last executing test programs: 7.514155919s ago: executing program 0 (id=103): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x83, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x10000, 0x26000, 0x0, 0x0, 0x8, 0x8, 0x0, 0x2, 0x0, 0x26, 0x9, 0x10}, {0x8080000, 0x0, 0x935bf724b7effdda, 0x8, 0x9, 0x4, 0x0, 0x0, 0xa, 0x7, 0x0, 0xff}, {0x3000, 0x5000, 0x8, 0x0, 0x4, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x100000, 0x3000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x81, 0x4}, {0xeeee8000, 0x3000, 0x9, 0x0, 0xff, 0x4, 0x0, 0xe, 0x0, 0x3c, 0x1, 0xfc}, {0x30000, 0xb000, 0xd, 0x8, 0x0, 0x0, 0x2, 0x8e, 0x0, 0x0, 0x80}, {0x8080000, 0x0, 0xa, 0x6, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x80a0000, 0xdddd0000, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa, 0x26}, {0x7000}, {0x50000}, 0xfdfcffdb, 0x0, 0x0, 0x28, 0xc, 0xf801, 0x0, [0x0, 0x1000000000000, 0x1]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f00000000c0)={0x40000}) 7.410153935s ago: executing program 0 (id=104): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) munmap(&(0x7f0000aaf000/0x1000)=nil, 0x1000) mremap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x3000, 0x7, &(0x7f0000ffd000/0x3000)=nil) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) 7.284618262s ago: executing program 0 (id=109): socket$packet(0x11, 0x2, 0x300) r0 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000001100)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) syz_open_procfs(r0, &(0x7f0000000180)='fd/3\x00') 7.265399433s ago: executing program 0 (id=110): syz_mount_image$exfat(&(0x7f00000005c0), &(0x7f0000000240)='./bus\x00', 0x3010050, &(0x7f0000000600)=ANY=[], 0x41, 0x14fe, &(0x7f0000000700)="$eJzs3Au0ztXWMPA511p/NklPkvuaa/55kssiSXJJSCRJkiS5JSRJkoTEJrckJCH3JPeQ3GIn9/st9yQ5kiQJCUnWN3Q6n/e8nfftnO+c7/V9Z8/fGGvsNff/mfNZa889nv9ljL2/7Ti4av1qlesyM/xT8M9fUgEgBQD6AcA1ABABQKlspbIBDoNMGlP/uTcR/1oPTbvSKxBXkvQ/fZP+p2/S//RN+p++Sf/TN+l/+ib9T9+k/0KkZ1un575WRvod/3PP/0Ge//8/R87//0YOFxvz5fpi13f6B1Kk/+mb9D99k/6nb9L/9E36n75J///NRQCV/pvD0v/0TfovRHp2pZ8/y7iy40r//gkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESB/OhcsMAPxlfqXXJYQQQgghhBBCiH+dkPFKr0AIIYQQQgghhBD/9yEo0GAgggyQEVIgE2SGqyALXA1Z4RpIwLWQDa6D7HA95ICckAtyQx7IC/nAAoEDhhjyQwFIwg1QEG6EQlAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6AiVILKcCdUgbugKlSDu6E63AM14F6oCfdBLbgfasMDUAcehLrwENSDh6E+PAIN4FFoCI2gMTSBpv9H+S9CV3gJukF3SIUe0BNehl7QG/pAX+gHr0B/eBUGwGswEAbBYHgdhsAbMBTehGEwHEbAWzASRsFoGANjYRyMh7dhArwDE+FdmASTYQpMhWkwHWbAezATZsFseB/mwAcwF+bBfFgAC+FDWASLIQ0+giXwMSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVPYBtshx2wE3bBbtgDn8Je+Az2weewH774B/PP/qf8TggIqFChQYMZMAOmYApmxsyYBbNgVsyKCUxgNsyG2TE75sAcmAtzYR7Mg/kwHxISMjLmx/yYxCQWxIJYCAthESyCHj0Wx+JYAm/GklgSS2EpLI2lsQyWxbJYHstjBayAFbEiVsbKWAWrYFWsinfj3XgP1sAaWBNrYi2shbWxNtbBOlgX62I9rIf1sT42wAbYEBtiY2yMTbEpNsNm2BybY0tsia2wFbbG1tgG22BbbIvtsB22x/bYATtgR+yInbAzdsYX8UV8CV/C7lhF9cCe2BN7YS/sg32xL76C/fFVfBVfw4E4CAfj6/g6voFD8QwOw+E4AkdgBTUKR+MYZDUOx+N4nIATcCJOxEk4GSfjVJyG03EGzsCZOAtn4fs4Bz/AD3AezsMFuBAX4iJcjGmYhkvwLC7FZbgcV+BKXIUrcQ2uxTW4HjfgetyEm3ALbsFP8BPcjttxJ+7E3bgbP8VP8TP8DAfiftyPB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5/AcnsfzeAGfz/N1vd2F1w0EdYlRRmVQGVSKSlGZVWaVRWVRWVVWlVAJlU1lU9lVdpVD5VC5VC6VR+VR+VQ+RYoUq1jlV/lVUiVVQVVQFVKFVBFVRHnlVXFVXJVQJVRJVVKVUreq0uo2VUaVVS18eVVeVVAtfUVVSVVWlVUVdZeqqqqpaqq6qq5qqBqqpqqpaqlaqrZ6QNVRPbAPPqQudaa+GoQN1GBsqBqpxqqJegMfU83UUGyuWqiW6gk1HIdha9XMt1FPq7ZqNLZTz6ox+JzqoMZhR/WC6qQ6qy7qRdVVNffdMvz2EaimYi/VW/VRfdVMvEtd6lhV9ZoaqAapwep1tQDfUEPVm2qYGq5GqLfUSDVKjVZj1Fg1To1Xb6sJ6h01Ub2rJqnJaoqaqqap6WqGek/NVLPUbPW+mqM+UHPVPDVfLVAL1YdqkVqs0tRHaon6WC1Vy9RytUKtVKvUarVGrVXr1Hq1QW1Um9RmtUVtVZ+obWq72qF2ql1qt9qjPlV71Wdqn/pc7VdfqAPqT+qg+lIdUl+pw+prdUR9o46qb9Ux9Z06rr5XJ9RJdUr9oE6rH9UZdVadUz+p8+pndUH9oi6qoECjVlproyOdQWfUKTqTzqyv0ln01TqrvkYn9LU6m75OZ9fX6xw6p86lc+s8Oq/Op60m7TTrWOfXBXRS36AL6ht1IV1YF9FFtdfFdHF9ky6hb9Yl9S26lL5Vl9a36TK6rC6ny+vbdQV9h66oK+nK+k5dRd+lq+pq+m5dXd+ja+h7dU19n66l79e19QO6jn5Q19UP6Xr6YV1fP6Ib6Ed1Q91IN9ZNdFP9mG6mH9fNdQvdUj+hW+kndWv9lG6jn9Zt9TO6nX5Wt9fP6Q76ed1Rv6A76c66i/5FX9RBd9PddaruoXvql3Uv3Vv30X11P/2K7q9f1QP0a3qgHqQH69f1EP2GHqrf1MP0cD1Cv6VH6lF6tB6jx+pxerx+W0/Q7+iJ+l09SU/WU/RUPU1P131+qzT778h/52/kD/j13bforfoTvU1v1zv0Tr1L79Z79B69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WR/QRfVQf1cf0MX1cH9cn9En9k/5Bn9Y/6jP6rD6rf9Ln9Xl94befARg0ymhjTGQymIwmxWQymc1VJou52mQ115iEudZkM9eZ7OZ6k8PkNLlMbpPH5DX5jDVknGETm/ymgEmaG0xBc6MpZAqbIqao8aaYKW5u+qfz/2h9TU1T08w0M81Nc9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfT0XQ0nUwn08V0MV1NV9PNdDOpJtX0NC+bXqa36WP6mn7mFdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJpJs0sMUvMUrPMLDMrzAqzyqwya8was86sMxvMBrPJbDJLzVaz1Wwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL132RSpSkYlMlCHKEKVEKVHmKHOUJcoSZY2yRokoEWWLskXZo+ujHFHOKFeUO8oT5Y1SwUYUuYijOMofFYiS0Q1RwejGqFBUOCoSFY18VCwqHt0UlYhujkpGt0Sloluj0tFtUZmobFQuKh/dHlWI7ogqRpWiytGdUZXorqhqVC26O6oe3RPViO6Nakb3RbWi+6Pa0QNRnejBqG70UFQvejiqHz0SNYgejRpGjaLGUZOo6b+0fghncj7uu9nuNtX2sD3ty7aX7W372L62n33F9rev2gH2NTvQDrKD7et2iH3DDrVv2mF2uB1h37Ij7Sg72o6xY+04O96+bSfYd+xE+66dZCfbKXaqnWan2xn2PTvTzrKz7ft2jv3AzrXz7Hy7wC60H9pFdrFNsx/ZJfZju9Qus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFrvVfmK32e12h91pd9nddo/91O61n9l99nO7335hD9g/2YP2S3vIfmUP26/tEfuNPWq/tcfsd/a4/d6esCftKfuDPW1/tGfsWXvO/mTP25/tBfuLvWjDpYv7S6d3MmQoA2WgFEqhzJSZslAWykpZKUEJykbZKDtlpxyUg3JRLspDeSgf5aNLmJjyU35KUpIKUkEqRIWoCBUhT56KU3EqQSWoJJWkUlSKSlNpKkNlqByVo9vpdrqD7qBKVInupDvpLrqLqlE1qk7VqQbVoJpUk2pRLapNtakO1aG6VJfqUT2qT/WpATWghtSQGlNjakpNqRk1o+bUnFpSS2pFrag1taY21IbaUltqR+2oPbWnDtSBOlJH6kSdqAt1oa7UlbpRN0qlVOpJPakX9aI+1If6UT/qT/1pAA2ggTSQBtNgGkJDaCgNpWE0nEbQWzSSRtFoGkNjaRyNp/E0gSbQRJpIk2gSTaEpNI2m0QyaQTNpJs2m2TSH5tBcmkvzaT4tpIW0iBZRGqXRElpCS2kpLafltJJW0mpaTWtpLa2n9bSRNtJm2kxbaStto220g3bQLtpFe2gP7aW9tI/20X7aTwfoAB2kg3SIDtFhOkxH6AgdpaN0jI7RcTpOJ+gEnaJTdJpO0xk6Q+foHJ2nn+kC/UIXKVCKU5DZXeWyuKtdVneNS3GZ3KU4AoBLcS6X2+VxeV0+Z10Ol/OvYnLOFXKFXRFX1HlXzBV3N/0uLuPKunKuvLvdVXB3uIq/i6u7e1wNd6+r6e5z1dzdfxXXcve72u4RV8c96uq6Rq6ea+Lqu0dcA/eoa+gaucauiWvlnnSt3VOujXvatXXP/C5e5Ba7tW6dW+82uL3uM3fO/eSOum/defez6+a6u37uFdffveoGuNfcQDfod/EI95Yb6Ua50W6MG+vG/S6e4qa6aW66m+HeczPdrN/FC92Hbo5Lc3PdPDffLfg1vrSmNPeRW+I+dkvdMrfcrXAr3Sq32q3532td4Ta5zW6L2+M+ddvcdrfD7XS73O5f40v72Oc+d/vdF+6I+8YddF+6Q+6YO+y+/jW+tL9j7jt33H3vTriT7pT7wZ12P7oz7uyv+7+09x/cL+6iCw4YWbFmwxFn4Iycwpk4M1/FWfhqzsrXcIKv5Wx8HWfn6zkH5+RcnJvzcF7Ox5aJHTPHnJ8LcJJv4IJ8IxfiwlyEi7LnYlycb+ISfDOX5Fu4FN/Kpfk2LsNluRyX59u5At/BFbkSV+Y7uUoIXJWr8d1cne/hGnwv1+T7uBbfz7X5Aa7DD3Jdfojr8cNcnx/hBvwoN+RG3JibcFN+jJvx49ycW3BLfoJb8ZPcmp/iNvw0t+VnuB0/y+35Oe7Az3NHfoE7cWfuwi9yV36Ju3F3TuUe3JNf5l7cm/twX+7Hr3B/fpUH8Gs8kAfxYH6dh/AbPJTf5GE8nEfwWzySR/FoHsNjeRyP57d5Ar/DE/ldnsSTeQpP5Wk8nWfwezyTZ/Fsfp/n8Ac8l+fxfF7AC/lDXsSLOY0/4iX8MS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VPeBtv5x28k3fxbt7Dn/Je/oz38ee8n7/gA/wnPshf8iH+ig/z13yEv+Gj/C0f4+/4OH/PJ/gkn+If+DT/yGf4LJ/jn/g8/8wX+Be+yIEhxljFOjZxFGeIM8YpcaY4c3xVnCW+Os4aXxMn4mvjbPF1cfb4+jhHnDPOFeeO88R543yxjSl2McdxnD8uECfjG+KC8Y1xobhwXCQuGvu4WFw8vikuEd8cl4xviUvFt8al49viMnHZ+JH7yse3xxXiO+KKcaW4cnxnXCW+K64aV4vvjqvH98Q14nvjmvF9ccn4/rh2/EBcJ34wrhs/FNeLH47rx4/EDeJH44Zxo7hx3CRuGj8WN4sfj5vHLeKW8RNxq/jJuHX8VNwmfjpuGz/zh8dT4x5xz/jl+OU4hHv1/OSC5MLkh8lFycXJtORHySXJj5NLk8uSy5MrkiuTq5Krk2uSa5PrkuuTG5Ibk5uSm5NbkiFUywgevfLaGx/5DD6jT/GZfGZ/lc/ir/ZZ/TU+4a/12fx1Pru/3ufwOX0un9vn8Xl9Pm89eefZxz6/L+CT/gZf0N/oC/nCvogv6r0v5ov7Jr6pb+qb+cd9c9/Ct/RP+Cf8k/5J/5R/yj/t2/pnfDv/rG/vn/Md/PP+ef+C7+Q7+y7+Rd/Vv+S7+e4+1af6nr6n7+V7+T6+j+/n+/n+vr8f4Af4gX6gH+wH+yF+iB/qh/phfpgf4Uf4kX6kH+1H+7F+rB/vx/sJfoKf6Cf6SX6Sn+Kn+Gl+mp/hZ/iZfqaf7Wf7OYXm+Ll+rp/v5/uFfqFf5Bf5NJ/ml/glfqlf6pf75X6lX+lX+9V+rV/r1/v1fqPf6Df7zX6r3+q3+W1+h9/hd/ldfo/f4/f6vX6f3+f3+/3+gD/gD/qD/pD/yh/2X/sj/ht/1H/rj/nv/HH/vT/hT/pT/gd/2v/oz/iz/pz/yZ/3P/sL/hd/0Qc/PvF2YkLincTExLuJSYnJiSmJqYlpiemJGYn3EjMTsxKzE+8n5iQ+SMxNzEvMTyxILEx8mFiUWJxIS3yUWJL4OLE0sSyxPLEisTKxKhFC3m1xyB8KhGS4IRQMN4ZCoXAoEooGH4qF4uGmUCLcHEqGW0KpcGsoHW4LZULZUC48GhqGRqFxaBKahsdCs/B4aB5ahJbhidAqPBlah6dCm/B0aBueCe3Cs6F9eC50CM+HjuGF0Cl0Dl3Ci6FreCl0C91DaugReoaXQ6/QO/QJfUO/8EroH14NA8JrYWAYFAaH18OQ8EYYGt4Mw8LwMCK8FUaGUWF0GBPGhnFhfHg7TAjvhInh3TApTA5TwtQwLUwPM8J7YWaYFWaH98Oc8EGYG+aF+WFBWBg+DIvC4pAWPgpLwsdhaVgWlocVYWVYFVaHNWFtWBfWhw1hY9gUNoctYWv4JGwL28OOsDPsCrvDnvBp2Bs+C/vC52F/+CIcCH8KB8OX4VD4KhwOX4cj4ZtwNHwbjoXvwvHwfTgRToZT4YdwOvwYzoSz4Vz4KZwPP4cL4ZdwUf5mTQghhBDi76L/4HiPv/G9DACgfpv3BICrt+c+/J9rbszx53lvladVAgCe7t7xob+MKlVSU1N/e+1SDVGBeQCQ+Ov6f4mXQUt4EtpACyjxN9fXW3U+z39QP3krQOb/kJMCl+PL9W/+L+o/9sSIRaXjc9n+m/rzAAoVuJyTCS7Hl+uX/C/q52z2B+vP9OV4gOb/IScLXI4v1y8Oj8Mz0OavXimEEEIIIYQQQvxZb1Wu/R/dP1+6P89jLudkhMvxH92fCyGEEEIIIYQQ4sp7rnOXpx5r06ZF+79vgr89F/jHsmQiE5n8fza50p9MQgghhBBCiH+1yxf9V3olQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE+vU/8e/ErvQehRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiCvtfwUAAP//luw5aQ==") mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) 7.183788248s ago: executing program 0 (id=112): r0 = syz_open_dev$loop(&(0x7f0000000440), 0x7, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.time\x00', 0x26e1, 0x0) close(r1) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) 7.057295546s ago: executing program 0 (id=113): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) shutdown(r0, 0x1) 7.032065627s ago: executing program 32 (id=113): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) shutdown(r0, 0x1) 3.330327604s ago: executing program 3 (id=186): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$x86(r2, &(0x7f0000000000)={0x0, 0x0}) r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000100)={0x0, &(0x7f0000000180)=[@wrmsr={0x65, 0x20, {0x4b564d03, 0x1}}], 0x20}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3.230322331s ago: executing program 3 (id=191): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xc53}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000040)=@x86={0xc, 0x3, 0x3, 0x0, 0x8, 0x13, 0x1, 0x7, 0x5, 0x1, 0xc, 0x9, 0x0, 0x81, 0x5, 0x8, 0xc, 0x7, 0x1, '\x00', 0x2, 0xfcf}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.342409023s ago: executing program 3 (id=203): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x454a, 0x4) bind$inet(r0, &(0x7f0000000200)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000000)=0x1, 0x4) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 2.153218344s ago: executing program 3 (id=210): bind$unix(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001400add427323b472545b4560a117fffffff81000e220e227f000001925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) 2.108357036s ago: executing program 3 (id=212): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f00000002c0)=@x86={0x3, 0x0, 0x0, 0x0, 0xffffffff, 0xe, 0x8, 0xf2, 0xd5, 0x5, 0x6, 0x9, 0x0, 0x6adc01cd, 0x1, 0x8, 0x7, 0xa, 0x19, '\x00', 0x9, 0x7}) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x8040ae9f, &(0x7f0000000280)) 2.04156565s ago: executing program 5 (id=215): unshare(0x26000400) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_mount_image$vfat(&(0x7f0000000280), &(0x7f0000000200)='./file0\x00', 0x18000, &(0x7f0000002f40)=ANY=[@ANYRES8=0x0, @ANYRES8, @ANYRES16=0x0, @ANYRESDEC, @ANYRES32, @ANYRES32], 0x1, 0x2ee, &(0x7f00000009c0)="$eJzs3M9PE1sUwPHTH5S2BMri5b28l7xwoxvdTKC6VhoDibGJBKnxR2IywFSbji2ZaTA1RnTl1vhHuCAs2ZEo/wAbd7px446NiQtZGMd0OkNpGUBKaRG+n4TMYe49nXtnBnLuhGHzzuvHxbyt5fWKhONKQiIiWyLDEhZfyNuG3TgmO72QiwPfPv5/6+69G5lsdmJaqcnMzKW0Umpo5N2TZwmv21q/bAw/2Pya/rLx98a/mz9nHhVsVbBVqVxRupotf67os6ah5gt2UVNqyjR021CFkm1Y9fZyvT1vlhcWqkovzQ8mFyzDtpVeqqqiUVWVsqpYVRV5qBdKStM0NZgUHCS3PD2tZ9pMnuvwYHBMLCujR0Qksaslt9yTAQEAgJ5qrf/DojpZ/6+cW68M3F4d8ur/tVhQ/X/5U/2zmur/uIgE1v/+8QPrf/1w9f/uiuhsOVL9j5NhJLZrV6gR1hqtjJ70fn5dL++vjLoB9T8AAAAAAAAAAAAAAAAAAAAAAH+CLcdJOY6T8rf+V7+IxEXE/z4gNSIiV3swZHTQEa4/ToHGi3vRIRHz1WJuMVffeh3WRcQUQ0YlJT/c+8FTi/03j1TNsLw3l7z8pcVcxG3J5KXg5o9Jqk9a8x1n8np2YkzVNef3SXJnflpS8ldwfjowPyYXzu/I1yQlH+akLKbMu+No5D8fU+razWxLfsLtBwAAAADAaaCpbYHrd03bq72ev72+bn0+EGmsr0cD1+dR+S/a27kDAAAAAHBW2NWnRd00DWufICEH92k/iB7TJ/sz/N0s/28Zjm+m+wT+wZua4t7Ojp+W0CFOyx5BWNrJGqnNRh11Fv5jo736yNR4965g0zD+efP2e+cOcWU1fsBM2w8i+98AfV37BQQAAACgaxpFv79nvLcDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAADgDOrGv0nr9RwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk+JXAAAA//+qDgR1") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) fdatasync(r0) 2.010023102s ago: executing program 3 (id=217): r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000020000402505a1a440000002030109025c0002010000000904000001020d0000052406000105240000000d240f0100000000060000000006241a0000000905810300020000000904010000020d00000904010102020d0000090582020002000000090503020002"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000000c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x80, 0x1c, {0x10, 0xa08, 0x0, 0xb, 0x445, 0x5, 0xa, 0x2004, 0x200, 0xd, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 1.937987397s ago: executing program 5 (id=219): rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8) r0 = gettid() timer_create(0x3, &(0x7f0000000040)={0x0, 0x1a, 0x4, @tid=r0}, &(0x7f0000000000)) timer_settime(0x0, 0x236bd4336e4642df, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0) syz_mount_image$ext4(&(0x7f0000000540)='ext4\x00', &(0x7f0000000580)='./file2\x00', 0x8010, &(0x7f00000005c0), 0x1, 0x540, &(0x7f0000000b40)="$eJzs3c1rHGUYAPBnZrPWttFU/EA9FbRUKd2kTYvk1hw8VqrBo8Sw2YaQSTZkN7UJOaTgXUFBUQT15N2riPgHeBbRf0ARGyytt8hkd9OaL9c26dbO7wez+34Med43s8/LzjDDBlBYx/OXNOK5iLiURAzc0dcX7c7jrf1urq1Ub62tVJNYXx/7I4kkIm6srVQ7+yft96MRsRoRz0bE9+WIU+n2uI2l5ZmJLKsttOuDzdn5wcbS8unp2Ymp2lRtbnjk/MjwyCsj54b3ba5j4yOvn/jpteTbZPTVG5+9dT2JC9Hf7rtzHvup9T8px4Ut7ecOIlgPJb0eAHel1M7zckQ8HQNRamc98PBbPxSxDhRUIv+hoDrfA/Lz3852P79//D7aOgHJ495sb62evta1iXh049zkyJ/JP85M8vPNY/dzoDyUVq9FxFBf3/bPf9L+/N29of0YIAfqu9HWgdp+/NPN9Sd2WH/6O9dO71Fn/bu5bf27Hb+0y/p3qcsYcyM/PLNr/GsRz+8YP9mMn+wQP42It7uMP/b1b1/u1rf+RcTJ2Dl+R7L39eHBy9NZbaj1umOM994Y+mqv+R/ZJf6FPeaft813Of9488mfV/eI/9ILex//neIfjoj3uwz/yycfvLtbXx5/cpf57xU/b/u8y/gnXv5mtMtdAQAAAAAAAACA/yDduJctSSub5TStVFrP8D4VR9Ks3mieulxfnJts3fN2LMpp506rgVY9yetn2vfjdupnt9SHI+KJiPiwdHijXqnWs8leTx4AAAAAAAAAAAAAAAAAAAAeEEe3PP9/o9R6/h8oCD/5DcUl/6G45D8Ul/yH4pL/UFzyH4pL/kNxyX8oLvkPxSX/objkPwAAAAAAAAAAAAAAAAAAAAAAAAAAHIhLFy/m2/qttZVqXp+8srQ4U79yerLWmKnMLlYr1frCfGWqXp/KapVqffbf/l5Wr8+fj7nFq4PNWqM52FhaHp+tL841x6dnJ6Zq47XyfZkVAAAAAAAAAAAAAAAAAAAA/L/0b2xJWomIdKOcppVKxGMRcSzKyeXprDYUEY9HxI+l8qG8fqbXgwYAAAAAAAAAAAAAAAAAAICHTGNpeWYiy2oLCgoK91hIIlYfgGHsQ+FQrxcmAAAAAAAAAAAAAAAAAAAooNsP/fZ6JAAAAAAAAAAAAAAAAAAAAFBk6a9JROTbyYEX+7f2PpL8Vdp4j4h3Ph376OpEs7lwJm+/vtne/LjdfrYX4we61cnTTh4DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtzWWlmcmsqy2cICFXs8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4G78HQAA//8Y69Wj") rt_sigtimedwait(&(0x7f0000000240)={[0xffffffffffffffff]}, 0x0, 0x0, 0x8) 1.887705269s ago: executing program 5 (id=220): socket(0x10, 0x803, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fd\x00') r1 = memfd_create(&(0x7f0000000680)='v\xa6\xf5lj6,r\xaf\xe8\x10/\xecg\xed\xe3h\x80\xb8!y6w\xda\xdd\xb9\nR\xe8@\x99\xb9\x8a\x0fZ\t\x90\x8bp\x10\x84\x86t\x8a\xba\xc6\xfb\xd2\f\xef&\xad\xa8M\xe8\b\xb0#\xac)\x81\x1e\x8a\f\x11D\x90\xf5\xbb\x1c\xac\xc7\xad\xdc\\\x11\x95\xf8\xe6\xa7\xc3\xbc\x18+\x92\x92N\a\xa7\x7fN\x9bL\xf8\xebQs\x02\xf9\xadi\x8f\x0f\xff\x02n\x9d\x85\xea\x1a*\x1bC\xd8\x1c\xe8\x9bYSp\xa5\xfd\ny\xdfS\xdbU\xf8l\xb5b\x83\x00\x00\x00\x00\xfc\x83\x18\xe46\x8a\x029\x19\x8fjC\xce\xa7S\x81\xd5\xda\x84\xdf\xe3A_\x05XCk\x1d\x1cC\x97r\x93\xd6t\x81b\xc7x\xab\xa2\xf0\av\x88\x01\x92\xeaF\xa9!\xfc\x1c\xbf7q\xcf\xed&\x96\xa6\x1c_\xff\xb4\x00X\x1b\xf2w\xc1\x00\x00\x00\x00\xe0T\x1f\xbc\x85\xd1Z\xa9\x01Z\xc2\xb0\f\x9a\x16\xa5?\xf74\x88\xeez@)&\xb5\a\xc1\v\xe7\xdf\x80\xe4\x9c\xf5f\x94jC\xb1\xcfh\xc5g\x02\xc6 U\xe5\xcea\x88\xee\x0f\xf57*\xb3\xe8iWTav\xff\xd9\xb0C\x1e\xbe\x97\xc8$-\x8d)\xe8\\\x8e;I\xde\x8a\x8e\x0fq\x06\xee\xb9\xc1\xf1)\xa0\xd9T\xec\x8b\x85I\x87OZ\xd8\"4\x87\xb1\xed?:\x84S\xb9\xbf\xab#\xd0N\x8f\x1ey7\x9286p\x10uZ\xf0', 0x0) write(r1, &(0x7f0000002140)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) readlinkat(r0, &(0x7f0000000040)='./file0\x00', &(0x7f0000032240)=""/102400, 0x19000) 1.853942951s ago: executing program 5 (id=223): r0 = creat(&(0x7f0000000200)='./file0\x00', 0x17e) close(r0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r2 = dup(r1) sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000dc0), 0x6df8}}, 0x0) mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x200400, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 1.009541251s ago: executing program 5 (id=233): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) io_setup(0x3, &(0x7f0000000140)=0x0) io_submit(r2, 0x1, &(0x7f0000000a40)=[&(0x7f0000000840)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) write$uinput_user_dev(r0, &(0x7f0000000cc0)={'syz1\x00', {0x0, 0x0, 0xfffd}, 0x3, [0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x1ff, 0x8, 0x2, 0x0, 0x0, 0x0, 0x3, 0xe, 0x721a2d63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0x10000003, 0x2, 0x8, 0x7f, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0xb72, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x289, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x7fff, 0x0, 0x400, 0x0, 0x0, 0xffffffff, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x10000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0xfffffff9, 0x0, 0xfffffffe, 0x0, 0x0, 0x3, 0x0, 0x3, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000008, 0xc7, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x749, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x48, 0x10000, 0x0, 0x2, 0x3, 0x0, 0x0, 0x2, 0x400]}, 0x45c) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) 921.885706ms ago: executing program 5 (id=237): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="00220f000000560900a1"], 0x0}, 0x0) 889.777098ms ago: executing program 2 (id=239): setresgid(0xee00, 0xee01, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_procfs(r1, &(0x7f00000001c0)='smaps\x00') 854.71775ms ago: executing program 2 (id=241): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af04, &(0x7f0000000740)=0xffffffffffffffff) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000480)={0x1, 0x0, [{0xeeee0000, 0x73, &(0x7f0000000240)=""/115}]}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0x0, 0x0, 0x10000}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) 811.470043ms ago: executing program 4 (id=243): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x0, &(0x7f0000000a00)={[{@init_itable_val={'init_itable', 0x3d, 0x1}}, {@errors_remount}, {@dioread_lock}, {@barrier}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x7}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2000}}]}, 0x1, 0x783, &(0x7f0000001340)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR") r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000040)={0x4207, 0x4e99ed2, 0x3, 0x9, 0x7fffffff}) write$P9_RREADLINK(r0, &(0x7f0000000000)={0xffffffffffffff23, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab) fadvise64(r0, 0x807f, 0x1000000, 0x4) creat(&(0x7f0000000100)='./file1\x00', 0x0) 807.898313ms ago: executing program 2 (id=244): syz_io_uring_setup(0x2, &(0x7f0000000280)={0x0, 0x6d08, 0x2, 0xfffffffe, 0x10d}, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4c21, 0x84, @mcast1, 0x5}, 0x1c) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x560, 0x4) write$binfmt_aout(r0, &(0x7f0000000280)=ANY=[], 0x28) recvmsg(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x40002000) 767.979905ms ago: executing program 2 (id=245): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r1, 0x8923, &(0x7f0000002280)={'syzkaller0\x00', @random='..\x00\x00\x00\b'}) 701.677739ms ago: executing program 2 (id=246): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000e41621eb70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) 676.433111ms ago: executing program 2 (id=247): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10c4, 0xea90, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)={0x0, 0x0, 0x7, {0x7, 0x0, '\x00\x00\x00\x00\x00'}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000000)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x20, 0x1, 0x3, "c282fe"}, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="20010e"], 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) 555.347038ms ago: executing program 4 (id=249): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) writev(r0, &(0x7f0000000140)=[{&(0x7f00000001c0)="2e9b3d0007e03dd65193df163e75963f86ddf06712e9001c2f8db0049d90491c3248040000f858dbb8a1", 0x2a}, {&(0x7f0000000580)="c082b44eb524c5a9881d19488b638af6", 0x10}], 0x2) 548.830298ms ago: executing program 1 (id=250): bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$inet6(0xa, 0x3, 0x3c) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) connect$inet6(r0, &(0x7f0000000400)={0xa, 0xfffd, 0x0, @local, 0x5}, 0x2b) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)="88", 0xfdef}], 0x1) 389.695677ms ago: executing program 4 (id=251): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x8, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000500)=""/179, 0xb3) lseek(r0, 0x0, 0x0) 379.997988ms ago: executing program 1 (id=252): ioctl$HIDIOCGNAME(0xffffffffffffffff, 0x80404806, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00') r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f0000000200)={0x2020}, 0x2020) mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000040)='devtmpfs\x00', 0x2208498, 0x0) pread64(r0, &(0x7f0000002240)=""/238, 0xee, 0x1000000000004e3) 309.477522ms ago: executing program 1 (id=253): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) shutdown(r0, 0x1) sendmmsg$sock(r0, &(0x7f0000002800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 287.399093ms ago: executing program 4 (id=254): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x810) socket$packet(0x11, 0x2, 0x300) syz_emit_ethernet(0x34, &(0x7f00000000c0)={@multicast, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x26, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @empty}, {0x0, 0x88be, 0x12, 0x0, @opaque="6bd4d288a80000000000"}}}}}, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c) write(0xffffffffffffffff, 0x0, 0x0) 214.130757ms ago: executing program 4 (id=255): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0)={0x3, 0x1000}, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000240)=@req3={0x1000, 0x1, 0x1000, 0x1, 0x7ff, 0xf84, 0x3}, 0x1c) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0xffffffffffffff62, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48) pselect6(0x40, &(0x7f0000000280)={0x5, 0x5, 0x7, 0x6, 0xbd, 0x8000000000000000, 0x56, 0x1}, &(0x7f0000000300)={0xc, 0x3, 0x2, 0x1, 0x9, 0x80000001, 0x1, 0xd}, 0x0, 0x0, &(0x7f0000000a00)={0x0}) 193.907779ms ago: executing program 1 (id=256): r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0x2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@deltclass={0x24, 0x29, 0x819, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x7}, {0x3, 0x2}, {0xf, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x1800}, 0x800) 103.928864ms ago: executing program 1 (id=257): unshare(0x6a040000) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddb, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x1c}}, 0x60800) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000001900dd8d000000000000000002"], 0x24}}, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0xa2f01, 0x0) 78.100255ms ago: executing program 1 (id=258): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x80202, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f00000000c0)=@x86={0x6, 0x8, 0x9, 0x0, 0x7, 0xd, 0x2, 0x6, 0x40, 0x7, 0xd0, 0x3, 0x0, 0x8, 0x9, 0x28, 0x1, 0x8, 0x4, '\x00', 0x6, 0x1}) 0s ago: executing program 4 (id=259): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) io_setup(0x3, &(0x7f0000000140)=0x0) io_submit(r2, 0x1, &(0x7f0000000a40)=[&(0x7f0000000840)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) write$uinput_user_dev(r0, &(0x7f0000000cc0)={'syz1\x00', {0x0, 0x0, 0xfffd}, 0x3, [0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x1ff, 0x8, 0x2, 0x0, 0x0, 0x0, 0x3, 0xe, 0x721a2d63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0x10000003, 0x2, 0x8, 0x7f, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0xb72, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x289, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x7fff, 0x0, 0x400, 0x0, 0x0, 0xffffffff, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x10000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0xfffffff9, 0x0, 0xfffffffe, 0x0, 0x0, 0x3, 0x0, 0x3, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000008, 0xc7, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x749, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x48, 0x10000, 0x0, 0x2, 0x3, 0x0, 0x0, 0x2, 0x400]}, 0x45c) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.194' (ED25519) to the list of known hosts. [ 18.840619][ T28] audit: type=1400 audit(1769058252.656:64): avc: denied { mounton } for pid=275 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 18.841732][ T275] cgroup: Unknown subsys name 'net' [ 18.843845][ T28] audit: type=1400 audit(1769058252.656:65): avc: denied { mount } for pid=275 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 18.847458][ T28] audit: type=1400 audit(1769058252.656:66): avc: denied { unmount } for pid=275 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 18.847590][ T275] cgroup: Unknown subsys name 'devices' [ 18.970862][ T275] cgroup: Unknown subsys name 'hugetlb' [ 18.976481][ T275] cgroup: Unknown subsys name 'rlimit' [ 19.108214][ T28] audit: type=1400 audit(1769058252.916:67): avc: denied { setattr } for pid=275 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 19.131388][ T28] audit: type=1400 audit(1769058252.916:68): avc: denied { mounton } for pid=275 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 19.141023][ T277] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 19.156264][ T28] audit: type=1400 audit(1769058252.916:69): avc: denied { mount } for pid=275 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 19.172274][ T275] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 19.187850][ T28] audit: type=1400 audit(1769058252.986:70): avc: denied { relabelto } for pid=277 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.221824][ T28] audit: type=1400 audit(1769058252.986:71): avc: denied { write } for pid=277 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.247432][ T28] audit: type=1400 audit(1769058252.986:72): avc: denied { read } for pid=275 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 19.272978][ T28] audit: type=1400 audit(1769058252.986:73): avc: denied { open } for pid=275 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 20.404144][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.411246][ T284] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.418532][ T284] device bridge_slave_0 entered promiscuous mode [ 20.426862][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.434052][ T284] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.441325][ T284] device bridge_slave_1 entered promiscuous mode [ 20.469749][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.476795][ T283] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.484180][ T283] device bridge_slave_0 entered promiscuous mode [ 20.492024][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.499077][ T283] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.506483][ T283] device bridge_slave_1 entered promiscuous mode [ 20.607118][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.614182][ T287] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.621532][ T287] device bridge_slave_0 entered promiscuous mode [ 20.628425][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.635497][ T287] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.642918][ T287] device bridge_slave_1 entered promiscuous mode [ 20.662667][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.670018][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.677290][ T289] device bridge_slave_0 entered promiscuous mode [ 20.687022][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.694093][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.701406][ T289] device bridge_slave_1 entered promiscuous mode [ 20.816172][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.823358][ T285] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.830808][ T285] device bridge_slave_0 entered promiscuous mode [ 20.841410][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.848434][ T285] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.855798][ T285] device bridge_slave_1 entered promiscuous mode [ 20.873812][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.880861][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.888126][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.895154][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.909956][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.916996][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.924286][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.931321][ T283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 20.955939][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.963001][ T284] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.970270][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 20.977280][ T284] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.030564][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.038421][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.045941][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.053495][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.060787][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.068609][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.076143][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.111449][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.118820][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.127129][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.134157][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.141587][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.149861][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.156881][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.164354][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.172508][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.179530][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.186827][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.194768][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.202882][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.209897][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.220894][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.250686][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.258829][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.266995][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.275153][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 21.282729][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.290494][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.298603][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.305631][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.312961][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.321210][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.328219][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.335624][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.343608][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.363196][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.382930][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.391398][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.398421][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.406149][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.414535][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.421565][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.428861][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.436811][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.446827][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 21.454516][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.461918][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.479257][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 21.487309][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.495876][ T284] device veth0_vlan entered promiscuous mode [ 21.503769][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.512686][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.529821][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 21.537337][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 21.544853][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.553413][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.561731][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 21.570173][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 21.578245][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.585267][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.592622][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 21.600913][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 21.609097][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.616111][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.623423][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.631330][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.643054][ T283] device veth0_vlan entered promiscuous mode [ 21.650010][ T287] device veth0_vlan entered promiscuous mode [ 21.659085][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 21.666735][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.674281][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.681784][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.689746][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.697617][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 21.705725][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 21.713741][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.721278][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.731486][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.739647][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.749204][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.757551][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.772832][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 21.780879][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 21.788742][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.797056][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.809673][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 21.817549][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 21.826210][ T287] device veth1_macvtap entered promiscuous mode [ 21.833945][ T289] device veth0_vlan entered promiscuous mode [ 21.840433][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 21.848031][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 21.855515][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 21.869896][ T284] device veth1_macvtap entered promiscuous mode [ 21.877380][ T283] device veth1_macvtap entered promiscuous mode [ 21.886822][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 21.894614][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 21.903012][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 21.911462][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 21.919754][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 21.927946][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 21.935661][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 21.944083][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 21.952501][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 21.960761][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.978131][ T285] device veth0_vlan entered promiscuous mode [ 21.992207][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.000503][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.008723][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.017454][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.025957][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.033999][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.042145][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.050488][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.058695][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.066886][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.075143][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.083914][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.092193][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.099711][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.111957][ T289] device veth1_macvtap entered promiscuous mode [ 22.120906][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.128666][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.142397][ T285] device veth1_macvtap entered promiscuous mode [ 22.150506][ T283] request_module fs-gadgetfs succeeded, but still no fs? [ 22.170484][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.180635][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.189743][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.200048][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.219489][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.237455][ T343] loop3: detected capacity change from 0 to 2048 [ 22.239199][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.253519][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.264427][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.280524][ T346] netlink: 'syz.1.7': attribute type 4 has an invalid length. [ 22.296515][ T346] netlink: 'syz.1.7': attribute type 4 has an invalid length. [ 22.323818][ T343] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 22.328814][ T346] syz.1.7 (346) used greatest stack depth: 20568 bytes left [ 22.433474][ T283] EXT4-fs (loop3): unmounting filesystem. [ 22.628908][ T355] loop4: detected capacity change from 0 to 40427 [ 22.647108][ T355] F2FS-fs (loop4): fault_injection options not supported [ 22.663166][ T355] F2FS-fs (loop4): invalid crc value [ 22.680076][ T355] F2FS-fs (loop4): Found nat_bits in checkpoint [ 22.736056][ T355] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 22.814950][ T382] f2fs_ckpt-7:4: attempt to access beyond end of device [ 22.814950][ T382] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 22.860730][ T387] loop3: detected capacity change from 0 to 8192 [ 22.993421][ T357] loop0: detected capacity change from 0 to 131072 [ 23.002409][ T389] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 23.044590][ T357] F2FS-fs (loop0): Found nat_bits in checkpoint [ 23.112983][ T357] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 23.128202][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 23.141445][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 23.162006][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 23.170945][ T357] F2FS-fs (loop0): lookup inode (7) has corrupted xattr [ 23.172367][ T405] kvm: MWAIT instruction emulated as NOP! [ 23.180710][ T357] F2FS-fs (loop0): lookup inode (7) has corrupted xattr [ 23.186158][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 23.195466][ T357] F2FS-fs (loop0): lookup inode (7) has corrupted xattr [ 23.210638][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 23.221243][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 23.241711][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 23.250318][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 23.255437][ T411] loop1: detected capacity change from 0 to 4096 [ 23.258665][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 23.277988][ T411] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 23.337676][ T411] EXT4-fs (loop1): shut down requested (2) [ 23.370721][ T284] EXT4-fs (loop1): unmounting filesystem. [ 23.566908][ T439] binder: 437:439 ioctl c0306201 0 returned -14 [ 23.595057][ T441] process 'syz.4.43' launched './file0' with NULL argv: empty string added [ 23.794398][ T438] loop1: detected capacity change from 0 to 40427 [ 23.811512][ T438] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 23.830775][ T438] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 23.851073][ T438] F2FS-fs (loop1): invalid crc value [ 23.881394][ T438] F2FS-fs (loop1): Found nat_bits in checkpoint [ 23.948658][ T438] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 23.950192][ T450] loop3: detected capacity change from 0 to 40427 [ 23.965895][ T438] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 24.007235][ T450] F2FS-fs (loop3): invalid crc value [ 24.030312][ T28] kauditd_printk_skb: 86 callbacks suppressed [ 24.030325][ T28] audit: type=1400 audit(1769058257.846:160): avc: denied { create } for pid=433 comm="syz.1.41" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 24.057010][ T450] F2FS-fs (loop3): Found nat_bits in checkpoint [ 24.079610][ T459] SELinux: failed to load policy [ 24.103842][ T28] audit: type=1400 audit(1769058257.876:161): avc: denied { mounton } for pid=433 comm="syz.1.41" path="/7/file0/file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 24.131389][ T28] audit: type=1400 audit(1769058257.876:162): avc: denied { write } for pid=433 comm="syz.1.41" name="bus" dev="loop1" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 24.149811][ T450] F2FS-fs (loop3): Start checkpoint disabled! [ 24.152849][ T28] audit: type=1400 audit(1769058257.876:163): avc: denied { add_name } for pid=433 comm="syz.1.41" name="work" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 24.186503][ T450] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0 [ 24.194032][ T28] audit: type=1400 audit(1769058257.876:164): avc: denied { setattr } for pid=433 comm="syz.1.41" name="work" dev="loop1" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 24.219027][ T450] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 24.238539][ T467] loop0: detected capacity change from 0 to 512 [ 24.248286][ T28] audit: type=1400 audit(1769058257.876:165): avc: denied { remove_name } for pid=433 comm="syz.1.41" name="#3" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 24.274213][ T467] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 24.285326][ T28] audit: type=1400 audit(1769058257.876:166): avc: denied { unlink } for pid=433 comm="syz.1.41" name="#3" dev="loop1" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1 [ 24.334056][ T467] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 24.349609][ T467] ext4 filesystem being mounted at /5/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 24.369960][ T28] audit: type=1400 audit(1769058257.876:167): avc: denied { unlink } for pid=433 comm="syz.1.41" name="#4" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 24.432110][ T467] Quota error (device loop0): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8 [ 24.432652][ T444] loop4: detected capacity change from 0 to 131072 [ 24.443385][ T467] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 24.460130][ T467] EXT4-fs error (device loop0): ext4_acquire_dquot:6796: comm syz.0.51: Failed to acquire dquot type 0 [ 24.486487][ T467] EXT4-fs error (device loop0): ext4_acquire_dquot:6796: comm syz.0.51: Failed to acquire dquot type 0 [ 24.505539][ T444] F2FS-fs (loop4): Wrong NAT boundary, start(2560) end(5) blocks(1024) [ 24.525624][ T444] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 24.536766][ T480] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 24.544804][ T285] EXT4-fs (loop0): unmounting filesystem. [ 24.570827][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 24.583948][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 24.598275][ T444] F2FS-fs (loop4): Found nat_bits in checkpoint [ 24.600966][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 24.650690][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 24.679305][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 24.687593][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 24.709268][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 24.717948][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 24.726890][ T444] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 24.745574][ T444] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 24.745870][ T287] ------------[ cut here ]------------ [ 24.758556][ T287] WARNING: CPU: 1 PID: 287 at fs/overlayfs/util.c:489 ovl_dir_modified+0x189/0x1c0 [ 24.768007][ T287] Modules linked in: [ 24.772321][ T287] CPU: 1 PID: 287 Comm: syz-executor Not tainted syzkaller #0 [ 24.779884][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 24.790083][ T287] RIP: 0010:ovl_dir_modified+0x189/0x1c0 [ 24.795733][ T287] Code: 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 1e b0 a3 ff 49 ff 06 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 97 83 5e ff <0f> 0b e9 17 ff ff ff e8 8b 83 5e ff 0f 0b e9 51 ff ff ff 44 89 e1 [ 24.815563][ T287] RSP: 0000:ffffc90000d17b20 EFLAGS: 00010293 [ 24.821759][ T287] RAX: ffffffff8212c629 RBX: 1ffff11026642c8e RCX: ffff88810e222880 [ 24.830052][ T287] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 24.838016][ T287] RBP: ffffc90000d17b50 R08: ffff888133180bbf R09: 1ffff11026630177 [ 24.846319][ T287] R10: dffffc0000000000 R11: ffffed1026630178 R12: ffff888133216440 [ 24.854407][ T287] R13: 0000000000000000 R14: ffff888133180b18 R15: ffff888133216470 [ 24.862471][ T287] FS: 0000555571f6c500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 24.871470][ T287] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.878046][ T287] CR2: 00007f9c217ee000 CR3: 00000001307b8000 CR4: 00000000003526a0 [ 24.886148][ T287] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.894136][ T287] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 24.902113][ T287] Call Trace: [ 24.905368][ T287] [ 24.908274][ T287] ovl_do_remove+0x717/0xac0 [ 24.912884][ T287] ? ovl_set_redirect+0x6c0/0x6c0 [ 24.917897][ T287] ? selinux_inode_rmdir+0x22/0x30 [ 24.923006][ T287] ovl_rmdir+0x1a/0x20 [ 24.927066][ T287] vfs_rmdir+0x393/0x500 [ 24.931332][ T287] incfs_kill_sb+0x105/0x220 [ 24.935914][ T287] deactivate_locked_super+0xb5/0x120 [ 24.941410][ T287] deactivate_super+0xaf/0xe0 [ 24.946104][ T287] cleanup_mnt+0x474/0x500 [ 24.950531][ T287] __cleanup_mnt+0x19/0x20 [ 24.954935][ T287] task_work_run+0x1e1/0x250 [ 24.959631][ T287] ? __cfi_task_work_run+0x10/0x10 [ 24.964728][ T287] ? __x64_sys_umount+0x12d/0x170 [ 24.969763][ T287] ? __cfi___x64_sys_umount+0x10/0x10 [ 24.975141][ T287] exit_to_user_mode_loop+0x9b/0xb0 [ 24.980370][ T287] exit_to_user_mode_prepare+0x87/0xd0 [ 24.985826][ T287] syscall_exit_to_user_mode+0x1a/0x30 [ 24.991307][ T287] do_syscall_64+0x58/0xa0 [ 24.995730][ T287] ? clear_bhb_loop+0x30/0x80 [ 25.000419][ T287] ? clear_bhb_loop+0x30/0x80 [ 25.005098][ T287] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 25.011011][ T287] RIP: 0033:0x7ff17fd9bf17 [ 25.015427][ T287] Code: a2 c7 05 7c 96 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 25.035070][ T287] RSP: 002b:00007ffc5fad0dd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 25.043641][ T287] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ff17fd9bf17 [ 25.051618][ T287] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc5fad0e90 [ 25.059610][ T287] RBP: 00007ffc5fad0e90 R08: 00007ffc5fad1e90 R09: 00000000ffffffff [ 25.067559][ T287] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc5fad1f20 [ 25.075528][ T287] R13: 00007ff17fe0471f R14: 0000000000006083 R15: 00007ffc5fad1f60 [ 25.083505][ T287] [ 25.086501][ T287] ---[ end trace 0000000000000000 ]--- [ 25.092205][ T287] ------------[ cut here ]------------ [ 25.097660][ T287] WARNING: CPU: 0 PID: 287 at fs/overlayfs/util.c:489 ovl_dir_modified+0x189/0x1c0 [ 25.106975][ T287] Modules linked in: [ 25.110875][ T287] CPU: 0 PID: 287 Comm: syz-executor Tainted: G W syzkaller #0 [ 25.119814][ T287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 25.129874][ T287] RIP: 0010:ovl_dir_modified+0x189/0x1c0 [ 25.135494][ T287] Code: 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 1e b0 a3 ff 49 ff 06 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 97 83 5e ff <0f> 0b e9 17 ff ff ff e8 8b 83 5e ff 0f 0b e9 51 ff ff ff 44 89 e1 [ 25.155105][ T287] RSP: 0000:ffffc90000d17b20 EFLAGS: 00010293 [ 25.161187][ T287] RAX: ffffffff8212c629 RBX: 1ffff11026642c8e RCX: ffff88810e222880 [ 25.169165][ T287] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 25.177123][ T287] RBP: ffffc90000d17b50 R08: ffff888133180bbf R09: 1ffff11026630177 [ 25.185114][ T287] R10: dffffc0000000000 R11: ffffed1026630178 R12: ffff888133216440 [ 25.193097][ T287] R13: 0000000000000000 R14: ffff888133180b18 R15: ffff888133216470 [ 25.201180][ T287] FS: 0000555571f6c500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 25.210129][ T287] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.216705][ T287] CR2: 00007f9c1ebf78d8 CR3: 00000001307b8000 CR4: 00000000003526b0 [ 25.224685][ T287] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.232666][ T287] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.240654][ T287] Call Trace: [ 25.243927][ T287] [ 25.246847][ T287] ovl_do_remove+0x717/0xac0 [ 25.251438][ T287] ? ovl_set_redirect+0x6c0/0x6c0 [ 25.256452][ T287] ? selinux_inode_rmdir+0x22/0x30 [ 25.261562][ T287] ovl_rmdir+0x1a/0x20 [ 25.265622][ T287] vfs_rmdir+0x393/0x500 [ 25.269865][ T287] incfs_kill_sb+0x198/0x220 [ 25.274447][ T287] deactivate_locked_super+0xb5/0x120 [ 25.279925][ T287] deactivate_super+0xaf/0xe0 [ 25.284586][ T287] cleanup_mnt+0x474/0x500 [ 25.289001][ T287] __cleanup_mnt+0x19/0x20 [ 25.293408][ T287] task_work_run+0x1e1/0x250 [ 25.297987][ T287] ? __cfi_task_work_run+0x10/0x10 [ 25.303107][ T287] ? __x64_sys_umount+0x12d/0x170 [ 25.308124][ T287] ? __cfi___x64_sys_umount+0x10/0x10 [ 25.313497][ T287] exit_to_user_mode_loop+0x9b/0xb0 [ 25.318687][ T287] exit_to_user_mode_prepare+0x87/0xd0 [ 25.324147][ T287] syscall_exit_to_user_mode+0x1a/0x30 [ 25.329612][ T287] do_syscall_64+0x58/0xa0 [ 25.334003][ T287] ? clear_bhb_loop+0x30/0x80 [ 25.338655][ T287] ? clear_bhb_loop+0x30/0x80 [ 25.343329][ T287] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 25.349227][ T287] RIP: 0033:0x7ff17fd9bf17 [ 25.353619][ T287] Code: a2 c7 05 7c 96 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 25.373524][ T287] RSP: 002b:00007ffc5fad0dd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 25.381946][ T287] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007ff17fd9bf17 [ 25.389925][ T287] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc5fad0e90 [ 25.397871][ T287] RBP: 00007ffc5fad0e90 R08: 00007ffc5fad1e90 R09: 00000000ffffffff [ 25.405836][ T287] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc5fad1f20 [ 25.413809][ T287] R13: 00007ff17fe0471f R14: 0000000000006083 R15: 00007ffc5fad1f60 [ 25.421776][ T287] [ 25.424780][ T287] ---[ end trace 0000000000000000 ]--- [ 25.448033][ T8] kworker/u4:0: attempt to access beyond end of device [ 25.448033][ T8] loop3: rw=1, sector=77824, nr_sectors = 8 limit=40427 [ 25.478155][ T8] kworker/u4:0: attempt to access beyond end of device [ 25.478155][ T8] loop3: rw=1, sector=77832, nr_sectors = 4088 limit=40427 [ 25.538723][ T8] kworker/u4:0: attempt to access beyond end of device [ 25.538723][ T8] loop3: rw=1, sector=49152, nr_sectors = 8 limit=40427 [ 25.590313][ T8] kworker/u4:0: attempt to access beyond end of device [ 25.590313][ T8] loop3: rw=1, sector=49160, nr_sectors = 4088 limit=40427 [ 25.619927][ T8] kworker/u4:0: attempt to access beyond end of device [ 25.619927][ T8] loop3: rw=1, sector=57344, nr_sectors = 8 limit=40427 [ 25.655870][ T8] kworker/u4:0: attempt to access beyond end of device [ 25.655870][ T8] loop3: rw=1, sector=57352, nr_sectors = 4064 limit=40427 [ 25.702432][ T8] kworker/u4:0: attempt to access beyond end of device [ 25.702432][ T8] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 25.754254][ T520] netlink: 12 bytes leftover after parsing attributes in process `syz.4.62'. [ 25.788707][ T524] loop0: detected capacity change from 0 to 1024 [ 25.812945][ T528] loop4: detected capacity change from 0 to 16 [ 25.843599][ T526] loop2: detected capacity change from 0 to 8192 [ 25.868552][ T528] erofs: (device loop4): mounted with root inode @ nid 36. [ 25.903141][ T524] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 25.928680][ T528] erofs: (device loop4): init_inode_xattrs: xattr_isize 12 of nid 46 is not supported yet [ 25.953288][ T535] TCP: tcp_parse_options: Illegal window scaling value 94 > 14 received [ 25.969087][ T528] SELinux: inode_doinit_use_xattr: getxattr returned 95 for dev=loop4 ino=46 [ 25.978045][ T528] erofs: (device loop4): init_inode_xattrs: xattr_isize 12 of nid 46 is not supported yet [ 25.988539][ T528] SELinux: inode_doinit_use_xattr: getxattr returned 95 for dev=loop4 ino=46 [ 25.991923][ T537] erofs: (device loop4): init_inode_xattrs: xattr_isize 12 of nid 46 is not supported yet [ 26.007448][ T537] SELinux: inode_doinit_use_xattr: getxattr returned 95 for dev=loop4 ino=46 [ 26.017466][ T285] EXT4-fs (loop0): unmounting filesystem. [ 26.019496][ T537] 9pnet_fd: Insufficient options for proto=fd [ 26.024644][ T528] erofs: (device loop4): init_inode_xattrs: xattr_isize 12 of nid 46 is not supported yet [ 26.044616][ T542] loop3: detected capacity change from 0 to 512 [ 26.057841][ T542] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 26.075302][ T542] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 26.086469][ T542] EXT4-fs (loop3): 1 truncate cleaned up [ 26.094389][ T542] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 26.114963][ T542] EXT4-fs error (device loop3): ext4_empty_dir:3177: inode #2: block 13: comm syz.3.77: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 26.144286][ T542] EXT4-fs (loop3): Remounting filesystem read-only [ 26.162098][ T283] EXT4-fs (loop3): unmounting filesystem. [ 26.245959][ T559] loop3: detected capacity change from 0 to 1024 [ 26.253631][ T559] ======================================================= [ 26.253631][ T559] WARNING: The mand mount option has been deprecated and [ 26.253631][ T559] and is ignored by this kernel. Remove the mand [ 26.253631][ T559] option from the mount to silence this warning. [ 26.253631][ T559] ======================================================= [ 26.299035][ T19] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 26.300657][ T559] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 26.315198][ T559] ext4 filesystem being mounted at /16/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 26.338615][ T559] EXT4-fs error (device loop3): ext4_map_blocks:745: inode #15: block 3: comm syz.3.82: lblock 3 mapped to illegal pblock 3 (length 3) [ 26.352659][ T559] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 26.365151][ T559] EXT4-fs (loop3): This should not happen!! Data will be lost [ 26.365151][ T559] [ 26.377627][ T559] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.82: bg 0: block 112: padding at end of block bitmap is not set [ 26.393248][ T559] EXT4-fs error (device loop3): ext4_ext_remove_space:2930: inode #15: comm syz.3.82: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 3, max 4(4), depth 0(0) [ 26.411530][ T559] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 64 with max blocks 4 with error 117 [ 26.423952][ T559] EXT4-fs (loop3): This should not happen!! Data will be lost [ 26.423952][ T559] [ 26.438619][ T8] EXT4-fs error (device loop3): ext4_map_blocks:745: inode #15: block 8: comm kworker/u4:0: lblock 8 mapped to illegal pblock 8 (length 5) [ 26.453109][ T8] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 5 with error 117 [ 26.458982][ T309] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 26.465448][ T8] EXT4-fs (loop3): This should not happen!! Data will be lost [ 26.465448][ T8] [ 26.482671][ T19] usb 2-1: Using ep0 maxpacket: 32 [ 26.483798][ T283] EXT4-fs (loop3): unmounting filesystem. [ 26.488871][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.504510][ T19] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 26.513567][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.522838][ T19] usb 2-1: config 0 descriptor?? [ 26.531033][ T563] loop3: detected capacity change from 0 to 1024 [ 26.537598][ T563] EXT4-fs: Ignoring removed orlov option [ 26.543756][ T19] hub 2-1:0.0: USB hub found [ 26.570590][ T563] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 26.588624][ T283] EXT4-fs (loop3): unmounting filesystem. [ 26.602574][ T567] loop3: detected capacity change from 0 to 128 [ 26.612418][ T567] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 26.621153][ T567] ext4 filesystem being mounted at /18/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 26.654830][ T309] usb 5-1: Using ep0 maxpacket: 16 [ 26.666687][ T567] EXT4-fs (loop3): re-mounted. Quota mode: none. [ 26.667387][ T309] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 26.684082][ T309] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 26.695739][ T567] EXT4-fs (loop3): re-mounted. Quota mode: none. [ 26.696602][ T309] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 26.711173][ T309] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 26.720009][ T309] usb 5-1: Product: syz [ 26.720062][ T283] EXT4-fs (loop3): unmounting filesystem. [ 26.724368][ T309] usb 5-1: Manufacturer: syz [ 26.734545][ T309] usb 5-1: SerialNumber: syz [ 26.736043][ T19] hub 2-1:0.0: 1 port detected [ 26.750251][ T570] capability: warning: `syz.3.86' uses deprecated v2 capabilities in a way that may be insecure [ 26.980971][ T309] usb 5-1: 0:2 : does not exist [ 26.990471][ T309] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 27.021896][ T309] usb 5-1: USB disconnect, device number 2 [ 27.199260][ T39] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 27.379002][ T586] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 27.386563][ T39] usb 3-1: Using ep0 maxpacket: 16 [ 27.392825][ T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.403778][ T39] usb 3-1: New USB device found, idVendor=0738, idProduct=1705, bcdDevice= 0.00 [ 27.412813][ T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.421554][ T39] usb 3-1: config 0 descriptor?? [ 27.550881][ T19] hub 2-1:0.0: hub_ext_port_status failed (err = -71) [ 27.564643][ T590] usb 2-1: USB disconnect, device number 2 [ 27.572889][ T586] usb 4-1: Using ep0 maxpacket: 32 [ 27.579353][ T586] usb 4-1: config 2 has an invalid interface number: 88 but max is 0 [ 27.587462][ T586] usb 4-1: config 2 has no interface number 0 [ 27.597687][ T586] usb 4-1: config 2 interface 88 has no altsetting 0 [ 27.606029][ T586] usb 4-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e [ 27.615106][ T586] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 27.623098][ T586] usb 4-1: Product: syz [ 27.627253][ T586] usb 4-1: Manufacturer: syz [ 27.631962][ T586] usb 4-1: SerialNumber: syz [ 27.653380][ T309] kernel read not supported for file inotify (pid: 309 comm: kworker/1:2) [ 27.676247][ T597] input: syz1 as /devices/virtual/input/input4 [ 27.833181][ T39] saitek 0003:0738:1705.0001: unknown main item tag 0x0 [ 27.840255][ T39] saitek 0003:0738:1705.0001: unknown main item tag 0x0 [ 27.847186][ T39] saitek 0003:0738:1705.0001: collection stack underflow [ 27.855602][ T39] saitek 0003:0738:1705.0001: item 0 0 0 12 parsing failed [ 27.862983][ T39] saitek 0003:0738:1705.0001: parse failed [ 27.868784][ T39] saitek: probe of 0003:0738:1705.0001 failed with error -22 [ 28.008975][ T19] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 28.039143][ T39] usb 3-1: USB disconnect, device number 2 [ 28.064111][ T603] loop1: detected capacity change from 0 to 128 [ 28.073095][ T603] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 28.081821][ T603] ext4 filesystem being mounted at /15/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 28.097401][ T603] syz.1.97 (pid 603) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 28.109918][ T603] fscrypt: Adiantum using implementation "adiantum(xchacha12-simd,aes-aesni,nhpoly1305-generic)" [ 28.124875][ T284] EXT4-fs (loop1): unmounting filesystem. [ 28.158994][ T549] Bluetooth: hci0: command 0x1003 tx timeout [ 28.165039][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 28.188989][ T19] usb 5-1: Using ep0 maxpacket: 32 [ 28.199552][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 28.210495][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 28.220856][ T19] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 28.229921][ T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.238836][ T19] usb 5-1: config 0 descriptor?? [ 28.245453][ T19] hub 5-1:0.0: USB hub found [ 28.446725][ T19] hub 5-1:0.0: 1 port detected [ 28.507511][ T639] loop0: detected capacity change from 0 to 256 [ 28.514534][ T639] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 28.525533][ T639] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 28.535508][ T639] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 28.568593][ T639] incfs: ino conflict with backing FS 1 [ 28.610525][ T637] exFAT-fs (loop0): abnormal access to deleted dentry [ 28.654765][ T586] asix 4-1:2.88 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 28.679061][ T586] asix: probe of 4-1:2.88 failed with error -32 [ 28.692264][ T586] usb 4-1: USB disconnect, device number 2 [ 28.737476][ T641] loop2: detected capacity change from 0 to 40427 [ 28.769974][ T641] F2FS-fs (loop2): Found nat_bits in checkpoint [ 28.806223][ T641] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 28.842883][ T641] syz.2.111: attempt to access beyond end of device [ 28.842883][ T641] loop2: rw=2049, sector=53248, nr_sectors = 136 limit=40427 [ 28.868014][ T287] syz-executor: attempt to access beyond end of device [ 28.868014][ T287] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 28.878057][ T647] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.889078][ T647] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.896575][ T647] device bridge_slave_0 entered promiscuous mode [ 28.904129][ T647] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.911314][ T647] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.918743][ T647] device bridge_slave_1 entered promiscuous mode [ 28.990336][ T647] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.997379][ T647] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.004611][ T647] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.011639][ T647] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.034770][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.042667][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.050478][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.060562][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 29.068728][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.075793][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.081050][ T19] hub 5-1:0.0: activate --> -90 [ 29.099990][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 29.108397][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.115468][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.129983][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.138351][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.154994][ T665] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 29.161011][ T647] device veth0_vlan entered promiscuous mode [ 29.179700][ T665] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 29.195465][ T665] overlayfs: failed to create directory ./bus/work (errno: 17); mounting read-only [ 29.207179][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.216322][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.224640][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.232191][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.263714][ T647] device veth1_macvtap entered promiscuous mode [ 29.272357][ T8] device bridge_slave_1 left promiscuous mode [ 29.278477][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.295919][ T8] device bridge_slave_0 left promiscuous mode [ 29.302145][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.319925][ T8] device veth1_macvtap left promiscuous mode [ 29.329114][ T8] device veth0_vlan left promiscuous mode [ 29.394762][ T28] kauditd_printk_skb: 72 callbacks suppressed [ 29.394775][ T28] audit: type=1400 audit(1769058263.206:238): avc: denied { create } for pid=678 comm="syz.2.124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 29.423223][ T28] audit: type=1400 audit(1769058263.206:239): avc: denied { setopt } for pid=678 comm="syz.2.124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 29.443922][ T28] audit: type=1400 audit(1769058263.206:240): avc: denied { write } for pid=678 comm="syz.2.124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 29.463893][ T28] audit: type=1400 audit(1769058263.206:241): avc: denied { nlmsg_write } for pid=678 comm="syz.2.124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 29.464400][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.484472][ T28] audit: type=1400 audit(1769058263.236:242): avc: denied { create } for pid=680 comm="syz.2.125" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 29.512330][ T19] usb 5-1-port1: config error [ 29.517636][ T670] usb 5-1: USB disconnect, device number 3 [ 29.527451][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.538341][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.601652][ T28] audit: type=1400 audit(1769058263.416:243): avc: denied { bind } for pid=690 comm="syz.1.127" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 29.621643][ T28] audit: type=1400 audit(1769058263.416:244): avc: denied { name_bind } for pid=690 comm="syz.1.127" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 29.635362][ T693] netlink: 'syz.1.128': attribute type 1 has an invalid length. [ 29.650996][ T693] netlink: 16 bytes leftover after parsing attributes in process `syz.1.128'. [ 29.655545][ T28] audit: type=1400 audit(1769058263.416:245): avc: denied { node_bind } for pid=690 comm="syz.1.127" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 29.665149][ T693] Zero length message leads to an empty skb [ 29.690354][ T28] audit: type=1400 audit(1769058263.496:246): avc: denied { create } for pid=694 comm="syz.5.129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 29.727811][ T28] audit: type=1400 audit(1769058263.506:247): avc: denied { write } for pid=694 comm="syz.5.129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 29.996087][ T719] loop1: detected capacity change from 0 to 512 [ 30.013173][ T719] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 30.024766][ T719] ext4 filesystem being mounted at /32/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 30.287176][ T730] netlink: 'syz.2.143': attribute type 1 has an invalid length. [ 30.343843][ T737] kvm: emulating exchange as write [ 30.359062][ T39] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 30.504043][ T754] loop3: detected capacity change from 0 to 1024 [ 30.520856][ T754] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 30.539118][ T283] EXT4-fs (loop3): unmounting filesystem. [ 30.548737][ T284] EXT4-fs (loop1): unmounting filesystem. [ 30.557118][ T39] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 30.566732][ T39] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 30.575071][ T39] usb 5-1: Product: syz [ 30.579444][ T39] usb 5-1: Manufacturer: syz [ 30.586360][ T39] usb 5-1: SerialNumber: syz [ 30.596624][ T39] usb 5-1: config 0 descriptor?? [ 30.607045][ T39] usb-storage 5-1:0.0: USB Mass Storage device detected [ 30.714730][ T774] loop5: detected capacity change from 0 to 256 [ 30.728688][ T774] exfat: Deprecated parameter 'utf8' [ 30.734144][ T774] exfat: Deprecated parameter 'namecase' [ 30.745985][ T774] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xc465a08c, utbl_chksum : 0xe619d30d) [ 31.245434][ T790] loop5: detected capacity change from 0 to 131072 [ 31.256527][ T790] F2FS-fs (loop5): Wrong CP boundary, start(512) end(1536) blocks(0) [ 31.264909][ T790] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 31.280404][ T790] F2FS-fs (loop5): Found nat_bits in checkpoint [ 31.311350][ T790] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 31.318409][ T790] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 31.388766][ T820] user requested TSC rate below hardware speed [ 31.768985][ T39] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 31.968969][ T39] usb 6-1: Using ep0 maxpacket: 32 [ 31.975416][ T39] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 31.986479][ T39] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 31.995594][ T39] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 32.007613][ T39] usb 6-1: config 0 descriptor?? [ 32.014351][ T39] hub 6-1:0.0: USB hub found [ 32.214742][ T39] hub 6-1:0.0: 1 port detected [ 32.761850][ T848] loop1: detected capacity change from 0 to 131072 [ 32.768915][ T848] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0) [ 32.777081][ T848] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 32.787147][ T848] F2FS-fs (loop1): Found nat_bits in checkpoint [ 32.819002][ T848] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 32.826079][ T848] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 33.025790][ T24] hub 6-1:0.0: hub_ext_port_status failed (err = -71) [ 33.032749][ T769] usb 6-1: USB disconnect, device number 2 [ 33.107346][ T24] usb 5-1: USB disconnect, device number 4 [ 33.127802][ T861] netlink: 8 bytes leftover after parsing attributes in process `syz.4.194'. [ 33.268994][ T19] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 33.279412][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 33.279642][ T548] Bluetooth: hci0: command 0x1003 tx timeout [ 33.458990][ T19] usb 2-1: Using ep0 maxpacket: 16 [ 33.465217][ T19] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 33.480954][ T19] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 33.518421][ T19] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 33.561472][ T19] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 33.577800][ T19] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.586767][ T19] usb 2-1: Product: syz [ 33.591449][ T19] usb 2-1: Manufacturer: syz [ 33.596568][ T19] usb 2-1: SerialNumber: syz [ 33.641777][ T904] netlink: 'syz.5.209': attribute type 4 has an invalid length. [ 33.731162][ T915] loop5: detected capacity change from 0 to 128 [ 33.808515][ T915] syz.5.215: attempt to access beyond end of device [ 33.808515][ T915] loop5: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 33.841173][ T925] loop5: detected capacity change from 0 to 1024 [ 33.850737][ T925] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 33.859277][ T925] ext4 filesystem being mounted at /19/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 33.879267][ T647] EXT4-fs (loop5): unmounting filesystem. [ 34.024398][ T19] usb 2-1: 0:2 : does not exist [ 34.028995][ T24] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 34.210022][ T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 34.222024][ T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 34.231414][ T24] usb 4-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 34.239429][ T24] usb 4-1: Product: syz [ 34.243630][ T24] usb 4-1: SerialNumber: syz [ 34.497003][ T28] kauditd_printk_skb: 37 callbacks suppressed [ 34.497017][ T28] audit: type=1400 audit(1769058268.306:285): avc: denied { bind } for pid=940 comm="syz.4.224" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 34.535180][ T28] audit: type=1400 audit(1769058268.346:286): avc: denied { unmount } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 34.638467][ T19] usb 2-1: 1:0: failed to get current value for ch 0 (-22) [ 34.655776][ T19] usb 2-1: USB disconnect, device number 3 [ 34.769430][ T961] input: syz1 as /devices/virtual/input/input5 [ 34.856603][ T971] loop4: detected capacity change from 0 to 16 [ 34.865909][ T971] erofs: (device loop4): mounted with root inode @ nid 36. [ 34.878692][ T971] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=86 [ 34.887960][ T971] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=86 [ 34.897122][ T971] overlayfs: failed to get metacopy (-117) [ 34.934155][ T28] audit: type=1400 audit(1769058268.746:287): avc: denied { getopt } for pid=980 comm="syz.4.242" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 34.968055][ T984] loop4: detected capacity change from 0 to 2048 [ 34.968459][ T28] audit: type=1400 audit(1769058268.776:288): avc: denied { sqpoll } for pid=985 comm="syz.2.244" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 35.004946][ T984] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 35.013560][ T984] ext4 filesystem being mounted at /46/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 35.096583][ T993] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.243: bg 0: block 345: padding at end of block bitmap is not set [ 35.111014][ T993] EXT4-fs (loop4): Remounting filesystem read-only [ 35.149089][ T769] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 35.211775][ T289] EXT4-fs (loop4): unmounting filesystem. [ 35.220955][ T1001] xt_hashlimit: size too large, truncated to 1048576 [ 35.252511][ T24] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 35.259172][ T24] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 35.266544][ T24] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 35.350087][ T769] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 35.361096][ T769] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 35.379081][ T39] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 35.393186][ T28] audit: type=1400 audit(1769058269.206:289): avc: denied { mount } for pid=1005 comm="syz.1.252" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 35.396736][ T769] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 35.422269][ T28] audit: type=1400 audit(1769058269.236:290): avc: denied { unmount } for pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 35.430176][ T769] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 35.457250][ T28] audit: type=1400 audit(1769058269.266:291): avc: denied { mount } for pid=1007 comm="syz.4.251" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 35.457275][ T28] audit: type=1400 audit(1769058269.266:292): avc: denied { mounton } for pid=1007 comm="syz.4.251" path="/48/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 35.503474][ T24] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 35.515174][ T28] audit: type=1400 audit(1769058269.326:293): avc: denied { unmount } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 35.516554][ T24] usb 4-1: USB disconnect, device number 3 [ 35.555482][ T24] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 35.580646][ T28] audit: type=1400 audit(1769058269.356:294): avc: denied { read } for pid=142 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 35.673449][ T1022] netlink: 8 bytes leftover after parsing attributes in process `syz.1.257'. [ 35.697623][ T769] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.707843][ T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 35.726485][ T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 35.739451][ T769] usb 6-1: config 0 descriptor?? [ 35.757132][ T39] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 35.772735][ T1033] input: syz1 as /devices/virtual/input/input6 [ 35.783387][ T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.803088][ T39] usb 3-1: config 0 descriptor?? [ 35.808163][ T309] ================================================================== [ 35.816221][ T309] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 [ 35.824030][ T309] Read of size 8 at addr ffff88811b1b4cf0 by task kworker/1:2/309 [ 35.831811][ T309] [ 35.834118][ T309] CPU: 1 PID: 309 Comm: kworker/1:2 Tainted: G W syzkaller #0 [ 35.842947][ T309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 35.852986][ T309] Workqueue: events usb_gadget_state_work [ 35.858684][ T309] Call Trace: [ 35.861938][ T309] [ 35.864844][ T309] __dump_stack+0x21/0x24 [ 35.869147][ T309] dump_stack_lvl+0x110/0x170 [ 35.873795][ T309] ? __cfi_dump_stack_lvl+0x8/0x8 [ 35.878791][ T309] ? __list_del_entry_valid+0xa6/0x130 [ 35.884228][ T309] print_address_description+0x71/0x200 [ 35.889744][ T309] print_report+0x4a/0x60 [ 35.894050][ T309] kasan_report+0x122/0x150 [ 35.898523][ T309] ? __list_del_entry_valid+0xa6/0x130 [ 35.903959][ T309] __asan_report_load8_noabort+0x14/0x20 [ 35.909573][ T309] __list_del_entry_valid+0xa6/0x130 [ 35.914831][ T309] process_one_work+0x4b9/0xc40 [ 35.919653][ T309] worker_thread+0xa29/0x11e0 [ 35.924302][ T309] ? _raw_spin_lock_irqsave+0xc2/0x130 [ 35.929734][ T309] ? __kthread_parkme+0x142/0x180 [ 35.934729][ T309] kthread+0x281/0x320 [ 35.938770][ T309] ? __cfi_worker_thread+0x10/0x10 [ 35.943849][ T309] ? __cfi_kthread+0x10/0x10 [ 35.948410][ T309] ret_from_fork+0x1f/0x30 [ 35.952808][ T309] [ 35.955799][ T309] [ 35.958094][ T309] Allocated by task 24: [ 35.962232][ T309] kasan_set_track+0x4b/0x70 [ 35.966794][ T309] kasan_save_alloc_info+0x25/0x30 [ 35.971877][ T309] __kasan_kmalloc+0x95/0xb0 [ 35.976439][ T309] __kmalloc_node+0xb2/0x1e0 [ 35.981002][ T309] kvmalloc_node+0x28a/0x460 [ 35.985563][ T309] alloc_netdev_mqs+0x8d/0xf90 [ 35.990303][ T309] alloc_etherdev_mqs+0x37/0x40 [ 35.995122][ T309] usbnet_probe+0x209/0x27a0 [ 35.999684][ T309] usb_probe_interface+0x63f/0xb20 [ 36.004765][ T309] really_probe+0x2cb/0x960 [ 36.009239][ T309] __driver_probe_device+0x198/0x280 [ 36.014499][ T309] driver_probe_device+0x54/0x3e0 [ 36.019499][ T309] __device_attach_driver+0x2e9/0x4a0 [ 36.024839][ T309] bus_for_each_drv+0x192/0x220 [ 36.029673][ T309] __device_attach+0x2b0/0x420 [ 36.034406][ T309] device_initial_probe+0x1a/0x20 [ 36.039402][ T309] bus_probe_device+0xc0/0x1f0 [ 36.044138][ T309] device_add+0xb4d/0xef0 [ 36.048436][ T309] usb_set_configuration+0x19c2/0x1f10 [ 36.053877][ T309] usb_generic_driver_probe+0x91/0x150 [ 36.059306][ T309] usb_probe_device+0x159/0x270 [ 36.064126][ T309] really_probe+0x2cb/0x960 [ 36.068595][ T309] __driver_probe_device+0x198/0x280 [ 36.073849][ T309] driver_probe_device+0x54/0x3e0 [ 36.078841][ T309] __device_attach_driver+0x2e9/0x4a0 [ 36.084182][ T309] bus_for_each_drv+0x192/0x220 [ 36.089025][ T309] __device_attach+0x2b0/0x420 [ 36.093775][ T309] device_initial_probe+0x1a/0x20 [ 36.098779][ T309] bus_probe_device+0xc0/0x1f0 [ 36.103550][ T309] device_add+0xb4d/0xef0 [ 36.107942][ T309] usb_new_device+0xa81/0x1550 [ 36.112693][ T309] hub_event+0x2aca/0x46b0 [ 36.117100][ T309] process_one_work+0x71f/0xc40 [ 36.121925][ T309] worker_thread+0xa29/0x11e0 [ 36.126578][ T309] kthread+0x281/0x320 [ 36.130621][ T309] ret_from_fork+0x1f/0x30 [ 36.135011][ T309] [ 36.137308][ T309] Freed by task 24: [ 36.141085][ T309] kasan_set_track+0x4b/0x70 [ 36.145646][ T309] kasan_save_free_info+0x31/0x50 [ 36.150642][ T309] ____kasan_slab_free+0x132/0x180 [ 36.155731][ T309] __kasan_slab_free+0x11/0x20 [ 36.160482][ T309] slab_free_freelist_hook+0xc2/0x190 [ 36.165837][ T309] __kmem_cache_free+0xb7/0x1b0 [ 36.170671][ T309] kfree+0x6f/0xf0 [ 36.174395][ T309] kvfree+0x35/0x40 [ 36.178179][ T309] netdev_freemem+0x3f/0x60 [ 36.182666][ T309] netdev_release+0x7f/0xb0 [ 36.187139][ T309] device_release+0xa4/0x1d0 [ 36.191700][ T309] kobject_put+0x19d/0x280 [ 36.196089][ T309] put_device+0x1f/0x30 [ 36.200217][ T309] free_netdev+0x392/0x490 [ 36.204605][ T309] usbnet_disconnect+0x25a/0x3b0 [ 36.209516][ T309] usb_unbind_interface+0x223/0x8d0 [ 36.214686][ T309] device_release_driver_internal+0x508/0x820 [ 36.220745][ T309] device_release_driver+0x19/0x20 [ 36.225846][ T309] bus_remove_device+0x2ee/0x350 [ 36.230772][ T309] device_del+0x6bc/0xec0 [ 36.235078][ T309] usb_disable_device+0x3a8/0x750 [ 36.240083][ T309] usb_disconnect+0x31e/0x860 [ 36.244741][ T309] hub_event+0x1c1b/0x46b0 [ 36.249127][ T309] process_one_work+0x71f/0xc40 [ 36.253949][ T309] worker_thread+0xcce/0x11e0 [ 36.258597][ T309] kthread+0x281/0x320 [ 36.262636][ T309] ret_from_fork+0x1f/0x30 [ 36.267032][ T309] [ 36.269330][ T309] Last potentially related work creation: [ 36.275014][ T309] kasan_save_stack+0x3a/0x60 [ 36.279664][ T309] __kasan_record_aux_stack+0xb6/0xc0 [ 36.285011][ T309] kasan_record_aux_stack_noalloc+0xb/0x10 [ 36.290788][ T309] insert_work+0x51/0x300 [ 36.295176][ T309] __queue_work+0x9b1/0xd30 [ 36.299653][ T309] queue_work_on+0xde/0x150 [ 36.304141][ T309] usbnet_link_change+0x189/0x1b0 [ 36.309154][ T309] usbnet_probe+0x1d76/0x27a0 [ 36.313806][ T309] usb_probe_interface+0x63f/0xb20 [ 36.318890][ T309] really_probe+0x2cb/0x960 [ 36.323368][ T309] __driver_probe_device+0x198/0x280 [ 36.328627][ T309] driver_probe_device+0x54/0x3e0 [ 36.333624][ T309] __device_attach_driver+0x2e9/0x4a0 [ 36.338985][ T309] bus_for_each_drv+0x192/0x220 [ 36.343846][ T309] __device_attach+0x2b0/0x420 [ 36.348599][ T309] device_initial_probe+0x1a/0x20 [ 36.353594][ T309] bus_probe_device+0xc0/0x1f0 [ 36.358348][ T309] device_add+0xb4d/0xef0 [ 36.362646][ T309] usb_set_configuration+0x19c2/0x1f10 [ 36.368078][ T309] usb_generic_driver_probe+0x91/0x150 [ 36.373518][ T309] usb_probe_device+0x159/0x270 [ 36.378359][ T309] really_probe+0x2cb/0x960 [ 36.382848][ T309] __driver_probe_device+0x198/0x280 [ 36.388113][ T309] driver_probe_device+0x54/0x3e0 [ 36.393118][ T309] __device_attach_driver+0x2e9/0x4a0 [ 36.398477][ T309] bus_for_each_drv+0x192/0x220 [ 36.403392][ T309] __device_attach+0x2b0/0x420 [ 36.408148][ T309] device_initial_probe+0x1a/0x20 [ 36.413159][ T309] bus_probe_device+0xc0/0x1f0 [ 36.417909][ T309] device_add+0xb4d/0xef0 [ 36.422228][ T309] usb_new_device+0xa81/0x1550 [ 36.426974][ T309] hub_event+0x2aca/0x46b0 [ 36.431373][ T309] process_one_work+0x71f/0xc40 [ 36.436219][ T309] worker_thread+0xa29/0x11e0 [ 36.440887][ T309] kthread+0x281/0x320 [ 36.444946][ T309] ret_from_fork+0x1f/0x30 [ 36.449349][ T309] [ 36.451656][ T309] The buggy address belongs to the object at ffff88811b1b4000 [ 36.451656][ T309] which belongs to the cache kmalloc-4k of size 4096 [ 36.465688][ T309] The buggy address is located 3312 bytes inside of [ 36.465688][ T309] 4096-byte region [ffff88811b1b4000, ffff88811b1b5000) [ 36.479135][ T309] [ 36.481444][ T309] The buggy address belongs to the physical page: [ 36.487841][ T309] page:ffffea00046c6c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11b1b0 [ 36.498063][ T309] head:ffffea00046c6c00 order:3 compound_mapcount:0 compound_pincount:0 [ 36.506379][ T309] flags: 0x4000000000010200(slab|head|zone=1) [ 36.512465][ T309] raw: 4000000000010200 ffffea00046b2200 dead000000000002 ffff888100043380 [ 36.521119][ T309] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 36.529672][ T309] page dumped because: kasan: bad access detected [ 36.536056][ T309] page_owner tracks the page as allocated [ 36.541746][ T309] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 116, tgid 116 (udevd), ts 4789382825, free_ts 0 [ 36.561345][ T309] post_alloc_hook+0x1f5/0x210 [ 36.566110][ T309] prep_new_page+0x1c/0x110 [ 36.570601][ T309] get_page_from_freelist+0x2d12/0x2d80 [ 36.576161][ T309] __alloc_pages+0x1d9/0x480 [ 36.580762][ T309] alloc_slab_page+0x6e/0xf0 [ 36.585345][ T309] new_slab+0x98/0x3d0 [ 36.589395][ T309] ___slab_alloc+0x6bd/0xb20 [ 36.593971][ T309] __slab_alloc+0x5e/0xa0 [ 36.598290][ T309] __kmem_cache_alloc_node+0x203/0x2c0 [ 36.603738][ T309] kmalloc_trace+0x29/0xb0 [ 36.608134][ T309] kernfs_iop_get_link+0x65/0x620 [ 36.613137][ T309] pick_link+0x6dd/0xe30 [ 36.617359][ T309] step_into+0xc5c/0xf40 [ 36.621591][ T309] path_openat+0x166c/0x2f80 [ 36.626190][ T309] do_filp_open+0x1f1/0x430 [ 36.630686][ T309] do_sys_openat2+0x15e/0x810 [ 36.635343][ T309] page_owner free stack trace missing [ 36.640685][ T309] [ 36.642989][ T309] Memory state around the buggy address: [ 36.648594][ T309] ffff88811b1b4b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.656632][ T309] ffff88811b1b4c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.664692][ T309] >ffff88811b1b4c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.672729][ T309] ^ [ 36.680433][ T309] ffff88811b1b4d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.688561][ T309] ffff88811b1b4d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.696593][ T309] ================================================================== [ 36.704622][ T309] Disabling lock debugging due to kernel taint [ 36.920451][ T769] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 36.927884][ T769] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 36.935319][ T769] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 36.942742][ T769] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 36.950406][ T769] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 36.959611][ T769] plantronics 0003:047F:FFFF.0002: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 37.117850][ T39] cp2112 0003:10C4:EA90.0003: unknown main item tag 0x0 [ 37.125510][ T39] cp2112 0003:10C4:EA90.0003: unknown main item tag 0x0 [ 37.133287][ T39] cp2112 0003:10C4:EA90.0003: hidraw1: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0 [ 37.156069][ T19] usb 6-1: USB disconnect, device number 3 [ 37.317547][ T39] cp2112 0003:10C4:EA90.0003: Part Number: 0x82 Device Version: 0xFE [ 37.918709][ T39] cp2112 0003:10C4:EA90.0003: error reading lock byte: -71 [ 37.927135][ T39] usb 3-1: USB disconnect, device number 3 [ 37.950321][ T1054] fido_id[1054]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory