last executing test programs: 5.973002859s ago: executing program 0 (id=75): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x1, 0x60000) ioctl$EVIOCGMTSLOTS(r0, 0x8040450a, &(0x7f0000001100)=""/4090) 5.6395018s ago: executing program 0 (id=84): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1a41, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'netdevsim0\x00', 0x7012}) write$cgroup_subtree(r0, &(0x7f00000000c0)=ANY=[@ANYRES16=r0, @ANYRESDEC=r0], 0x6e8a) 5.460906965s ago: executing program 0 (id=89): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0xffffffff}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x28, 0x12, 0xa01, 0x0, 0x25dfdbfe, {0xa}, [@typed={0x14, 0x13f, 0x0, 0x0, @ipv6=@private1}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x24048044) 5.329616009s ago: executing program 0 (id=96): prctl$PR_SET_MM(0x23, 0x6, &(0x7f000005b000/0x2000)=nil) brk(0x2000000db002) brk(0x200000ffc000) 5.28419654s ago: executing program 0 (id=100): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0xfffffffc, 0x80, {0x0, 0x0, 0x0, 0x0, 0x17993}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}, 0x1, 0x0, 0x0, 0x2004d808}, 0x0) 5.124871045s ago: executing program 0 (id=109): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000008c0)='./file0\x00', 0x1008490, &(0x7f0000000a40)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000a80)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") syz_mount_image$fuse(0x0, &(0x7f0000000000)='./bus\x00', 0x30040a9, 0x0, 0xf, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000240)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@index_off}, {@lowerdir={'lowerdir', 0x3d, '.'}}]}) 1.217929523s ago: executing program 4 (id=214): mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0xe, &(0x7f0000000400)) 1.132381596s ago: executing program 3 (id=216): r0 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x9, 0xfffffffe, 0x0, 0x2}, 0x10) write(r0, &(0x7f00000000c0)="240000001e005f0214fffffffffffff80700000001000000000000000500080002000000", 0x24) 1.099005837s ago: executing program 3 (id=217): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f00000000c0)=@ipv4_newroute={0x1c, 0x1a, 0x1, 0x80000000, 0x25dfdbfd, {0xa, 0x80, 0x80, 0x0, 0x0, 0x0, 0xc8}}, 0x1c}, 0x1, 0x0, 0x0, 0x24000050}, 0x20000050) 1.059060788s ago: executing program 3 (id=218): timer_create(0x3, 0x0, &(0x7f0000001400)=0x0) timer_settime(r0, 0x0, &(0x7f0000000200)={{}, {0x0, 0x9}}, 0x0) timer_settime(r0, 0x0, &(0x7f0000000140), &(0x7f0000000180)) 1.034938399s ago: executing program 3 (id=219): newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100), 0x4000) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) mount_setattr(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x9100, &(0x7f0000000140)={0x6, 0x8a, 0x40000}, 0x37) 978.088651ms ago: executing program 2 (id=222): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001ec0), 0xffffffffffffffff) sendmsg$TIPC_NL_PUBL_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r1, 0xf03}, 0x14}}, 0x0) 952.474251ms ago: executing program 4 (id=224): r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910710007e570966f4366ec9d4"], 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) recvmmsg$unix(r0, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x10100, 0x0) 932.138392ms ago: executing program 2 (id=225): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010002000000000000000c000000180001801400020073797a5f74756e0000000000000000fd200003801c0003801400018004000300040003"], 0x4c}, 0x1, 0x0, 0x0, 0x1}, 0x0) 907.319033ms ago: executing program 4 (id=227): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_VM_COPY_ENC_CONTEXT_FROM(r1, 0x4068aea3, &(0x7f0000000080)={0xc5, 0x0, r1}) 871.024074ms ago: executing program 2 (id=229): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="21032cbd7000fedbdf25010000000400030004000180280002800c"], 0x44}, 0x1, 0x0, 0x0, 0x24044094}, 0x4) 842.914195ms ago: executing program 2 (id=230): syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000007c0), 0x1, 0x751, &(0x7f0000001040)="$eJzs3M9rHGUfAPDvTJP+zPtuXngP4kmoWKF2k6ZqT0LEc6HQP6AuySSETLIhu6ndNWDrwYMgqAhae9H/wIsieCn9HxTBm4IHQWsaDwUPkdnspu12E9c26Zb4+cDsfJ9nZvb7fNvJww7sswH8az1TvCQRIxFxPiJK7f40Ig62osMRVzbPu722OrW+tjqVxMbGhVtJcVmrr/NeSXt/LFqXxFMRcXM44uTbD+atNZrzlTzPltvtsfrC0lit0Tw1t1CZzWazxYnx8TNnXp546cXxXav1vTe/+O3dr1/79tOzC3++cuuF6SQmW3VHVx27afPfZDgmu/oX9yLZACWDHgAAAH0pPucfiIih1qfUUhxoRQAAAMB+snFoAwAAANj3khj0CAAAAIC91fkewO211anO9ji/f/DrqxExendt8fpW/qHWGuKIwzEcEUfXk/tWJiSbl8EjuXI1Im5M9rj/k/b99/C6V65bI/3kuVHMP5O95r90a/6JHvPPUOe3Ex5RZ/5bf2D+u5v/wDbz3/k+cxxaPvHdtvmvRjw91Ct/spU/6eSv3Lkv/+t95v9y5Icftzu28XnEieid/95cO/w+xNjMXJ61X3vmOP7VWyd3qv/odvmTrvrvua7oW+qz/p+uT8xuN5cU+Z8/vvP/f6/8xT3xfnscaUR80N4X7Q+7cjx3c/zaTvVPb1P/TvmLvs/6rP+bd5o/93kqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtKQRMRJJWt6K07RcjjgWEf+Po2lerdVPzlRXFqeLYxGjMZzOzOXZeESUNttJ0T7diu+2J7raZyLifxHxUelIq12equbTgy4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALcciYiSStBwRaUT8UUrTcnnQowIAAAB23eigBwAAAADsOc//AAAAsP91Pf9fqwxqIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB+dv7cuWLbWF9bnSra05caK/PVS6ems7R9RnV5qTxbrc7mWXmquvB375dXq0tnY3Hl8lg9q9XHao3mxYXqymL94txCZTa7mA3veUUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8jJHWlqTliEhbcZqWyxH/iYjRGE5m5vJsPCL+GxHfl4YPFe3Tgx40AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu67WaM5X8jxbFggEuxwcbv+VPSnj+SfBjtPGkccyOQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8NjVGs35Sp5ny7VBjwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDBSn9JIqLYTpSeHek+ejC5U2rtI+KN6xc+vlyp15dPF/2/b/XXP2n3Twxi/AAAAEC3znN65zkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgX7VGc76S59nyHgaDrhEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHg4fwUAAP//zWnHag==") mount$incfs(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x4000, 0x0) creat(&(0x7f0000000040)='./file0/file0\x00', 0x81) 786.910557ms ago: executing program 4 (id=232): r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2c, r0, 0x1, 0x70bd23, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20009005}, 0x24004884) 644.495551ms ago: executing program 4 (id=234): r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth1_macvtap\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000140)={@remote, @private0={0xfc, 0x0, '\x00', 0x7}, @private0, 0x9, 0x40, 0x80, 0x100, 0x5de0d1e1, 0xb90230, r1}) 585.574743ms ago: executing program 2 (id=235): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000340)=ANY=[], 0x78) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e23, 0x8020000c, @loopback, 0xffffffff}, 0x1c) 515.439775ms ago: executing program 4 (id=237): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x458, 0x501a, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xe0, 0xb, "", [{{0x9, 0x4, 0x0, 0xf, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0xc, 0xfc, 0x1, {0x22, 0x28}}, {{{0x9, 0x5, 0x81, 0x3, 0x420, 0xb0, 0x81, 0xfe}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="40243f0000003f231ba57fb04d4f1e07d695f285e8"], 0x0, 0x0, 0x0, 0x0}, 0x0) 372.639939ms ago: executing program 2 (id=239): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r0, &(0x7f00000000c0)={0x1f, 0x8000, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f00000004c0)) 330.88465ms ago: executing program 32 (id=239): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r0, &(0x7f00000000c0)={0x1f, 0x8000, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f00000004c0)) 250.893183ms ago: executing program 1 (id=243): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x8000) 214.623024ms ago: executing program 1 (id=244): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x14, 0x0, &(0x7f0000000180)=[@increfs_done={0x40106308, 0x1, 0xfe}], 0x0, 0x0, 0x0}) 166.894986ms ago: executing program 3 (id=245): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x2) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c000000260005"], 0x2c}}, 0x800) 162.708376ms ago: executing program 1 (id=246): r0 = inotify_init() syz_open_procfs(0xffffffffffffffff, &(0x7f00000004c0)='pagemap\x00') close_range(r0, 0xffffffffffffffff, 0x0) 117.188767ms ago: executing program 1 (id=247): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_INIT(r0, 0x29, 0xc8, &(0x7f0000000340), 0x4) setsockopt$inet6_int(r0, 0x29, 0xcf, 0x0, 0x41) 110.635897ms ago: executing program 3 (id=248): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) read$FUSE(r0, 0x0, 0x0) 49.896099ms ago: executing program 1 (id=249): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000580)={0x14, r1, 0x1, 0x70bd24, 0x0, {0x25}}, 0x14}, 0x1, 0x0, 0x0, 0x2008040}, 0x40880) 0s ago: executing program 1 (id=250): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r0) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="01012dbd7000fedbdf251a00000104000180"], 0x18}}, 0x10) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.29' (ED25519) to the list of known hosts. [ 22.812518][ T28] audit: type=1400 audit(1780702024.306:64): avc: denied { mounton } for pid=279 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.816316][ T279] cgroup: Unknown subsys name 'net' [ 22.840473][ T28] audit: type=1400 audit(1780702024.306:65): avc: denied { mount } for pid=279 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.862793][ T279] cgroup: Unknown subsys name 'devices' [ 22.863135][ T28] audit: type=1400 audit(1780702024.346:66): avc: denied { unmount } for pid=279 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.979017][ T279] cgroup: Unknown subsys name 'hugetlb' [ 22.984665][ T279] cgroup: Unknown subsys name 'rlimit' [ 23.121340][ T28] audit: type=1400 audit(1780702024.616:67): avc: denied { setattr } for pid=279 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.144591][ T28] audit: type=1400 audit(1780702024.616:68): avc: denied { mounton } for pid=279 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 23.169399][ T28] audit: type=1400 audit(1780702024.616:69): avc: denied { mount } for pid=279 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 23.194907][ T281] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 23.203978][ T28] audit: type=1400 audit(1780702024.696:70): avc: denied { relabelto } for pid=281 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.229423][ T28] audit: type=1400 audit(1780702024.696:71): avc: denied { write } for pid=281 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.251692][ T279] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 23.255957][ T28] audit: type=1400 audit(1780702024.736:72): avc: denied { read } for pid=279 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.289178][ T28] audit: type=1400 audit(1780702024.736:73): avc: denied { open } for pid=279 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.033341][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.040557][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.048137][ T289] device bridge_slave_0 entered promiscuous mode [ 24.056278][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.063463][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.070966][ T289] device bridge_slave_1 entered promiscuous mode [ 24.203522][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.210645][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.218173][ T288] device bridge_slave_0 entered promiscuous mode [ 24.237842][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.244931][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.252483][ T288] device bridge_slave_1 entered promiscuous mode [ 24.282228][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.289348][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.296862][ T291] device bridge_slave_0 entered promiscuous mode [ 24.303975][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.311111][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.318793][ T291] device bridge_slave_1 entered promiscuous mode [ 24.348434][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.355506][ T287] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.363311][ T287] device bridge_slave_0 entered promiscuous mode [ 24.373365][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.380462][ T287] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.388016][ T287] device bridge_slave_1 entered promiscuous mode [ 24.397915][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.404997][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.412698][ T290] device bridge_slave_0 entered promiscuous mode [ 24.438557][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.445626][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.453165][ T290] device bridge_slave_1 entered promiscuous mode [ 24.502410][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.509499][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.601987][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.609081][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.616358][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.623422][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.638234][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.645305][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.652618][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.659713][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.669878][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.677499][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.684708][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.692158][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.699378][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.707474][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.714924][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.749335][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.757937][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.766094][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.773173][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.794471][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.802739][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.809813][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.839042][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.846617][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.854975][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.862019][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.872212][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.887213][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.895388][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.902453][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.910124][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.931190][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.938891][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.947257][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.954285][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.961797][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.970209][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.977302][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.984847][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.009131][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 25.017298][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.025421][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.033811][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.040887][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.048365][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.056340][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.064872][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.071964][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.096159][ T289] device veth0_vlan entered promiscuous mode [ 25.102482][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.110728][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.118991][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.127789][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.135760][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.144219][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.152573][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 25.160101][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.167593][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.175413][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.183866][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 25.192279][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.200462][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.207565][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.214981][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.222544][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.230109][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 25.254985][ T291] device veth0_vlan entered promiscuous mode [ 25.266063][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 25.274776][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.283183][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.290282][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.300297][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.308773][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.317250][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.325123][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.333799][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.342037][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.350702][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.358964][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.366495][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.387331][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.395682][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.404019][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.412325][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.420627][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.429170][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.437468][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.445606][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.460132][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.474260][ T289] device veth1_macvtap entered promiscuous mode [ 25.483686][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.491972][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.500658][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.509332][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.517360][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.525422][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.533001][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.541230][ T291] device veth1_macvtap entered promiscuous mode [ 25.549305][ T290] device veth0_vlan entered promiscuous mode [ 25.569594][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.577452][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.585691][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.594909][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.603458][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.611993][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.620494][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.628940][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.636977][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.645054][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.652729][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.660449][ T288] device veth0_vlan entered promiscuous mode [ 25.671040][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.687952][ T287] device veth0_vlan entered promiscuous mode [ 25.697393][ T290] device veth1_macvtap entered promiscuous mode [ 25.704621][ T289] request_module fs-gadgetfs succeeded, but still no fs? [ 25.706430][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.720325][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.728003][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.736193][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.744621][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.753117][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.761554][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.772887][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.781323][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.807880][ T288] device veth1_macvtap entered promiscuous mode [ 25.822424][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.830979][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.839869][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.852689][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.861273][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.869663][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.878020][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.886234][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.898239][ T287] device veth1_macvtap entered promiscuous mode [ 25.928604][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.947591][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.956042][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.965072][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.006900][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 26.017323][ T320] binder: 319:320 ioctl 400c620e 2000000002c0 returned -22 [ 26.027303][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.039761][ T322] capability: warning: `syz.3.4' uses deprecated v2 capabilities in a way that may be insecure [ 26.057212][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 26.074763][ T324] loop1: detected capacity change from 0 to 1024 [ 26.081694][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.090868][ T324] ======================================================= [ 26.090868][ T324] WARNING: The mand mount option has been deprecated and [ 26.090868][ T324] and is ignored by this kernel. Remove the mand [ 26.090868][ T324] option from the mount to silence this warning. [ 26.090868][ T324] ======================================================= [ 26.141832][ T324] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 26.169362][ T326] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9'. [ 26.227872][ T324] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 26.247662][ T324] ext4 filesystem being mounted at /3/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 26.298837][ T289] EXT4-fs (loop1): unmounting filesystem. [ 26.449172][ T352] loop3: detected capacity change from 0 to 512 [ 26.479829][ T352] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 26.521543][ T352] EXT4-fs (loop3): Test dummy encryption mode enabled [ 26.568481][ T352] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 26.675393][ T290] EXT4-fs (loop3): unmounting filesystem. [ 26.806794][ T384] netlink: 'syz.2.32': attribute type 11 has an invalid length. [ 26.938177][ T395] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 27.016372][ T400] loop1: detected capacity change from 0 to 512 [ 27.057083][ T400] EXT4-fs: dax option not supported [ 27.078348][ T309] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 27.145918][ T403] loop3: detected capacity change from 0 to 4096 [ 27.165618][ T403] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 27.174841][ T407] loop2: detected capacity change from 0 to 256 [ 27.210209][ T403] EXT4-fs (loop3): Test dummy encryption mode enabled [ 27.218931][ T317] loop4: detected capacity change from 0 to 131072 [ 27.225494][ T407] exfat: Deprecated parameter 'utf8' [ 27.242654][ T403] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c198, mo2=0003] [ 27.253879][ T407] exfat: Deprecated parameter 'utf8' [ 27.260438][ T317] F2FS-fs (loop4): invalid crc value [ 27.265914][ T403] System zones: 0-5 [ 27.277680][ T403] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 27.287492][ T407] exfat: Deprecated parameter 'utf8' [ 27.317865][ T290] EXT4-fs (loop3): unmounting filesystem. [ 27.338111][ T330] loop0: detected capacity change from 0 to 131072 [ 27.348838][ T330] F2FS-fs (loop0): Invalid log sectorsize (67108873) [ 27.354940][ T317] F2FS-fs (loop4): Found nat_bits in checkpoint [ 27.357552][ T330] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 27.370670][ T330] F2FS-fs (loop0): invalid crc value [ 27.379239][ T407] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x18acca35, utbl_chksum : 0xe619d30d) [ 27.418955][ T330] F2FS-fs (loop0): Found nat_bits in checkpoint [ 27.434284][ T425] loop1: detected capacity change from 0 to 512 [ 27.474064][ T425] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 27.507853][ T425] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 27.534834][ T426] loop3: detected capacity change from 0 to 8192 [ 27.549587][ T425] EXT4-fs error (device loop1): ext4_orphan_get:1431: comm syz.1.47: bad orphan inode 131083 [ 27.550213][ T425] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 27.568529][ T330] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 27.575709][ T317] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 27.593408][ T426] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 27.596974][ T330] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 27.618280][ T289] EXT4-fs (loop1): unmounting filesystem. [ 27.737211][ T330] SELinux: Context system_u:object_r:init_exec_t:s0 is not valid (left unmapped). [ 27.782641][ T330] F2FS-fs (loop0): inconsistent node block, nid:8, node_footer[nid:5,ino:5,ofs:0,cpver:1219692001,blkaddr:15361] [ 27.810791][ T443] F2FS-fs (loop0): inconsistent node block, nid:8, node_footer[nid:5,ino:5,ofs:0,cpver:1219692001,blkaddr:15361] [ 27.910112][ T449] loop1: detected capacity change from 0 to 256 [ 28.116854][ T454] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 28.140834][ T454] ext4 filesystem being mounted at /26/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 28.153466][ T459] netlink: 'syz.4.61': attribute type 10 has an invalid length. [ 28.260062][ T289] EXT4-fs (loop1): unmounting filesystem. [ 28.272132][ T28] kauditd_printk_skb: 72 callbacks suppressed [ 28.272147][ T28] audit: type=1400 audit(1780702029.766:146): avc: denied { read write } for pid=462 comm="syz.0.56" name="ppp" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 28.326708][ T28] audit: type=1400 audit(1780702029.766:147): avc: denied { open } for pid=462 comm="syz.0.56" path="/dev/ppp" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 28.350823][ T28] audit: type=1400 audit(1780702029.786:148): avc: denied { ioctl } for pid=462 comm="syz.0.56" path="/dev/ppp" dev="devtmpfs" ino=158 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 28.388672][ T467] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 28.406913][ T467] ext4 filesystem being mounted at /4/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 28.434855][ T28] audit: type=1400 audit(1780702029.926:149): avc: denied { ioctl } for pid=466 comm="syz.4.64" path="/4/file0/file1" dev="loop4" ino=15 ioctlcmd=0x6607 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 28.485181][ T291] EXT4-fs (loop4): unmounting filesystem. [ 28.574280][ T481] netlink: 52 bytes leftover after parsing attributes in process `syz.0.70'. [ 28.605203][ T28] audit: type=1400 audit(1780702030.096:150): avc: denied { write } for pid=484 comm="syz.4.72" name="001" dev="devtmpfs" ino=185 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 28.616281][ T438] F2FS-fs (loop3): Test dummy encryption mode enabled [ 28.667710][ T438] F2FS-fs (loop3): invalid crc value [ 28.676269][ T438] F2FS-fs (loop3): Found nat_bits in checkpoint [ 28.729219][ T438] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 28.750396][ T28] audit: type=1400 audit(1780702030.246:151): avc: denied { read } for pid=491 comm="syz.0.75" name="event1" dev="devtmpfs" ino=261 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 28.792458][ T28] audit: type=1400 audit(1780702030.276:152): avc: denied { open } for pid=491 comm="syz.0.75" path="/dev/input/event1" dev="devtmpfs" ino=261 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 28.839422][ T438] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 28.852536][ T28] audit: type=1400 audit(1780702030.326:153): avc: denied { create } for pid=437 comm="syz.3.52" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 28.897302][ T28] audit: type=1400 audit(1780702030.376:154): avc: denied { ioctl } for pid=491 comm="syz.0.75" path="/dev/input/event1" dev="devtmpfs" ino=261 ioctlcmd=0x450a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 28.938047][ T28] audit: type=1400 audit(1780702030.416:155): avc: denied { connect } for pid=507 comm="syz.4.80" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 29.080458][ T522] syz.2.87: attempt to access beyond end of device [ 29.080458][ T522] loop2: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 29.084151][ T520] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 29.093926][ T522] Buffer I/O error on dev loop2, logical block 57847, async page read [ 29.111219][ T522] syz.2.87: attempt to access beyond end of device [ 29.111219][ T522] loop2: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 29.124541][ T522] Buffer I/O error on dev loop2, logical block 57847, async page read [ 29.133084][ T522] syz.2.87: attempt to access beyond end of device [ 29.133084][ T522] loop2: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 29.146425][ T522] Buffer I/O error on dev loop2, logical block 57847, async page read [ 29.154807][ T520] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 29.200103][ T520] EXT4-fs error (device loop4): ext4_acquire_dquot:6828: comm syz.4.88: Failed to acquire dquot type 0 [ 29.229717][ T291] EXT4-fs (loop4): unmounting filesystem. [ 29.244195][ T532] netlink: 8 bytes leftover after parsing attributes in process `syz.0.89'. [ 29.359444][ T546] device syz_tun entered promiscuous mode [ 29.398358][ T546] device macsec1 entered promiscuous mode [ 29.405520][ T546] device syz_tun left promiscuous mode [ 29.476867][ T555] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 29.503331][ T555] ext4 filesystem being mounted at /16/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 29.521378][ T555] overlayfs: failed to verify upper (/file0, ino=12, err=-28) [ 29.528909][ T555] overlayfs: failed to verify index dir 'upper' xattr [ 29.535696][ T555] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 29.556936][ T546] syz.0.100 (546) used greatest stack depth: 21472 bytes left [ 29.594798][ T291] EXT4-fs (loop4): unmounting filesystem. [ 29.613545][ T566] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 29.636924][ T566] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 29.877505][ T593] netlink: 28 bytes leftover after parsing attributes in process `syz.2.119'. [ 29.975228][ T602] netlink: 240 bytes leftover after parsing attributes in process `syz.3.123'. [ 30.119393][ T612] EXT4-fs: Ignoring removed bh option [ 30.126436][ T612] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 30.147777][ T612] EXT4-fs error (device loop3): ext4_iget_extra_inode:4765: inode #15: comm syz.3.128: corrupted in-inode xattr [ 30.170748][ T612] EXT4-fs error (device loop3): ext4_orphan_get:1410: comm syz.3.128: couldn't read orphan inode 15 (err -117) [ 30.187028][ T612] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 30.269000][ T290] EXT4-fs (loop3): unmounting filesystem. [ 30.343015][ T615] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 30.379556][ T615] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2800: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 30.410073][ T615] EXT4-fs (loop3): 1 truncate cleaned up [ 30.415768][ T615] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 30.461658][ T596] F2FS-fs (loop2): Found nat_bits in checkpoint [ 30.479788][ T290] EXT4-fs (loop3): unmounting filesystem. [ 30.564543][ T578] F2FS-fs (loop4): invalid crc value [ 30.575921][ T596] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 30.616417][ T578] F2FS-fs (loop4): Found nat_bits in checkpoint [ 30.659675][ T596] syz.2.121: attempt to access beyond end of device [ 30.659675][ T596] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 30.704824][ T629] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 30.724922][ T287] syz-executor: attempt to access beyond end of device [ 30.724922][ T287] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 30.742527][ T629] ext4 filesystem being mounted at /37/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 30.742617][ T578] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 30.839216][ T289] EXT4-fs (loop1): unmounting filesystem. [ 31.074922][ T654] netlink: 20 bytes leftover after parsing attributes in process `syz.3.144'. [ 31.155581][ T660] netlink: 8 bytes leftover after parsing attributes in process `syz.2.147'. [ 31.205129][ T665] set_capacity_and_notify: 13 callbacks suppressed [ 31.205148][ T665] loop4: detected capacity change from 0 to 1024 [ 31.243575][ T665] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 31.258483][ T670] device wireguard0 entered promiscuous mode [ 31.286053][ T665] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 31.347490][ T291] EXT4-fs (loop4): unmounting filesystem. [ 31.595840][ T704] loop3: detected capacity change from 0 to 256 [ 31.824370][ T719] netlink: 36 bytes leftover after parsing attributes in process `syz.1.174'. [ 32.236770][ T6] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 32.317562][ T752] loop3: detected capacity change from 0 to 512 [ 32.386987][ T752] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 32.416347][ T752] ext4 filesystem being mounted at /57/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 32.436717][ T6] usb 2-1: Using ep0 maxpacket: 16 [ 32.443046][ T6] usb 2-1: config index 0 descriptor too short (expected 52, got 36) [ 32.451306][ T6] usb 2-1: config 0 has an invalid interface number: 251 but max is 0 [ 32.452265][ T752] EXT4-fs error (device loop3): ext4_do_update_inode:5281: inode #2: comm syz.3.190: corrupted inode contents [ 32.459545][ T6] usb 2-1: config 0 has no interface number 0 [ 32.477399][ T6] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 32.487378][ T6] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 32.497985][ T702] loop2: detected capacity change from 0 to 131072 [ 32.506254][ T752] EXT4-fs error (device loop3): ext4_dirty_inode:6158: inode #2: comm syz.3.190: mark_inode_dirty error [ 32.517988][ T752] EXT4-fs error (device loop3): ext4_do_update_inode:5281: inode #2: comm syz.3.190: corrupted inode contents [ 32.518996][ T702] F2FS-fs (loop2): invalid crc value [ 32.531081][ T6] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 32.544202][ T752] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz.3.190: mark_inode_dirty error [ 32.557652][ T6] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 32.575313][ T6] usb 2-1: Product: syz [ 32.580148][ T6] usb 2-1: Manufacturer: syz [ 32.584774][ T6] usb 2-1: SerialNumber: syz [ 32.612265][ T6] usb 2-1: config 0 descriptor?? [ 32.618619][ T702] F2FS-fs (loop2): Found nat_bits in checkpoint [ 32.627900][ T732] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 32.635109][ T732] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 32.658193][ T290] EXT4-fs (loop3): unmounting filesystem. [ 32.668883][ T767] netlink: 20 bytes leftover after parsing attributes in process `syz.4.195'. [ 32.742284][ T702] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 32.836814][ T702] SELinux: Context : is not valid (left unmapped). [ 32.867171][ T732] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 32.874385][ T732] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 32.893964][ T783] loop3: detected capacity change from 0 to 128 [ 32.929793][ T783] EXT4-fs (loop3): Test dummy encryption mode enabled [ 32.947723][ T783] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 32.966874][ T783] ext4 filesystem being mounted at /61/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 33.099522][ T290] EXT4-fs (loop3): unmounting filesystem. [ 33.111840][ T6] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 33.124243][ T6] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -71 [ 33.134095][ T6] asix: probe of 2-1:0.251 failed with error -5 [ 33.160147][ T6] usb 2-1: USB disconnect, device number 2 [ 33.284797][ T798] loop4: detected capacity change from 0 to 1024 [ 33.308100][ T798] EXT4-fs: Ignoring removed bh option [ 33.373203][ T798] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 33.384215][ T806] syz.3.213 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 33.415683][ T291] EXT4-fs (loop4): unmounting filesystem. [ 33.731036][ T834] netlink: 8 bytes leftover after parsing attributes in process `syz.2.225'. [ 33.806528][ T846] loop2: detected capacity change from 0 to 2048 [ 33.853908][ T846] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 33.856599][ T28] kauditd_printk_skb: 90 callbacks suppressed [ 33.856633][ T28] audit: type=1400 audit(1780702035.346:244): avc: denied { append } for pid=847 comm="syz.1.231" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 33.866535][ T846] ext4 filesystem being mounted at /55/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 33.933855][ T28] audit: type=1400 audit(1780702035.426:245): avc: denied { write } for pid=845 comm="syz.2.230" name="/" dev="incremental-fs" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 33.957043][ T846] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #13: comm syz.2.230: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 24836(4), depth 248(248) [ 33.986819][ T28] audit: type=1400 audit(1780702035.456:246): avc: denied { add_name } for pid=845 comm="syz.2.230" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 34.007500][ T28] audit: type=1400 audit(1780702035.456:247): avc: denied { associate } for pid=845 comm="syz.2.230" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 34.029589][ T846] incfs_lookup_dentry err:-117 [ 34.043493][ T28] audit: type=1400 audit(1780702035.536:248): avc: denied { rmdir } for pid=287 comm="syz-executor" name=".index" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 34.066150][ T287] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #13: comm syz-executor: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 24836(4), depth 248(248) [ 34.085115][ T287] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #13: comm syz-executor: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 24836(4), depth 248(248) [ 34.127753][ T860] loop1: detected capacity change from 0 to 512 [ 34.147815][ T860] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 34.186398][ T289] EXT4-fs (loop1): unmounting filesystem. [ 34.195173][ T287] EXT4-fs (loop2): unmounting filesystem. [ 34.224796][ T863] netlink: 64 bytes leftover after parsing attributes in process `syz.1.238'. [ 34.386708][ T6] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 34.432972][ T28] audit: type=1400 audit(1780702035.926:249): avc: denied { set_context_mgr } for pid=871 comm="syz.1.244" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 34.484535][ T876] netlink: 8 bytes leftover after parsing attributes in process `syz.3.245'. [ 34.518012][ T28] audit: type=1400 audit(1780702036.016:250): avc: denied { mounton } for pid=877 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 34.587749][ T6] usb 5-1: config 0 interface 0 altsetting 15 endpoint 0x81 has invalid maxpacket 1056, setting to 64 [ 34.614503][ T6] usb 5-1: config 0 interface 0 altsetting 15 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 34.627923][ T571] ------------[ cut here ]------------ [ 34.633413][ T571] kernel BUG at fs/buffer.c:2714! [ 34.642806][ T571] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 34.648964][ T571] CPU: 0 PID: 571 Comm: kmmpd-loop0 Not tainted syzkaller #0 [ 34.656362][ T571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 34.666441][ T571] RIP: 0010:submit_bh_wbc+0x4c9/0x4f0 [ 34.671875][ T571] Code: c3 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c bd fe ff ff 48 89 df e8 68 d0 e7 ff e9 b0 fe ff ff e8 5e 2b a2 ff 0f 0b e8 57 2b a2 ff <0f> 0b e8 50 2b a2 ff 0f 0b e8 49 2b a2 ff 0f 0b e8 42 2b a2 ff 0f [ 34.691523][ T571] RSP: 0018:ffffc9000e56fca0 EFLAGS: 00010293 [ 34.697629][ T571] RAX: ffffffff81cf5029 RBX: 0000000000000000 RCX: ffff88811d01d100 [ 34.705728][ T571] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 34.713731][ T571] RBP: ffffc9000e56fcf0 R08: ffff888133139a87 R09: 1ffff11026627350 [ 34.721738][ T571] R10: dffffc0000000000 R11: ffffed1026627351 R12: 0000000000000000 [ 34.730611][ T571] R13: 1ffff11026627350 R14: ffff888133139a80 R15: 0000000000003801 [ 34.738626][ T571] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 34.748040][ T571] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.754667][ T571] CR2: 0000001b2ed20ff8 CR3: 0000000121391000 CR4: 00000000003506b0 [ 34.762673][ T571] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.770672][ T571] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.778677][ T571] Call Trace: [ 34.781982][ T571] [ 34.784934][ T571] ? _raw_spin_unlock_irqrestore+0x5a/0x80 [ 34.790779][ T571] submit_bh+0x1f/0x30 [ 34.794878][ T571] write_mmp_block_thawed+0x397/0x510 [ 34.800286][ T571] ? __cfi_schedule_timeout+0x10/0x10 [ 34.805682][ T571] ? read_mmp_block+0x720/0x720 [ 34.810564][ T571] ? __cfi_process_timeout+0x10/0x10 [ 34.815882][ T571] write_mmp_block+0x138/0x2b0 [ 34.820681][ T571] kmmpd+0x3ce/0x950 [ 34.824608][ T571] kthread+0x281/0x320 [ 34.828708][ T571] ? __cfi_kmmpd+0x10/0x10 [ 34.833154][ T571] ? __cfi_kthread+0x10/0x10 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 34.837778][ T571] ret_from_fork+0x1f/0x30 [ 34.842226][ T571] [ 34.845259][ T571] Modules linked in: [ 34.857303][ T28] audit: type=1400 audit(1780702036.346:251): avc: denied { write } for pid=279 comm="syz-executor" path="pipe:[15064]" dev="pipefs" ino=15064 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 34.921714][ T6] usb 5-1: config 0 interface 0 has no altsetting 0 [ 34.936849][ T6] usb 5-1: New USB device found, idVendor=0458, idProduct=501a, bcdDevice= 0.00 [ 34.969600][ T571] ---[ end trace 0000000000000000 ]--- [ 34.996709][ T571] RIP: 0010:submit_bh_wbc+0x4c9/0x4f0 [ 34.996734][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.011001][ T6] usb 5-1: config 0 descriptor?? [ 35.027286][ T571] Code: c3 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c bd fe ff ff 48 89 df e8 68 d0 e7 ff e9 b0 fe ff ff e8 5e 2b a2 ff 0f 0b e8 57 2b a2 ff <0f> 0b e8 50 2b a2 ff 0f 0b e8 49 2b a2 ff 0f 0b e8 42 2b a2 ff 0f [ 35.107237][ T571] RSP: 0018:ffffc9000e56fca0 EFLAGS: 00010293 [ 35.123265][ T571] RAX: ffffffff81cf5029 RBX: 0000000000000000 RCX: ffff88811d01d100 [ 35.132415][ T571] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 35.147028][ T571] RBP: ffffc9000e56fcf0 R08: ffff888133139a87 R09: 1ffff11026627350 [ 35.155315][ T571] R10: dffffc0000000000 R11: ffffed1026627351 R12: 0000000000000000 [ 35.170071][ T571] R13: 1ffff11026627350 R14: ffff888133139a80 R15: 0000000000003801 [ 35.181850][ T6] usb 5-1: can't set config #0, error -71 [ 35.189072][ T571] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 35.201854][ T571] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.212445][ T571] CR2: 000055dc360483f0 CR3: 00000001106e4000 CR4: 00000000003506a0 [ 35.220899][ T571] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 35.231578][ T571] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 35.240143][ T318] device bridge_slave_1 left promiscuous mode [ 35.246303][ T318] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.247346][ T571] Kernel panic - not syncing: Fatal exception [ 35.253483][ T571] Kernel Offset: disabled [ 35.263883][ T571] Rebooting in 86400 seconds..