last executing test programs: 1.089786149s ago: executing program 0 (id=7): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000000040)=0x91, 0x4) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3b}}}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0xfffffffffffffe88, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 1.049809729s ago: executing program 0 (id=8): r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0) write$selinux_attr(r0, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d) socket$inet6(0xa, 0x80002, 0x11) 1.0206085s ago: executing program 0 (id=9): capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40}) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$GIO_CMAP(r0, 0x4b70, &(0x7f00000000c0)) 949.24375ms ago: executing program 0 (id=10): r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="05072bbd7000ffdbdf250100000018000180140002006c6f00000000000000000000000000001800028014000180080001803e0000000800010000000000040003"], 0x48}, 0x1, 0x0, 0x0, 0x40008d0}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000180)) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000001c0)={'gre0\x00', &(0x7f0000000280)={'syztnl0\x00', 0x0, 0x40, 0x7, 0x1, 0x7, {{0x1a, 0x4, 0x3, 0x2, 0x68, 0x64, 0x0, 0xa0, 0x21, 0x0, @local, @loopback, {[@generic={0x44, 0xc, "646a296bb91e40f87111"}, @generic={0x86, 0x4, "4dcc"}, @cipso={0x86, 0x1d, 0x3, [{0x2, 0xb, "4af19f0cc7dd96c1d7"}, {0x0, 0xa, "36a55c847f3d70e3"}, {0x7, 0x2}]}, @rr={0x7, 0x7, 0x4b, [@dev={0xac, 0x14, 0x14, 0x1e}]}, @ssrr={0x89, 0xf, 0x93, [@rand_addr=0x64010101, @local, @empty]}, @timestamp={0x44, 0xc, 0x85, 0x0, 0x2, [0x7ff, 0x9]}, @ra={0x94, 0x4, 0x1}]}}}}}) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0, 0xfff3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x4}}]}, 0x30}}, 0xc840) getsockname$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000380)=0x14) 896.820491ms ago: executing program 3 (id=4): sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000050, &(0x7f00000001c0)={0xa, 0x4e22, 0x40000000, @local, 0x1}, 0x1c) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f00000000c0)=0x8, 0x4) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB='4\x00\x00\x00'], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) r1 = dup(r0) bind$unix(r1, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = dup(r2) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) bind$unix(r3, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e) 882.961121ms ago: executing program 0 (id=11): prlimit64(0x0, 0x8, &(0x7f0000000000)={0x2, 0x10001}, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x10000, 0x6, 0xeeee0000, 0x2000, &(0x7f0000a1b000/0x2000)=nil}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_SET_FPU(r2, 0x41a0ae8d, &(0x7f0000000240)={'\x00', 0x4, 0x9, 0xbd, 0x0, 0xffff, 0x2, 0x2, '\x00', 0x654}) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0) 827.375422ms ago: executing program 3 (id=12): capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7}) r0 = syz_clone(0x22180, 0x0, 0xa42f, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') fchdir(r1) mount(0x0, &(0x7f00000002c0)='.\x00', &(0x7f0000000000)='proc\x00', 0x200000, 0x0) r2 = syz_open_procfs(r0, &(0x7f0000002080)='io\x00') pread64(r2, &(0x7f0000000140)=""/15, 0xf, 0x4) 804.528622ms ago: executing program 1 (id=2): syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4c00, 0x0, 0x1, 0x0, &(0x7f0000000000)) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') r0 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r0, 0x0) open(&(0x7f0000000140)='.\x00', 0x8000, 0x112) 782.092192ms ago: executing program 4 (id=5): sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, 0x0, &(0x7f00000000c0)) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0xca, 0xac5) syz_clone3(0x0, 0x0) read(0xffffffffffffffff, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) bpf$ITER_CREATE(0xb, &(0x7f00000002c0)={r0}, 0x8) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x5, 0x8000, 0x1}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r1, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r3, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 766.442432ms ago: executing program 2 (id=3): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0xa540) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0xc0505405, &(0x7f00000000c0)={0x1, 0xfffffffd}) 726.268513ms ago: executing program 3 (id=13): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) poll(0x0, 0x0, 0x200) r1 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000080)="7433e128a5205066f7a75ca20f1a5de5336d00e254cece4609f606c60f799f6ab8d58dc1c770fb6989069ef61a07405b99831ff016eba6fc6c3ef57bce9c6359dab06c58c2a4dbc5", 0x48}], 0x1) 702.615903ms ago: executing program 2 (id=14): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000180000000000000000000000850000006100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000009800000095"], &(0x7f0000000680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x18000000000002a0, 0x28, 0x0, &(0x7f0000000200)="d2ff03066003008cb89e08d986dd3c8ba713a4548db42ecf87a758994d6f5c712a3f91210c27edc4", 0x0, 0xd5b4, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 671.237633ms ago: executing program 1 (id=15): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) read(r1, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=@newlink={0x44, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_SNOOPING={0x5}, @IFLA_BR_AGEING_TIME={0x8, 0x4, 0x81}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x806}, 0x0) 656.774413ms ago: executing program 4 (id=16): r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x800, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x204000, &(0x7f0000000680)=ANY=[@ANYRES32=0x0, @ANYRESHEX, @ANYRES8=r1, @ANYRESHEX=0x0, @ANYRES16=r0, @ANYRES16, @ANYRES64=0x0, @ANYBLOB="2b3a40c476054bfebe186075f850d5e27680fb2913b7345ae7d08a22bffb7d97c94da4b5629062d10dd28ab60ff8789f43efde1582e177ec3cc0ccdf593427b4734af5752db9b7e1d7da00bef6d0d044605e7dc93aad0ca3960ab8a3ce25f9e28f693e61f78c1457ed059262d1c69262112f571bf45c473a633a422be5ba"], 0x1, 0x227, &(0x7f0000000440)="$eJzslb9rFEEUx7+zu7d3FyX+AC1sziJgBLO3u6eSxkJ7QUhELQ8zhugkFy5XJAHRYGNjLf4P1hapLAQLrWxsLFQQLExpJTgyP/Yyt7cbXOJVvk8xvPfmvXdvZt69BUEQ/y1fv/z8/Oza/OIFAEcxg7q1f/et8PEIPMf/0wu/huNafLM2/XA3n48BkHJfD/IOtVE1BPD67cuhLqUbbdxVzkV4mLG2m/Bw3sq3wBD5TrCN5mC4Y83312XmgV7TCoKzuz2xdG9F8FgtiVpStXQAOVL/3g7DEoCG/Qnm1Lextf2gK4C+EQTPhJrMfmdsq6qQv8Lsnof1XfVwxbkC9V63nz7ZwUkgMuZm7NxfAg+JlTtgWLDyPOqIoqhlVZ445z8T7Of3zbMZHlc5SeNwF1FVODFXsKU6/ODwpuDqtP+sjN/yYB/1XkOLfCTl32UOR1qwwGe8KScmqDqqR3mt8aiwNI+vBX74mlnewtyWOL23+2486tvk77A5qffSg8vtsa4Qz1XbfJgS4nph1KkRy9mSv0zWgaUtYeYHC4BzznwKnK9Ce7C63t7Y2p5bWe0u82W+lqady/HFOL6UtvVsNmvRCLT5G3o+TTn5ayW+IQv9ze5g0E82gUE/CVkIradmdSbuwqveDx3j6fnnYfaXlNnnRR+7nhvEjspsHNPSrF9aPEEQBEEQBEEQBEEQBEEQRCVaYHg/DchjRpeFBOkNvfsnAAD//+g7Wr4=") r2 = open(&(0x7f0000000140)='.\x00', 0x2c4443, 0x151) fallocate(r2, 0x8, 0x2000000, 0x10000) setsockopt$inet6_udp_int(r0, 0x11, 0xb, &(0x7f0000000100)=0x17, 0x4) 265.548248ms ago: executing program 2 (id=17): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0x7, 0x7fffffff}]}) r0 = getpgid(0x0) r1 = syz_pidfd_open(r0, 0x0) r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0xac63094eb3328933, 0x0) r3 = pidfd_getfd(r1, r2, 0x0) readlinkat(r3, &(0x7f0000000100)='\x00', &(0x7f0000000140)=""/189, 0xbd) 229.358418ms ago: executing program 4 (id=18): syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000100)='./file1\x00', 0x1000080, &(0x7f0000000e00)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c757466383d302c696f636861727365743d63703836302c696f636861727365743d6d616363726f617469616e2c756e695f786c6174653d312c747a3d5554432c6e6f6e756d7461696c3d302c756e695f786c6174653d312c696f636861727365743d63703433372c73686f72746e616d653d77696e6e742c726f6469722c73686f72746e616d653d6d697865642c6e6f636173652c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6d697865642c6572726f72733d72656d6f756e742d726f2c6e6f6e756d7461696c3d302c736d61636b66736465663d757466383d302c64697273796e632c736d61636b66736861743d262c657569643e807d6dc634ae06b292a3825c7626caa45b7a39a81660437a556646a082c54e8cf9c81260f6a760b9f06d5738818ee5a4503b0364b0f4c56abfe2", @ANYBLOB="069aba214c6180730b220e791ed3f2bb1878083984f686012c5830cbbd26b61e3e6c95e3f0fc77b6ca52b13bd6ee6120925d94ed04302b1c7356d0fa98dcc9aa72f0b8fba7146af21a2153fc180e17f632b3f61a63eaf35f00c5a7818d6ae4f4588995a66416db0273567cbb784c5ff07f3015e8055c1f825fb1f8b63eb1691a6fe9e8e6b37eabfced7e83e5e5fe73a5e6afb91ed55deb21ab95bbc51707103bec91a66091a30304ed612083bc033bac9f37c2cbc73417578bf6277c146d3a0e12d6c87d495f22f30387b831bc57d9076c0b4f", @ANYRES8=0x0, @ANYBLOB="b447ae483529fbb6cdb3451fc78679d5d4e5c8dbe7bf138ac70612f68211d65235d6b8311f152125fc6207fc42136634849817d7f158a9b150e06644512efbc0cee156a99ca1c269ebf2077906ecffbd435c40ea96b8a4c67172a5338e99e1cae910af5eb6f6c8f761b4f0f5f90690c0852a8c2c16b6f8055b7607bfacec13d272a29c7f3511d278cf6b2a09123e7c7f241bfab496209332e742ab98ba0a5841f2ffb433e1a37e2106598ac6a36d7eb25b9e0a7bf24f2478bf0bc80173007a1835bdc154a0d26dba1060b196b0d14a"], 0x4, 0x35a, &(0x7f0000000600)="$eJzs3T1onGUcAPD/9S65NFhzg1B0Ot0EKU3EQaeEUqGYQSuHX4uHTf3InYUcHsQhl1uU4qS4CDq5ddCxsziIuDm4WkGq4mK3QoOv3L3vfd/ZZLjY4u83hD//5/k/z/N+kPdNSJ57vRXblxbi8q1bN2NpKReF9XPrcTsXpTgR+Ujtx1QfLU7PAwD3uNtJEn8lqbv3/mS5F3n2A8D9q/v8f/PUIFE8QvHVB+axJABgzg758//zU7NX5rYsAGCOJp7/j400j/2av9D/mwAA4P714iuvPrexGXGxXF6KqH/YrDQr8cygfeNyvB212IqzsRIHEemLQvq20Pn67IXN82fLHb+VotKpaFYi6q1mJX1T2Mh364vt1ViJUlaf9OvznfrVbn05IvZb3fmjnmtWFmI5m//n5diKtViJhybqIy5snl8rZwNU6r36VkQ7lnoH0Vn/mViJH9+IK1GLS9GpHax/b7VcPpdsjtQ3rxW7/QAAAAAAAAAAAAAAAAAAAAAAYB7OlPtK/f1vknqr+cHF8Q6lkf1xKmlztj9QO90fKCn2due5mh/fH2h0f55mpRAn/tMjBwAAAAAAAAAAAAAAAAAAgHtHY3cxqrXa1k5j9/3t4aA1lHn3+6++PRm9pkJW+k5+UBVZcmScXsehkfPRnyLplyf5kT5ZkI/odd6vXrveX/Fwn2L/KCbKO0FxoimXralaq5169NfPp1X9XavlIhedTD4mTstokMvmH2qqP9hJLEXEwayq2cHaXfrcSJJkVvneZ5NVkYsoxIwBC+PX6yjBdzffevjJxumnuplvsk0fHn9i5aUbn375x3a1Fu30zNRqizuNg+QQI3fWOt6UJEmrM0qayWXnOTflTpgetAeZ9k5jt5r/6c+XH/n4h7HO+en3TzKceW/2XF+PZxbTIBdR6p2Ef1vqwpSbf3rw2p10vIXsBBzpwp3+Yr16fe+X3w97lYe+SdioAwAAAAAAAAAAAAAAAAAAjsXQ/4ofwdMvzG9FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD8Bp//PxS0JzKHCe60YrKpuLXTmDn5yWM9VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/sf+CQAA//+Ztm5k") r0 = open(&(0x7f0000000040)='.\x00', 0x20000, 0x0) getdents64(r0, &(0x7f0000000fc0)=""/224, 0xe0) 179.281338ms ago: executing program 2 (id=19): syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f0000000000)='./file1\x00', 0x804800, &(0x7f00000002c0)=ANY=[@ANYRES8=0x0, @ANYRES32=0x0], 0xf9, 0x1227, &(0x7f0000000600)="$eJzs3E9rXFUYB+A3Y5pJU/NHrdV2oQfciItLk4UrRYKkIBlQaiO0gnBrJjrMOFNyh8AUsXXl1s/h2p3gN8jGz+Aumy67EK/03iZt6rRVsDOSPs8i9+We88u5hxkGznDOHLz34zfdnSLbyYfRmJmJxo2IdDdFikYcemOzvl69trneam1cTunS+pXVd9+PiDd//fzbZkSc+eznpV+asb/yxcGdtd/3z+2fP/jzytedInWK1B8MU56uDwbD/HpvKW13im6W0ie9dl60U6dftHcfam+nnXciYpTy/vbiwo3ddlGkvD9K3fYoDQdpuDtK+Vd5p5+yLEuLC8FjnXp6l62f7pZlGVGWp2IuyrIsT8dCnIkXYzGW4nZEvBQvxytxNl6Nc/FavB7nq16TeHwAAAAAAAAAAAAAAAAAAAB4fjzp/P9yrDj/DwAAAAAAAAAAAAAAAAAAABPw6dVrm+ut1sbllOYjej/sbe1t1de6feXen16042Isxx9Rnf6v1fWlj1obF1NlJb7v3bqfv7W39UKVXz/Mr1Y/J3A/P1u1HeZX63w6nm/Gwr38TnSq/Fosx9nx46+Nzc/H2289lM9iOX77MgbRi+1q7Af571ZT+vDj1iP5C1U/AAAAOAmydGTs+j3LHtde54/W10//fuCR9fVsXJid7tyJKEY3u3mj196tit5hMf+3O8+uiAmO9d8WEXfKqmgeb2o8o0EbcXRnbtpzv9md+T+8BCe0aMbEBz0dx+9M+5OJSXjwNpj2kwAAAAAAAAAAAPBvPGlj4Nw/2oQ4U/+j22P7zMaYnWUfTGGeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Bc7cCwAAAAAIMzfOo2ODQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4KgAA///c6L/0") r0 = syz_open_dev$usbmon(&(0x7f0000000300), 0x7, 0x82c0) read$usbmon(r0, 0x0, 0x0) ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa08, 0x0) ioctl$USBDEVFS_DROP_PRIVILEGES(0xffffffffffffffff, 0x4004551e, 0x0) syz_open_dev$usbfs(&(0x7f0000000000), 0x205, 0x44680) 163.614359ms ago: executing program 0 (id=20): openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2140, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x42042, 0x0) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000200)={{0x2, 0x1, 0xb, 0x1, 0x8, 0x9, 0x5, 0x1, 0x0, 0x3, 0x5, 0xeb}, {0xffffffff, 0xb000, 0xa, 0xe, 0x5, 0x7, 0x1, 0x14, 0x4, 0x5, 0xf, 0x3}, {0xb000, 0x102f8000, 0xe, 0x8, 0x6, 0x7, 0x81, 0xb, 0x80, 0x1, 0xe, 0x70}, {0xeeef0000, 0x6000, 0x0, 0xfe, 0x6, 0x9, 0xc3, 0x0, 0x0, 0x0, 0x80, 0xe}, {0x2, 0x2000, 0xf, 0xff, 0x8, 0x9, 0x6, 0x7, 0x6, 0x6, 0x4, 0xfc}, {0x10d000, 0x0, 0x0, 0xb9, 0x6, 0x5, 0x42, 0x6, 0x7, 0x1, 0xf, 0xd}, {0xdddd1000, 0x6000, 0x0, 0x1, 0xa, 0x8, 0x4, 0x63, 0x2, 0x5, 0x1, 0xd}, {0xdddd1000, 0xdddd0000, 0xa, 0x21, 0xc, 0x8, 0x9, 0x4a, 0x7, 0x8, 0x43, 0x3}, {0xeeee0000, 0x5}, {0x10000}, 0x0, 0x0, 0x80a0000, 0x150690, 0x0, 0x8000, 0xeeee0c00, [0x1, 0x1004, 0x4, 0x805]}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x0, 0x0, @pic={0x3, 0x7, 0xe1, 0x81, 0x9, 0xd9, 0x40, 0x41, 0xfb, 0x5e, 0xc, 0x0, 0x1, 0x40, 0x1, 0x5}}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x6e, 0x0, 0x5, 0x20, 0x3, 0x0, 0x106c, 0x100, 0x8000000000000, 0x80000004000080, 0x0, 0x8, 0x0, 0x4, 0x0, 0x8001], 0x1, 0x3c4210}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 153.051649ms ago: executing program 3 (id=21): syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x10, &(0x7f00000002c0)={[{@norecovery}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}]}, 0xee, 0x474, &(0x7f00000004c0)="$eJzs3EtsG0UfAPD/rvNo+viSr5RHSwuBgqh4JE36oAcuIJA4gIQEhyJOIUmrUrdBTZBoVUHhUI6oEnfEEYk7Eie4IOCAkLjCHVWqql5aOBmtvZs6jp06tRu3+PeT1p7ZXWfm79mxxzN2Auhb49lNErE1Iv6IiNFaduUJ47W7G9fOz/597fxsEpXKm1eT6nnXr52fLU4tHrellqlUIoaz5HCTci++EzFTLs+fyfOTS6fen1w8e+65E6dmjs8fnz89feTIwQN7hg5PH+oovjS/z+K6vuujhd07X3370uuzRy+9+/M3WX235sfr47gtWbQNxmvPbqNHs5snOyrsrvJrdrOtbkcy0PrkiQ2oEO0rRUTWXIPV/j8apRhZPjYar3za08oBd1SlUqk0e3/OXagA/2FJ9LoGQG8Ub/TZ599i26Chx13hyou1D0BZ3DfyrXZkYHnuYLDh8203jUfE0Qv/fJlt0Y15CACAW/g+G/8822z8l8YDdef9L19DGYuI/0fE9oi4LyJ2RMT9EdVzH4yIh9ZZfuMKyerxT3r5tgJrUzb+eyFf21o5/itGfzFWynPbqvEPJsdOlOf358/JvhgczvJTa5Txw8u/f16kNzUcqx//ZVtWfjEWzOtxeaBhgm5uZmmm07gLVz6J2DXQLP4kimWcJCJ2RsSu2yzjxNNf72517Nbxr2GNdaZ2Vb6KeKrW/hdiRfw3myppuT459fzh6UOTm6I8v3+yuCpW++W3i2+0Kr+j+Lsga//NTa//5VXgsWRTxOLZcyer67WL6y/j4p+f1fXpFavLWfzptxHrvv6Hkreq6aF834czS0tnpiKGktdW75+++dgiX5yfxb9vb/P+v72uxg9HRHYR74mIR/JF3KztHouIxyNi7xrx//TSE++1Oraq/UeK+NeYle+iLP65W7V/1Lf/+hOlkz9+13b8Tdv/YDW1L9/TzutfuxXs5LkDAACAe0Va/Q58kk4sp9N0YqL2Hf4dsTktLywuPXNs4YPTc7Xvyo/FYFrMdI3WzYdO5XPDRX66IX8gnzf+ojRSzU/MLpTneh089LktLfp/5q9Sr2sH3HFdWEcD7lH6P/Qv/R/6l/4P/Uv/h/7VrP9/3IN6ABvP+z/0L/0f+pf+D/1L/4e+1PK38WlHP/nvcaL43wkd/J2rvY+i48TInSwi0t4H2BeJgU4u43YSw00P9fiFCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoEv+DQAA//9L2OJW") r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x200000c, 0x3032, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x6000) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x4000, 0xa00}]) 0s ago: executing program 2 (id=22): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02}) r1 = socket$netlink(0x10, 0x3, 0x0) preadv(r0, &(0x7f0000000140)=[{&(0x7f0000000100)=""/1, 0x1}], 0x1, 0xe, 0x6) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.108' (ED25519) to the list of known hosts. [ 22.122799][ T28] audit: type=1400 audit(1777896640.695:64): avc: denied { mounton } for pid=278 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 22.126317][ T278] cgroup: Unknown subsys name 'net' [ 22.145584][ T28] audit: type=1400 audit(1777896640.695:65): avc: denied { mount } for pid=278 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.172870][ T28] audit: type=1400 audit(1777896640.725:66): avc: denied { unmount } for pid=278 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 22.192780][ T278] cgroup: Unknown subsys name 'devices' [ 22.315836][ T278] cgroup: Unknown subsys name 'hugetlb' [ 22.321534][ T278] cgroup: Unknown subsys name 'rlimit' [ 22.425769][ T28] audit: type=1400 audit(1777896641.005:67): avc: denied { setattr } for pid=278 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.448988][ T28] audit: type=1400 audit(1777896641.005:68): avc: denied { mounton } for pid=278 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.473746][ T28] audit: type=1400 audit(1777896641.005:69): avc: denied { mount } for pid=278 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 22.504598][ T280] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 22.513362][ T28] audit: type=1400 audit(1777896641.085:70): avc: denied { relabelto } for pid=280 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.538814][ T28] audit: type=1400 audit(1777896641.085:71): avc: denied { write } for pid=280 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.570128][ T28] audit: type=1400 audit(1777896641.145:72): avc: denied { read } for pid=278 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.571169][ T278] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.595778][ T28] audit: type=1400 audit(1777896641.145:73): avc: denied { open } for pid=278 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.422777][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.429892][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.437352][ T289] device bridge_slave_0 entered promiscuous mode [ 23.444433][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.451477][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.459115][ T289] device bridge_slave_1 entered promiscuous mode [ 23.465727][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.472760][ T287] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.480191][ T287] device bridge_slave_0 entered promiscuous mode [ 23.487623][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.494714][ T287] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.502056][ T287] device bridge_slave_1 entered promiscuous mode [ 23.566591][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.573749][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.581210][ T288] device bridge_slave_0 entered promiscuous mode [ 23.589717][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.596815][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.604294][ T288] device bridge_slave_1 entered promiscuous mode [ 23.624682][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.631757][ T286] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.639273][ T286] device bridge_slave_0 entered promiscuous mode [ 23.649152][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.656266][ T286] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.663896][ T286] device bridge_slave_1 entered promiscuous mode [ 23.739822][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.746926][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.754364][ T290] device bridge_slave_0 entered promiscuous mode [ 23.777563][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.784690][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.792107][ T290] device bridge_slave_1 entered promiscuous mode [ 23.808815][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.815895][ T287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.823169][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.830217][ T287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.910868][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.917946][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.925253][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.932284][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.977698][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.984779][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.992051][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.999101][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.022845][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.029924][ T286] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.037215][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.044265][ T286] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.052943][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.060564][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.067890][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.075390][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.082773][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.090048][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.097248][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.104509][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.112535][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.120091][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.150060][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.159202][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.167739][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.174851][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.212853][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.220483][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.228234][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.235924][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.244344][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.251391][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.258857][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.267168][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.274232][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.281630][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.289931][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.296989][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.304382][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.312509][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.319593][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.327215][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.335592][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.342626][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.350067][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.361961][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.389376][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.398670][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.406942][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.416349][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.423380][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.430883][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.439041][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.446115][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.453503][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.461766][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.468809][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.476307][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.484594][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.491629][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.499128][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.508416][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 24.517005][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.525100][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.544407][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.552667][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.560739][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.569076][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.577657][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.586408][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.594581][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.602411][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.615049][ T288] device veth0_vlan entered promiscuous mode [ 24.622097][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.629912][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.637546][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.645913][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.654204][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.662241][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.670287][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.678397][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.701065][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.709636][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.721099][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.730421][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.740518][ T287] device veth0_vlan entered promiscuous mode [ 24.750251][ T288] device veth1_macvtap entered promiscuous mode [ 24.757694][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.765788][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.773948][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.782284][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.790866][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.799276][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.807664][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.815522][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.823056][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.837328][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.845396][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.863589][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.872295][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.880040][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.881006][ T288] request_module fs-gadgetfs succeeded, but still no fs? [ 24.889959][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.904522][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.912862][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.921270][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.929683][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.942061][ T289] device veth0_vlan entered promiscuous mode [ 24.948867][ T286] device veth0_vlan entered promiscuous mode [ 24.955598][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.964064][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.972199][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.979728][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.994987][ T287] device veth1_macvtap entered promiscuous mode [ 25.012932][ T290] device veth0_vlan entered promiscuous mode [ 25.019942][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.028016][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.037507][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.046776][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.058075][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.066644][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.074766][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.099050][ T289] device veth1_macvtap entered promiscuous mode [ 25.107442][ T286] device veth1_macvtap entered promiscuous mode [ 25.114538][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 25.122048][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 25.131079][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.140240][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.148789][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.157246][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.168114][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.176042][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.184629][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.192866][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.215884][ T290] device veth1_macvtap entered promiscuous mode [ 25.237942][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.247670][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.255811][ T321] capability: warning: `syz.0.9' uses deprecated v2 capabilities in a way that may be insecure [ 25.268336][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.276741][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.285021][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 25.292723][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.301290][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.310417][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.318997][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.329915][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.338692][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.371133][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.388520][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.398978][ T327] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 25.409719][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.429273][ T319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.540351][ T24] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 25.553873][ T24] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 25.609129][ T286] ------------[ cut here ]------------ [ 25.614911][ T286] WARNING: CPU: 1 PID: 286 at fs/inode.c:335 drop_nlink+0xc5/0x110 [ 25.622941][ T286] Modules linked in: [ 25.626942][ T286] CPU: 1 PID: 286 Comm: syz-executor Not tainted syzkaller #0 [ 25.634452][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 25.644590][ T286] RIP: 0010:drop_nlink+0xc5/0x110 [ 25.649641][ T286] Code: 1b 48 8d bb b8 04 00 00 be 08 00 00 00 e8 d3 ab f0 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 fb 0e ab ff <0f> 0b eb 86 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5e ff ff ff 4c [ 25.669375][ T286] RSP: 0018:ffffc9000cf5fc38 EFLAGS: 00010293 [ 25.675522][ T286] RAX: ffffffff81c66755 RBX: ffff888131d71730 RCX: ffff88810b5c8000 [ 25.683513][ T286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 25.691626][ T286] RBP: ffffc9000cf5fc60 R08: 0000000000000003 R09: 0000000000000004 [ 25.699803][ T286] R10: dffffc0000000000 R11: fffff520019ebf78 R12: dffffc0000000000 [ 25.701767][ T347] loop4: detected capacity change from 0 to 16 [ 25.707885][ T286] R13: 1ffff110263ae2ef R14: ffff888131d71778 R15: 0000000000000000 [ 25.707903][ T286] FS: 0000555589d00500(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 25.707920][ T286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.707932][ T286] CR2: 00007ffd74014c9c CR3: 000000012dea9000 CR4: 00000000003526a0 [ 25.707948][ T286] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.753708][ T286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.761797][ T286] Call Trace: [ 25.763504][ T347] erofs: (device loop4): erofs_fc_fill_super: rootino(nid 36) is not a directory(i_mode 143700) [ 25.765130][ T286] [ 25.765140][ T286] shmem_rmdir+0x5b/0x90 [ 25.765170][ T286] vfs_rmdir+0x393/0x500 [ 25.787240][ T286] incfs_kill_sb+0x105/0x220 [ 25.791879][ T286] deactivate_locked_super+0xb5/0x120 [ 25.797333][ T286] deactivate_super+0xaf/0xe0 [ 25.802041][ T286] cleanup_mnt+0x474/0x500 [ 25.806524][ T286] __cleanup_mnt+0x19/0x20 [ 25.810972][ T286] task_work_run+0x1e1/0x250 [ 25.815647][ T286] ? __cfi_task_work_run+0x10/0x10 [ 25.820788][ T286] ? __x64_sys_umount+0x12d/0x170 [ 25.825946][ T286] ? __cfi___x64_sys_umount+0x10/0x10 [ 25.831360][ T286] exit_to_user_mode_loop+0x9b/0xb0 [ 25.836656][ T286] exit_to_user_mode_prepare+0x87/0xd0 [ 25.842150][ T286] syscall_exit_to_user_mode+0x1a/0x30 [ 25.847687][ T286] do_syscall_64+0x58/0xa0 [ 25.852127][ T286] ? clear_bhb_loop+0x30/0x80 [ 25.856944][ T286] ? clear_bhb_loop+0x30/0x80 [ 25.861672][ T286] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 25.867662][ T286] RIP: 0033:0x7fb5dc99e017 [ 25.872105][ T286] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 25.891848][ T286] RSP: 002b:00007ffec7f17468 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 25.900751][ T286] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fb5dc99e017 [ 25.908786][ T286] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffec7f17520 [ 25.916813][ T286] RBP: 00007ffec7f17520 R08: 00007ffec7f18520 R09: 00000000ffffffff [ 25.924839][ T286] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffec7f185b0 [ 25.932823][ T286] R13: 00007fb5dca32120 R14: 00000000000063ce R15: 00007ffec7f185f0 [ 25.940932][ T286] [ 25.944041][ T286] ---[ end trace 0000000000000000 ]--- [ 25.996162][ T344] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 26.030821][ T354] loop4: detected capacity change from 0 to 256 [ 26.037419][ T344] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 26.060887][ T344] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 26.123757][ T344] Buffer I/O error on dev loop4, logical block 0, async page read [ 26.135523][ T356] loop2: detected capacity change from 0 to 8192 [ 26.143536][ T354] FAT-fs (loop4): Directory bread(block 64) failed [ 26.151318][ T356] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 26.162638][ T354] FAT-fs (loop4): Directory bread(block 65) failed [ 26.168168][ T358] loop3: detected capacity change from 0 to 512 [ 26.194333][ T358] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 26.209358][ T358] EXT4-fs (loop3): invalid journal inode [ 26.220267][ T358] EXT4-fs (loop3): can't get journal size [ 26.226264][ T354] FAT-fs (loop4): Directory bread(block 66) failed [ 26.244451][ T354] FAT-fs (loop4): Directory bread(block 67) failed [ 26.277717][ T354] FAT-fs (loop4): Directory bread(block 68) failed [ 26.293953][ T354] FAT-fs (loop4): Directory bread(block 69) failed [ 26.300534][ T354] FAT-fs (loop4): Directory bread(block 70) failed [ 26.322124][ T358] EXT4-fs (loop3): 1 truncate cleaned up [ 26.323914][ T354] FAT-fs (loop4): Directory bread(block 71) failed [ 26.347849][ T354] FAT-fs (loop4): Directory bread(block 72) failed [ 26.354554][ T286] ================================================================== [ 26.363047][ T286] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60 [ 26.369347][ T286] Write of size 4 at addr 0000000000000170 by task syz-executor/286 [ 26.377354][ T286] [ 26.379708][ T286] CPU: 0 PID: 286 Comm: syz-executor Tainted: G W syzkaller #0 [ 26.388680][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 26.398765][ T286] Call Trace: [ 26.402066][ T286] [ 26.405037][ T286] __dump_stack+0x21/0x24 [ 26.409412][ T286] dump_stack_lvl+0x110/0x170 [ 26.414123][ T286] ? __cfi_dump_stack_lvl+0x8/0x8 [ 26.419188][ T286] ? __cfi_call_rcu+0x10/0x10 [ 26.423888][ T286] ? ihold+0x20/0x60 [ 26.427802][ T286] ? ihold+0x20/0x60 [ 26.431713][ T286] print_report+0x3d/0x60 [ 26.436067][ T286] kasan_report+0x122/0x150 [ 26.440610][ T286] ? ihold+0x20/0x60 [ 26.444533][ T286] kasan_check_range+0x249/0x2a0 [ 26.449503][ T286] __kasan_check_write+0x14/0x20 [ 26.454474][ T286] ihold+0x20/0x60 [ 26.458215][ T286] vfs_rmdir+0x25f/0x500 [ 26.462480][ T286] incfs_kill_sb+0x105/0x220 [ 26.464367][ T358] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 26.467107][ T286] deactivate_locked_super+0xb5/0x120 [ 26.480906][ T286] deactivate_super+0xaf/0xe0 [ 26.485622][ T286] cleanup_mnt+0x474/0x500 [ 26.490068][ T286] __cleanup_mnt+0x19/0x20 [ 26.494510][ T286] task_work_run+0x1e1/0x250 [ 26.499150][ T286] ? __cfi_task_work_run+0x10/0x10 [ 26.504291][ T286] ? __x64_sys_umount+0x12d/0x170 [ 26.509348][ T286] ? __cfi___x64_sys_umount+0x10/0x10 [ 26.514743][ T286] exit_to_user_mode_loop+0x9b/0xb0 [ 26.519966][ T286] exit_to_user_mode_prepare+0x87/0xd0 [ 26.525453][ T286] syscall_exit_to_user_mode+0x1a/0x30 [ 26.530943][ T286] do_syscall_64+0x58/0xa0 [ 26.535386][ T286] ? clear_bhb_loop+0x30/0x80 [ 26.540101][ T286] ? clear_bhb_loop+0x30/0x80 [ 26.544810][ T286] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 26.550731][ T286] RIP: 0033:0x7fb5dc99e017 [ 26.555200][ T286] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 26.574831][ T286] RSP: 002b:00007ffec7f17468 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 26.583269][ T286] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fb5dc99e017 [ 26.591264][ T286] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffec7f17520 [ 26.599274][ T286] RBP: 00007ffec7f17520 R08: 00007ffec7f18520 R09: 00000000ffffffff [ 26.607281][ T286] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffec7f185b0 [ 26.615289][ T286] R13: 00007fb5dca32120 R14: 00000000000063ce R15: 00007ffec7f185f0 [ 26.623287][ T286] [ 26.626357][ T286] ================================================================== [ 26.639244][ T354] FAT-fs (loop4): Directory bread(block 73) failed [ 26.649218][ T286] Disabling lock debugging due to kernel taint [ 26.656846][ T286] BUG: kernel NULL pointer dereference, address: 0000000000000170 [ 26.664699][ T286] #PF: supervisor write access in kernel mode [ 26.670778][ T286] #PF: error_code(0x0002) - not-present page [ 26.676780][ T286] PGD 131e6b067 P4D 131e6b067 PUD 0 [ 26.682104][ T286] Oops: 0002 [#1] PREEMPT SMP KASAN [ 26.687327][ T286] CPU: 0 PID: 286 Comm: syz-executor Tainted: G B W syzkaller #0 [ 26.696280][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 26.706352][ T286] RIP: 0010:ihold+0x26/0x60 [ 26.710885][ T286] Code: 33 36 7c df 55 48 89 e5 41 56 53 48 89 fb e8 61 06 ab ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 10 a3 f0 ff 41 be 01 00 00 00 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 51 [ 26.730507][ T286] RSP: 0018:ffffc9000cf5fc78 EFLAGS: 00010246 [ 26.736593][ T286] RAX: ffff88810b5c8000 RBX: 0000000000000000 RCX: ffff88810b5c8000 [ 26.744577][ T286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 26.752570][ T286] RBP: ffffc9000cf5fc88 R08: ffffffff87b757e7 R09: 1ffffffff0f6eafc [ 26.760576][ T286] R10: dffffc0000000000 R11: fffffbfff0f6eafd R12: ffff888131d7173c [ 26.768590][ T286] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000 [ 26.776578][ T286] FS: 0000555589d00500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 26.785525][ T286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.792157][ T286] CR2: 0000000000000170 CR3: 000000012dea9000 CR4: 00000000003506b0 [ 26.800162][ T286] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.808157][ T286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.816161][ T286] Call Trace: [ 26.819482][ T286] [ 26.822438][ T286] vfs_rmdir+0x25f/0x500 [ 26.826716][ T286] incfs_kill_sb+0x105/0x220 [ 26.831336][ T286] deactivate_locked_super+0xb5/0x120 [ 26.836741][ T286] deactivate_super+0xaf/0xe0 [ 26.841442][ T286] cleanup_mnt+0x474/0x500 [ 26.845905][ T286] __cleanup_mnt+0x19/0x20 [ 26.850339][ T286] task_work_run+0x1e1/0x250 [ 26.854962][ T286] ? __cfi_task_work_run+0x10/0x10 [ 26.860109][ T286] ? __x64_sys_umount+0x12d/0x170 [ 26.865398][ T286] ? __cfi___x64_sys_umount+0x10/0x10 [ 26.870810][ T286] exit_to_user_mode_loop+0x9b/0xb0 [ 26.876039][ T286] exit_to_user_mode_prepare+0x87/0xd0 [ 26.881539][ T286] syscall_exit_to_user_mode+0x1a/0x30 [ 26.887039][ T286] do_syscall_64+0x58/0xa0 [ 26.891491][ T286] ? clear_bhb_loop+0x30/0x80 [ 26.896234][ T286] ? clear_bhb_loop+0x30/0x80 [ 26.900948][ T286] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 26.906908][ T286] RIP: 0033:0x7fb5dc99e017 [ 26.911354][ T286] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 26.930988][ T286] RSP: 002b:00007ffec7f17468 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 26.939449][ T286] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fb5dc99e017 [ 26.947551][ T286] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffec7f17520 [ 26.955533][ T286] RBP: 00007ffec7f17520 R08: 00007ffec7f18520 R09: 00000000ffffffff [ 26.963535][ T286] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffec7f185b0 [ 26.971540][ T286] R13: 00007fb5dca32120 R14: 00000000000063ce R15: 00007ffec7f185f0 [ 26.979548][ T286] [ 26.982606][ T286] Modules linked in: [ 26.986545][ T286] CR2: 0000000000000170 [ 26.990726][ T286] ---[ end trace 0000000000000000 ]--- [ 26.996199][ T286] RIP: 0010:ihold+0x26/0x60 [ 27.000727][ T286] Code: 33 36 7c df 55 48 89 e5 41 56 53 48 89 fb e8 61 06 ab ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 10 a3 f0 ff 41 be 01 00 00 00 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 51 [ 27.020364][ T286] RSP: 0018:ffffc9000cf5fc78 EFLAGS: 00010246 [ 27.026468][ T286] RAX: ffff88810b5c8000 RBX: 0000000000000000 RCX: ffff88810b5c8000 [ 27.034467][ T286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 27.042600][ T286] RBP: ffffc9000cf5fc88 R08: ffffffff87b757e7 R09: 1ffffffff0f6eafc [ 27.050629][ T286] R10: dffffc0000000000 R11: fffffbfff0f6eafd R12: ffff888131d7173c [ 27.058638][ T286] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000 [ 27.066830][ T286] FS: 0000555589d00500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 27.075781][ T286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.082393][ T286] CR2: 0000000000000170 CR3: 000000012dea9000 CR4: 00000000003506b0 [ 27.090396][ T286] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.098514][ T286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.106515][ T286] Kernel panic - not syncing: Fatal exception [ 27.113144][ T286] Kernel Offset: disabled [ 27.117470][ T286] Rebooting in 86400 seconds..