz [ 31.674988][ T311] usb 1-1: config 0 descriptor?? [ 31.883713][ T311] usb 1-1: USB disconnect, device number 4 [ 32.633664][ T36] kauditd_printk_skb: 10 callbacks suppressed [ 32.633683][ T36] audit: type=1326 audit(1781336732.920:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=700 comm="syz.2.154" exe="/root/ci2-android-6-12-rust/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7f5317796bd7 code=0x0 [ 32.703347][ T705] netlink: 8 bytes leftover after parsing attributes in process `syz.1.156'. [ 32.923643][ T722] ip6_tunnel: non-ECT from fe80:0000:0000:88fc:7073:8daf:7b32:00aa with DS=0xee [ 32.948928][ T36] audit: type=1400 audit(1781336733.240:133): avc: denied { write } for pid=725 comm="syz.1.165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 32.969643][ T36] audit: type=1400 audit(1781336733.240:134): avc: denied { nlmsg_write } for pid=725 comm="syz.1.165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 33.154735][ T746] netlink: 'syz.1.173': attribute type 12 has an invalid length. [ 33.301216][ T756] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 33.312415][ T756] syzkaller0: entered promiscuous mode [ 33.317971][ T756] syzkaller0: entered allmulticast mode [ 33.370850][ T762] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 4080 [ 33.434277][ T311] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 33.604017][ T311] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 33.623691][ T311] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 33.649170][ T311] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 33.664092][ T311] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 33.672647][ T311] usb 1-1: SerialNumber: syz [ 33.888677][ T311] usb 1-1: 0:2 : does not exist [ 33.904784][ T311] usb 1-1: USB disconnect, device number 5 [ 33.927910][ T326] udevd[326]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 34.871992][ T36] audit: type=1400 audit(1781336735.160:135): avc: denied { relabelfrom } for pid=821 comm="syz.1.205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 34.914224][ T36] audit: type=1400 audit(1781336735.160:136): avc: denied { relabelto } for pid=821 comm="syz.1.205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 35.018032][ T829] netlink: 'syz.3.207': attribute type 1 has an invalid length. [ 35.043811][ T829] netlink: 8 bytes leftover after parsing attributes in process `syz.3.207'. [ 35.072412][ T36] audit: type=1400 audit(1781336735.360:137): avc: denied { map } for pid=832 comm="syz.3.209" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=5326 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 35.126176][ T36] audit: type=1400 audit(1781336735.360:138): avc: denied { read write } for pid=832 comm="syz.3.209" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=5326 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 35.194187][ T36] audit: type=1400 audit(1781336735.420:139): avc: denied { write } for pid=835 comm="syz.1.210" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 35.357968][ T46] Bluetooth: hci0: Frame reassembly failed (-84) [ 35.376022][ T843] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 35.673165][ T860] syzkaller1: entered promiscuous mode [ 35.690797][ T860] syzkaller1: entered allmulticast mode [ 36.144663][ T910] Bluetooth: hci1: Frame reassembly failed (-84) [ 36.313927][ T36] audit: type=1400 audit(1781336736.600:140): avc: denied { name_bind } for pid=933 comm="syz.1.233" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 36.384172][ T36] audit: type=1400 audit(1781336736.670:141): avc: denied { remount } for pid=937 comm="syz.1.234" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 37.289392][ T910] Bluetooth: hci2: Frame reassembly failed (-84) [ 37.296687][ T908] Bluetooth: hci2: received HCILL_GO_TO_SLEEP_ACK in state 0 [ 37.304426][ T908] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 37.364848][ T928] Bluetooth: hci0: command 0x1003 tx timeout [ 37.365316][ T55] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 37.694235][ T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 37.854595][ T9] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 37.864774][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 37.874404][ T9] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 37.883464][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 37.891502][ T9] usb 1-1: SerialNumber: syz [ 37.974225][ T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 38.100174][ T9] usb 1-1: 0:2 : does not exist [ 38.109064][ T9] usb 1-1: USB disconnect, device number 6 [ 38.120447][ T326] udevd[326]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 38.136188][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 38.164198][ T845] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 38.164222][ T55] Bluetooth: hci1: command 0x1003 tx timeout [ 38.196194][ T10] usb 4-1: unable to get BOS descriptor or descriptor too short [ 38.205426][ T10] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 38.213043][ T10] usb 4-1: can't read configurations, error -71 [ 38.805900][ T994] syzkaller1: entered promiscuous mode [ 38.811515][ T994] syzkaller1: entered allmulticast mode [ 39.034859][ T36] kauditd_printk_skb: 2 callbacks suppressed [ 39.034878][ T36] audit: type=1400 audit(1781336739.330:144): avc: denied { ioctl } for pid=1006 comm="syz.0.262" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 39.065698][ T1007] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 39.145430][ T36] audit: type=1400 audit(1781336739.440:145): avc: denied { getattr } for pid=1010 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf/eth0.dhcp" dev="tmpfs" ino=435 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 39.198534][ T36] audit: type=1400 audit(1781336739.460:146): avc: denied { search } for pid=1010 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 39.221593][ T36] audit: type=1400 audit(1781336739.460:147): avc: denied { read } for pid=1010 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=426 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 39.254826][ T36] audit: type=1400 audit(1781336739.460:148): avc: denied { open } for pid=1010 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=426 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 39.300091][ T36] audit: type=1400 audit(1781336739.460:149): avc: denied { getattr } for pid=1010 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=426 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 39.329620][ T36] audit: type=1400 audit(1781336739.490:150): avc: denied { read } for pid=1012 comm="sed" name="eth0.dhcp" dev="tmpfs" ino=435 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 39.364229][ T844] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 39.370410][ T845] Bluetooth: hci2: command 0x1003 tx timeout [ 39.376540][ T36] audit: type=1400 audit(1781336739.490:151): avc: denied { open } for pid=1012 comm="sed" path="/run/dhcpcd/hook-state/resolv.conf/eth0.dhcp" dev="tmpfs" ino=435 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 39.429935][ T1022] ======================================================= [ 39.429935][ T1022] WARNING: The mand mount option has been deprecated and [ 39.429935][ T1022] and is ignored by this kernel. Remove the mand [ 39.429935][ T1022] option from the mount to silence this warning. [ 39.429935][ T1022] ======================================================= [ 39.467155][ T36] audit: type=1400 audit(1781336739.720:152): avc: denied { write } for pid=1009 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=425 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 39.498912][ T36] audit: type=1400 audit(1781336739.720:153): avc: denied { add_name } for pid=1009 comm="dhcpcd-run-hook" name="resolv.conf.team_slave_1.ipv4ll" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 39.524186][ T655] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 39.680500][ T655] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 39.692049][ T655] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 39.707098][ T655] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 39.734399][ T655] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 39.743498][ T655] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 39.756450][ T655] usb 1-1: Product: syz [ 39.760702][ T655] usb 1-1: Manufacturer: syz [ 39.765862][ T655] usb 1-1: SerialNumber: syz [ 39.987563][ T655] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 41.054272][ T1094] netlink: 3 bytes leftover after parsing attributes in process `syz.2.287'. [ 41.771049][ T1132] cgroup: fork rejected by pids controller in /syz3 [ 41.899412][ T655] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 41.967216][ T907] bridge_slave_1: left allmulticast mode [ 41.973081][ T907] bridge_slave_1: left promiscuous mode [ 41.978816][ T907] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.989342][ T907] bridge_slave_0: left allmulticast mode [ 42.004212][ T907] bridge_slave_0: left promiscuous mode [ 42.009956][ T907] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.055247][ T655] usb 3-1: config 0 has no interfaces? [ 42.068286][ T655] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 42.083140][ T655] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 42.095208][ T655] usb 3-1: Product: syz [ 42.102727][ T655] usb 3-1: Manufacturer: syz [ 42.110798][ T655] usb 3-1: SerialNumber: syz [ 42.118279][ T655] usb 3-1: config 0 descriptor?? [ 42.160293][ T907] veth1_macvtap: left promiscuous mode [ 42.172357][ T907] veth0_vlan: left promiscuous mode [ 42.273147][ T1162] overlayfs: statfs failed on './file0' [ 42.303916][ T10] usb 1-1: USB disconnect, device number 7 [ 42.313648][ T10] usblp0: removed [ 42.326312][ T655] usb 3-1: USB disconnect, device number 3 [ 42.386665][ T1160] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.393805][ T1160] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.400963][ T1160] bridge_slave_0: entered allmulticast mode [ 42.407417][ T1160] bridge_slave_0: entered promiscuous mode [ 42.413931][ T1160] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.421093][ T1160] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.428387][ T1160] bridge_slave_1: entered allmulticast mode [ 42.434825][ T1160] bridge_slave_1: entered promiscuous mode [ 42.510479][ T1160] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.517609][ T1160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.524894][ T1160] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.531967][ T1160] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.558512][ T1148] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.562888][ T1176] kvm: emulating exchange as write [ 42.570941][ T1148] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.584637][ T1148] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.591717][ T1148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.594449][ T45] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 42.600854][ T1148] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.613595][ T1148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.643354][ T1160] veth0_vlan: entered promiscuous mode [ 42.655563][ T1160] veth1_macvtap: entered promiscuous mode [ 42.765357][ T45] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 42.776479][ T45] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 42.786525][ T45] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 42.799846][ T45] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 42.809773][ T45] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 42.819088][ T45] usb 2-1: config 0 descriptor?? [ 43.234775][ T45] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 43.242288][ T45] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 43.250042][ T45] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 43.257562][ T45] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 43.265048][ T45] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 43.272470][ T45] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 43.280006][ T45] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 43.288157][ T45] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 43.295874][ T45] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 43.303505][ T45] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 43.311526][ T45] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 43.320787][ T45] plantronics 0003:047F:FFFF.0001: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 43.414235][ T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 43.564266][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 43.574203][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 43.595452][ T9] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 43.605346][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 43.614457][ T9] usb 4-1: Product: syz [ 43.618897][ T9] usb 4-1: Manufacturer: syz [ 43.623570][ T9] usb 4-1: SerialNumber: syz [ 43.629632][ T9] usb 4-1: config 0 descriptor?? [ 43.637867][ T9] sr9700 4-1:0.0: probe with driver sr9700 failed with error -22 [ 43.756304][ T1233] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 43.840152][ T10] usb 4-1: USB disconnect, device number 4 [ 44.034186][ T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 44.184179][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 44.204917][ T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 44.215093][ T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 44.235258][ T9] usb 3-1: New USB device found, idVendor=0e41, idProduct=4249, bcdDevice= 0.40 [ 44.254194][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 44.262245][ T9] usb 3-1: Product: syz [ 44.274183][ T9] usb 3-1: Manufacturer: syz [ 44.278831][ T9] usb 3-1: SerialNumber: syz [ 44.425154][ T36] kauditd_printk_skb: 50 callbacks suppressed [ 44.425171][ T36] audit: type=1400 audit(1781336744.720:204): avc: denied { mounton } for pid=1254 comm="syz.0.341" path="/87/file0" dev="tmpfs" ino=493 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 44.499518][ T9] usb 3-1: unit 0 not found! [ 44.512004][ T9] usb 3-1: USB disconnect, device number 4 [ 44.531057][ T326] udevd[326]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 45.028523][ T1269] Zero length message leads to an empty skb [ 45.224807][ T311] usb 2-1: USB disconnect, device number 2 [ 45.324190][ T10] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 45.492319][ T36] audit: type=1400 audit(1781336745.780:205): avc: denied { bind } for pid=1284 comm="syz.1.352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 45.497826][ T10] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 45.512382][ T36] audit: type=1400 audit(1781336745.780:206): avc: denied { connect } for pid=1284 comm="syz.1.352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 45.544365][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64 [ 45.555510][ T10] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 45.564606][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 45.573816][ T10] usb 3-1: config 0 descriptor?? [ 45.579179][ T1275] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 45.591141][ T10] hub 3-1:0.0: USB hub found [ 45.620646][ T36] audit: type=1400 audit(1781336745.910:207): avc: denied { read write } for pid=1286 comm="syz.3.353" name="vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 45.644667][ T36] audit: type=1400 audit(1781336745.910:208): avc: denied { open } for pid=1286 comm="syz.3.353" path="/dev/vhost-vsock" dev="devtmpfs" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 45.734249][ T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 45.791161][ T10] hub 3-1:0.0: 1 port detected [ 45.895194][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 45.905373][ T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 45.915070][ T9] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 45.924229][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 45.932234][ T9] usb 2-1: SerialNumber: syz [ 46.141122][ T9] usb 2-1: 0:2 : does not exist [ 46.148930][ T9] usb 2-1: USB disconnect, device number 3 [ 46.160911][ T326] udevd[326]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 46.797249][ T10] usb 3-1-port1: config error [ 46.802518][ T9] usb 3-1: USB disconnect, device number 5 [ 46.814378][ T36] audit: type=1400 audit(1781336747.110:209): avc: denied { append } for pid=1300 comm="syz.1.358" name="loop9" dev="devtmpfs" ino=58 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 46.837943][ T36] audit: type=1400 audit(1781336747.110:210): avc: denied { bind } for pid=1300 comm="syz.1.358" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 46.873445][ T36] audit: type=1400 audit(1781336747.160:211): avc: denied { sqpoll } for pid=1302 comm="syz.1.359" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 46.934690][ T36] audit: type=1400 audit(1781336747.230:212): avc: denied { ioctl } for pid=1306 comm="syz.1.360" path="socket:[13192]" dev="sockfs" ino=13192 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 46.984005][ T36] audit: type=1400 audit(1781336747.270:213): avc: denied { setopt } for pid=1308 comm="syz.1.361" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 47.340581][ T1321] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1706180555 (218391111040 ns) > initial count (181296660480 ns). Using initial count to start timer. [ 47.360377][ T1321] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 48.254324][ T655] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 48.334209][ T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 48.404364][ T655] usb 4-1: Using ep0 maxpacket: 32 [ 48.411135][ T655] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 48.422454][ T655] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 48.433369][ T655] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 48.448544][ T655] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 48.465329][ T655] usb 4-1: config 0 descriptor?? [ 48.477642][ T655] hub 4-1:0.0: USB hub found [ 48.484596][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 48.491134][ T9] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 48.505340][ T9] usb 1-1: config 0 has no interface number 0 [ 48.529583][ T9] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 48.548696][ T1378] process 'syz.1.385' launched './file0' with NULL argv: empty string added [ 48.558109][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 48.568006][ T9] usb 1-1: Product: syz [ 48.574176][ T9] usb 1-1: Manufacturer: syz [ 48.579107][ T9] usb 1-1: SerialNumber: syz [ 48.589875][ T9] usb 1-1: config 0 descriptor?? [ 48.597509][ T9] smsc95xx v2.0.0 [ 48.676228][ T655] hub 4-1:0.0: 1 port detected [ 48.731945][ T1384] kvm_intel: kvm [1383]: vcpu0, guest rIP: 0x9116 Unhandled WRMSR(0x1d9) = 0x17fe [ 48.744727][ T1384] kvm: kvm [1383]: vcpu0, guest rIP: 0x9116 Unhandled WRMSR(0x187) = 0x73fe [ 48.753602][ T1384] kvm: kvm [1383]: vcpu0, guest rIP: 0x9116 Unhandled WRMSR(0x186) = 0x64fd [ 48.766616][ T1384] kvm: kvm [1383]: vcpu0, guest rIP: 0x9116 Unhandled WRMSR(0x11e) = 0xb5fc [ 48.778735][ T1384] kvm: kvm [1383]: vcpu0, guest rIP: 0x9116 Unhandled WRMSR(0xc2) = 0x41ff [ 48.787646][ T1384] kvm: kvm [1383]: vcpu0, guest rIP: 0x9116 Unhandled WRMSR(0xc1) = 0x33fe [ 49.605393][ T9] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 49.616210][ T9] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 49.634196][ T9] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 49.645211][ T9] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71 [ 49.656435][ T9] usb 1-1: USB disconnect, device number 8 [ 49.924799][ T655] hub 4-1:0.0: hub_hub_status failed (err = -32) [ 49.931262][ T655] hub 4-1:0.0: config failed, can't get hub status (err -32) [ 49.940278][ T655] usbhid 4-1:0.0: can't add hid device: -32 [ 49.946321][ T655] usbhid 4-1:0.0: probe with driver usbhid failed with error -32 [ 49.974561][ T655] usb 4-1: USB disconnect, device number 5 [ 50.036882][ T36] kauditd_printk_skb: 15 callbacks suppressed [ 50.036900][ T36] audit: type=1400 audit(1781336750.330:229): avc: denied { connect } for pid=1406 comm="syz.2.396" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 50.046228][ T1407] syz.2.396 uses obsolete (PF_INET,SOCK_PACKET) [ 50.064383][ T36] audit: type=1400 audit(1781336750.340:230): avc: denied { write } for pid=1406 comm="syz.2.396" laddr=fe80::20fe:1eff:fed8:2142 lport=58 faddr=ff02::1 fport=65534 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 50.108132][ T36] audit: type=1400 audit(1781336750.400:231): avc: denied { mount } for pid=1408 comm="syz.2.397" name="/" dev="configfs" ino=2542 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 50.130861][ T36] audit: type=1400 audit(1781336750.400:232): avc: denied { search } for pid=1408 comm="syz.2.397" name="/" dev="configfs" ino=2542 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 50.159831][ T36] audit: type=1400 audit(1781336750.400:233): avc: denied { read } for pid=1408 comm="syz.2.397" name="/" dev="configfs" ino=2542 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 50.181996][ T36] audit: type=1400 audit(1781336750.400:234): avc: denied { open } for pid=1408 comm="syz.2.397" path="/" dev="configfs" ino=2542 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 50.208648][ T1411] syzkaller1: entered promiscuous mode [ 50.214293][ T1411] syzkaller1: entered allmulticast mode [ 50.332583][ T36] audit: type=1400 audit(1781336750.620:235): avc: denied { cmd } for pid=1420 comm="iou-wrk-1421" path="socket:[14242]" dev="sockfs" ino=14242 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 50.505809][ T36] audit: type=1400 audit(1781336750.800:236): avc: denied { create } for pid=1423 comm="syz.3.403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 50.709463][ T1429] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3286433285 (210331730240 ns) > initial count (163519183616 ns). Using initial count to start timer. [ 51.254226][ T655] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 51.405517][ T655] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 51.416535][ T655] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 51.426342][ T655] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 51.435450][ T655] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.444427][ T1289] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 51.445108][ T655] usb 3-1: config 0 descriptor?? [ 51.594196][ T1289] usb 1-1: Using ep0 maxpacket: 32 [ 51.600611][ T1289] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 51.611647][ T1289] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 51.621574][ T1289] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 51.630665][ T1289] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.639513][ T1289] usb 1-1: config 0 descriptor?? [ 51.648376][ T1289] hub 1-1:0.0: USB hub found [ 51.832543][ T36] audit: type=1400 audit(1781336752.120:237): avc: denied { write } for pid=1446 comm="syz.1.412" name="/" dev="incremental-fs" ino=535 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 51.850679][ T1447] overlayfs: upper fs does not support tmpfile. [ 51.858913][ T36] audit: type=1400 audit(1781336752.120:238): avc: denied { remove_name } for pid=1446 comm="syz.1.412" name="file0" dev="incremental-fs" ino=540 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 51.861941][ T1289] hub 1-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 51.889249][ T655] pyra 0003:1E7D:2CF6.0002: unknown main item tag 0x0 [ 51.899704][ T655] pyra 0003:1E7D:2CF6.0002: unknown main item tag 0x0 [ 51.906659][ T655] pyra 0003:1E7D:2CF6.0002: unknown main item tag 0x0 [ 51.909682][ T1448] overlayfs: upper fs does not support tmpfile. [ 51.913806][ T655] pyra 0003:1E7D:2CF6.0002: unknown main item tag 0x0 [ 51.926748][ T655] pyra 0003:1E7D:2CF6.0002: unknown main item tag 0x0 [ 51.933577][ T655] pyra 0003:1E7D:2CF6.0002: unknown main item tag 0x0 [ 51.940444][ T655] pyra 0003:1E7D:2CF6.0002: unknown main item tag 0x0 [ 51.948234][ T655] pyra 0003:1E7D:2CF6.0002: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.2-1/input0 [ 51.960020][ T296] ------------[ cut here ]------------ [ 51.965569][ T296] WARNING: CPU: 0 PID: 296 at fs/inode.c:340 drop_nlink+0xce/0x110 [ 51.973558][ T296] Modules linked in: [ 51.977554][ T296] CPU: 0 UID: 0 PID: 296 Comm: syz-executor Not tainted syzkaller #0 471281939cd7bfdfff4c6b6074d5d68627c837ba [ 51.989248][ T296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 51.999375][ T296] RIP: 0010:drop_nlink+0xce/0x110 [ 52.004483][ T296] Code: 04 00 00 be 08 00 00 00 e8 6f 06 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 f2 4f 95 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c [ 52.024159][ T296] RSP: 0018:ffffc9000b6dfc60 EFLAGS: 00010293 [ 52.030288][ T296] RAX: ffffffff81f271be RBX: ffff888118f4b838 RCX: ffff888103748000 [ 52.038350][ T296] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 52.046391][ T296] RBP: ffffc9000b6dfc88 R08: 0000000000000003 R09: 0000000000000004 [ 52.054440][ T296] R10: dffffc0000000000 R11: fffff520016dbf7c R12: dffffc0000000000 [ 52.062459][ T296] R13: 1ffff110231e9710 R14: ffff888118f4b880 R15: 0000000000000000 [ 52.070500][ T296] FS: 000055558cbd3500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 52.079531][ T296] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.086512][ T296] CR2: 000055558cbf6958 CR3: 0000000103be2000 CR4: 00000000003526b0 [ 52.094740][ T296] DR0: 0000000000000002 DR1: 00000000000012ad DR2: 0000000000007611 [ 52.102755][ T296] DR3: 000000000000000a DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 52.110784][ T296] Call Trace: [ 52.114096][ T296] [ 52.117097][ T296] shmem_rmdir+0x5f/0x90 [ 52.121395][ T296] vfs_rmdir+0x3e3/0x560 [ 52.125719][ T296] incfs_kill_sb+0x109/0x230 [ 52.130366][ T296] deactivate_locked_super+0xd5/0x2a0 [ 52.135848][ T296] deactivate_super+0xb8/0xe0 [ 52.140588][ T296] cleanup_mnt+0x406/0x4a0 [ 52.145065][ T296] __cleanup_mnt+0x1d/0x40 [ 52.149554][ T296] task_work_run+0x1e5/0x260 [ 52.154209][ T296] ? __cfi_task_work_run+0x10/0x10 [ 52.159365][ T296] ? __x64_sys_umount+0x12e/0x180 [ 52.164481][ T296] ? __cfi___x64_sys_umount+0x10/0x10 [ 52.169893][ T296] ? __kasan_check_read+0x15/0x20 [ 52.174994][ T296] resume_user_mode_work+0x35/0x50 [ 52.180141][ T296] syscall_exit_to_user_mode+0x63/0xb0 [ 52.185688][ T296] do_syscall_64+0x63/0xf0 [ 52.190193][ T296] ? clear_bhb_loop+0x50/0xa0 [ 52.194943][ T296] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 52.200874][ T296] RIP: 0033:0x7fe6da79e097 [ 52.205376][ T296] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 52.225074][ T296] RSP: 002b:00007fff77775f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 52.233520][ T296] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe6da79e097 [ 52.241545][ T296] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff77776050 [ 52.249605][ T296] RBP: 00007fff77776050 R08: 00007fff77777050 R09: 00000000ffffffff [ 52.257656][ T296] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff777770e0 [ 52.265691][ T296] R13: 00007fe6da8321ca R14: 000000000000cac9 R15: 00007fff77777120 [ 52.273711][ T296] [ 52.276778][ T296] ---[ end trace 0000000000000000 ]--- [ 52.282417][ T296] ================================================================== [ 52.290540][ T296] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70 [ 52.296811][ T296] Write of size 4 at addr 0000000000000168 by task syz-executor/296 [ 52.304797][ T296] [ 52.307136][ T296] CPU: 1 UID: 0 PID: 296 Comm: syz-executor Tainted: G W syzkaller #0 471281939cd7bfdfff4c6b6074d5d68627c837ba [ 52.307165][ T296] Tainted: [W]=WARN [ 52.307172][ T296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 52.307183][ T296] Call Trace: [ 52.307190][ T296] [ 52.307197][ T296] __dump_stack+0x21/0x30 [ 52.307227][ T296] dump_stack_lvl+0x140/0x1c0 [ 52.307253][ T296] ? __cfi_dump_stack_lvl+0x10/0x10 [ 52.307281][ T296] print_report+0x3d/0x70 [ 52.307306][ T296] kasan_report+0x162/0x1a0 [ 52.307331][ T296] ? ihold+0x24/0x70 [ 52.307353][ T296] ? _raw_spin_unlock+0x45/0x60 [ 52.307378][ T296] ? ihold+0x24/0x70 [ 52.307400][ T296] kasan_check_range+0x25a/0x2b0 [ 52.307424][ T296] __kasan_check_write+0x18/0x20 [ 52.307442][ T296] ihold+0x24/0x70 [ 52.307463][ T296] vfs_rmdir+0x26a/0x560 [ 52.307490][ T296] incfs_kill_sb+0x109/0x230 [ 52.307509][ T296] deactivate_locked_super+0xd5/0x2a0 [ 52.307536][ T296] deactivate_super+0xb8/0xe0 [ 52.307568][ T296] cleanup_mnt+0x406/0x4a0 [ 52.307591][ T296] __cleanup_mnt+0x1d/0x40 [ 52.307613][ T296] task_work_run+0x1e5/0x260 [ 52.307639][ T296] ? __cfi_task_work_run+0x10/0x10 [ 52.307663][ T296] ? __x64_sys_umount+0x12e/0x180 [ 52.307680][ T296] ? __cfi___x64_sys_umount+0x10/0x10 [ 52.307697][ T296] ? __kasan_check_read+0x15/0x20 [ 52.307715][ T296] resume_user_mode_work+0x35/0x50 [ 52.307733][ T296] syscall_exit_to_user_mode+0x63/0xb0 [ 52.307756][ T296] do_syscall_64+0x63/0xf0 [ 52.307781][ T296] ? clear_bhb_loop+0x50/0xa0 [ 52.307800][ T296] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 52.307829][ T296] RIP: 0033:0x7fe6da79e097 [ 52.307845][ T296] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 52.307860][ T296] RSP: 002b:00007fff77775f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 52.307879][ T296] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe6da79e097 [ 52.307891][ T296] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff77776050 [ 52.307903][ T296] RBP: 00007fff77776050 R08: 00007fff77777050 R09: 00000000ffffffff [ 52.307916][ T296] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff777770e0 [ 52.307928][ T296] R13: 00007fe6da8321ca R14: 000000000000cac9 R15: 00007fff77777120 [ 52.307944][ T296] [ 52.307950][ T296] ================================================================== [ 52.552532][ T296] Disabling lock debugging due to kernel taint [ 52.561622][ T1289] hid-generic 0003:046D:C31C.0003: hidraw1: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.0-1/input0 [ 52.574354][ T296] BUG: kernel NULL pointer dereference, address: 0000000000000168 [ 52.582212][ T296] #PF: supervisor write access in kernel mode [ 52.588306][ T296] #PF: error_code(0x0002) - not-present page [ 52.594313][ T296] PGD 800000010a705067 P4D 800000010a705067 PUD 0 [ 52.600865][ T296] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI [ 52.606960][ T296] CPU: 0 UID: 0 PID: 296 Comm: syz-executor Tainted: G B W syzkaller #0 471281939cd7bfdfff4c6b6074d5d68627c837ba [ 52.620118][ T296] Tainted: [B]=BAD_PAGE, [W]=WARN [ 52.625166][ T296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 52.635243][ T296] RIP: 0010:ihold+0x2a/0x70 [ 52.639802][ T296] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 dd 46 95 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 2c fd ed ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 ed [ 52.659495][ T296] RSP: 0018:ffffc9000b6dfca0 EFLAGS: 00010246 [ 52.665597][ T296] RAX: ffff888103748000 RBX: 0000000000000000 RCX: ffff888103748000 [ 52.673599][ T296] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 52.681599][ T296] RBP: ffffc9000b6dfcb0 R08: ffffffff88bbe947 R09: 1ffffffff1177d28 [ 52.689605][ T296] R10: dffffc0000000000 R11: fffffbfff1177d29 R12: ffff888118f4b844 [ 52.697623][ T296] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 52.705624][ T296] FS: 000055558cbd3500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 52.714593][ T296] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.721204][ T296] CR2: 0000000000000168 CR3: 0000000103be2000 CR4: 00000000003526b0 [ 52.729211][ T296] DR0: 0000000000000002 DR1: 00000000000012ad DR2: 0000000000007611 [ 52.737219][ T296] DR3: 000000000000000a DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 52.745227][ T296] Call Trace: [ 52.748536][ T296] [ 52.751497][ T296] vfs_rmdir+0x26a/0x560 [ 52.755797][ T296] incfs_kill_sb+0x109/0x230 [ 52.760431][ T296] deactivate_locked_super+0xd5/0x2a0 [ 52.765870][ T296] deactivate_super+0xb8/0xe0 [ 52.770592][ T296] cleanup_mnt+0x406/0x4a0 [ 52.775044][ T296] __cleanup_mnt+0x1d/0x40 [ 52.779497][ T296] task_work_run+0x1e5/0x260 [ 52.784143][ T296] ? __cfi_task_work_run+0x10/0x10 [ 52.789323][ T296] ? __x64_sys_umount+0x12e/0x180 [ 52.794379][ T296] ? __cfi___x64_sys_umount+0x10/0x10 [ 52.799780][ T296] ? __kasan_check_read+0x15/0x20 [ 52.804846][ T296] resume_user_mode_work+0x35/0x50 [ 52.809988][ T296] syscall_exit_to_user_mode+0x63/0xb0 [ 52.816384][ T296] do_syscall_64+0x63/0xf0 [ 52.820863][ T296] ? clear_bhb_loop+0x50/0xa0 [ 52.825580][ T296] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 52.831607][ T296] RIP: 0033:0x7fe6da79e097 [ 52.836062][ T296] Code: a2 c7 05 5c 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 52.855698][ T296] RSP: 002b:00007fff77775f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 52.864134][ T296] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe6da79e097 [ 52.872140][ T296] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff77776050 [ 52.880136][ T296] RBP: 00007fff77776050 R08: 00007fff77777050 R09: 00000000ffffffff [ 52.888122][ T296] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff777770e0 [ 52.896222][ T296] R13: 00007fe6da8321ca R14: 000000000000cac9 R15: 00007fff77777120 [ 52.904244][ T296] [ 52.907291][ T296] Modules linked in: [ 52.911239][ T296] CR2: 0000000000000168 [ 52.915408][ T296] ---[ end trace 0000000000000000 ]--- [ 52.920879][ T296] RIP: 0010:ihold+0x2a/0x70 [ 52.925420][ T296] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 dd 46 95 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 2c fd ed ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 ed [ 52.945061][ T296] RSP: 0018:ffffc9000b6dfca0 EFLAGS: 00010246 [ 52.951156][ T296] RAX: ffff888103748000 RBX: 0000000000000000 RCX: ffff888103748000 [ 52.959152][ T296] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 52.967182][ T296] RBP: ffffc9000b6dfcb0 R08: ffffffff88bbe947 R09: 1ffffffff1177d28 [ 52.975200][ T296] R10: dffffc0000000000 R11: fffffbfff1177d29 R12: ffff888118f4b844 [ 52.983208][ T296] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 52.991182][ T296] FS: 000055558cbd3500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 53.000153][ T296] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 53.006774][ T296] CR2: 0000000000000168 CR3: 0000000103be2000 CR4: 00000000003526b0 [ 53.014773][ T296] DR0: 0000000000000002 DR1: 00000000000012ad DR2: 0000000000007611 [ 53.022783][ T296] DR3: 000000000000000a DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 53.030804][ T296] Kernel panic - not syncing: Fatal exception [ 53.037115][ T296] Kernel Offset: disabled [ 53.041462][ T296] Rebooting in 86400 seconds..