last executing test programs: 422.527997ms ago: executing program 3 (id=7145): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) pwritev(r4, &(0x7f0000000600)=[{&(0x7f0000000900)="01", 0x1}], 0x1, 0x0, 0x0) 388.65471ms ago: executing program 3 (id=7150): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, 0xffffffffffffffff, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) pselect6(0x40, &(0x7f0000000040)={0x7fff, 0x8000000000000000, 0x5, 0xfe00000000, 0xe2ac, 0x1, 0xff, 0x7}, &(0x7f00000000c0)={0x3ff, 0x6, 0x8000000000000001, 0xff, 0x9, 0xcdf3c98, 0xf, 0x5}, &(0x7f0000000100)={0x9, 0x0, 0xbea, 0x7fffffff, 0x81, 0xe47, 0x9, 0x3}, 0x0, &(0x7f0000000380)={&(0x7f00000002c0), 0x8}) 353.252314ms ago: executing program 0 (id=7154): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, 0x0, 0x0, 0x0) write(r0, 0x0, 0x0) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) pwritev(r3, &(0x7f0000000600)=[{&(0x7f0000000900)="01", 0x1}], 0x1, 0x0, 0x0) 328.528396ms ago: executing program 3 (id=7155): io_getevents(0x0, 0x8000, 0x5, &(0x7f0000001200)=[{}, {}, {}, {}, {}], &(0x7f00000000c0)) 303.815649ms ago: executing program 3 (id=7158): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r3 = dup(r2) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, 0x0, &(0x7f0000000140)) (fail_nth: 1) 303.503299ms ago: executing program 0 (id=7159): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) pwritev(r4, &(0x7f0000000600)=[{&(0x7f0000000900)="01", 0x1}], 0x1, 0x0, 0x0) 298.621069ms ago: executing program 1 (id=7161): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) pwritev(r4, &(0x7f0000000600)=[{&(0x7f0000000900)="01", 0x1}], 0x1, 0x0, 0x0) 270.441132ms ago: executing program 1 (id=7162): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0xa7a4d000) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) mkdir(&(0x7f0000000040)='./file0\x00', 0x6c) mount$incfs(&(0x7f0000000580)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x8c) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r3, @ANYRES64=r2], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r3, 0x0) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f00000000c0)="ca00d136360f3a0f51916b196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c120208f29a8017b08", 0xdc000006, 0x0, {[0x1]}}, 0x0, 0x8, &(0x7f0000000300)) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r5, @ANYRES64=r4], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r5, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) syz_clone3(&(0x7f0000000380)={0x304000800, 0x0, 0x0, 0x0, {0x1c}, 0x0, 0x0, 0x0, 0x0}, 0xffffff6a) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x80) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r7, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000044) eventfd2(0x3, 0x1) 270.266932ms ago: executing program 0 (id=7163): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) pselect6(0x40, &(0x7f0000000040)={0x7fff, 0x8000000000000000, 0x5, 0xfe00000000, 0xe2ac, 0x1, 0xff, 0x7}, &(0x7f00000000c0)={0x3ff, 0x6, 0x8000000000000001, 0xff, 0x9, 0xcdf3c98, 0xf, 0x5}, &(0x7f0000000100)={0x9, 0x0, 0xbea, 0x7fffffff, 0x81, 0xe47, 0x9, 0x3}, 0x0, &(0x7f0000000380)={&(0x7f00000002c0), 0x8}) 244.206025ms ago: executing program 3 (id=7165): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) socket(0xa, 0x3, 0x87) 243.821985ms ago: executing program 1 (id=7166): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r2, 0x10c000) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') pread64(r3, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000300) 243.481885ms ago: executing program 2 (id=7167): io_getevents(0x0, 0x8000, 0x5, &(0x7f0000001200)=[{}, {}, {}, {}, {}], &(0x7f00000000c0)) 222.933387ms ago: executing program 1 (id=7168): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, 0x0, 0x0, 0x0) write(r0, 0x0, 0x0) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) pwritev(r3, &(0x7f0000000600)=[{&(0x7f0000000900)="01", 0x1}], 0x1, 0x0, 0x0) 177.351282ms ago: executing program 2 (id=7169): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00), 0x0, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) pwritev(0xffffffffffffffff, &(0x7f0000000600)=[{&(0x7f0000000900)="01", 0x1}], 0x1, 0x0, 0x0) 177.020912ms ago: executing program 2 (id=7170): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) pwritev(r4, &(0x7f0000000600)=[{&(0x7f0000000900)="01", 0x1}], 0x1, 0x0, 0x0) 176.809122ms ago: executing program 0 (id=7171): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0) ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000000000)=0x2) 170.877402ms ago: executing program 0 (id=7172): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x80, 0x0, 0x0) io_getevents(0x0, 0x8000, 0x5, &(0x7f0000001200)=[{}, {}, {}, {}, {}], &(0x7f00000000c0)) 158.314044ms ago: executing program 0 (id=7173): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x83, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, &(0x7f0000000240)="3e0f0666b9800000c00f326635002000000f303ef6c9c42e0f01cf26670f01c3baf80c66b8e47a8a8866efbafc0c66edd9834100660fc732ba200066edd24e0e", 0x40}], 0x1, 0x72, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeed, 0x8031, 0xffffffffffffffff, 0xf6d0d000) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$UHID_CREATE2(r6, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r6, @ANYRES64=r5], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r6, 0x0) r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r7) ptrace$peek(0x2, r7, &(0x7f0000000180)) ptrace$poke(0x5, r7, &(0x7f0000000080), 0x0) syz_open_procfs(r7, &(0x7f0000000100)='net/hci\x00') ioctl$KVM_X86_SETUP_MCE(r6, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) 44.070815ms ago: executing program 2 (id=7174): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="2c0000001600010a00000000fbdbdf25070000001800ca80140006"], 0x2c}}, 0x40) 43.708335ms ago: executing program 1 (id=7175): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) (async) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_merged\x00', 0x275a, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_merged\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16=r0, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), r1) (async) r4 = syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), r1) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r3, &(0x7f0000000580)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000540)={&(0x7f00000005c0)=ANY=[@ANYBLOB="94010000", @ANYRES16=r4, @ANYBLOB="00012abd7000fbdbdf251c0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00010000000800010070636900c0ff0200303030303a30303a31302e300000000008000b00ce0800000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0007000000080001007063690011000200303030303a30303a31302e300000000008000b00ff0000000e0001006e657464657673696d0000000f0002006e657464657673e66d30000008000b00080000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00000001000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00290800000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0007000000080001007063690011000200303030303a30303a31302e300000000008000b0008000000080001007063690011000200303030303a30303a31302e300000000008000b000b000000cee1eb13edd6c33c9381c0eeee464e0af82d"], 0x194}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000001) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) (async) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r6, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=0xffffffffffffffff, @ANYRES8=r6, @ANYRES64=r5], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r6, 0x0) ioctl$KVM_X86_SETUP_MCE(r6, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') (async) chdir(&(0x7f00000001c0)='./bus\x00') openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', &(0x7f0000000100)={0x2040, 0x0, 0xe}, 0x18) (async) openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', &(0x7f0000000100)={0x2040, 0x0, 0xe}, 0x18) socket$inet6_tcp(0xa, 0x1, 0x0) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r7], 0x118) (async) write$UHID_CREATE2(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r7], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r8, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') (async) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') 43.431975ms ago: executing program 2 (id=7176): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x10c000) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') pread64(r1, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000300) 2.240419ms ago: executing program 1 (id=7177): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00), 0x0, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40040) r3 = getpid() r4 = syz_pidfd_open(r3, 0x0) r5 = pidfd_getfd(r4, r4, 0x0) fchown(r5, 0x0, 0x0) 1.7285ms ago: executing program 3 (id=7178): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) pwritev(r4, &(0x7f0000000600)=[{&(0x7f0000000900)="01", 0x1}], 0x1, 0x0, 0x0) 0s ago: executing program 2 (id=7179): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00), 0x0, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) pwritev(0xffffffffffffffff, &(0x7f0000000600)=[{&(0x7f0000000900)="01", 0x1}], 0x1, 0x0, 0x0) kernel console output (not intermixed with test programs): vm_ioctl+0x516/0xb80 [ 453.140642][ T7051] ? __cfi_kvm_vm_ioctl+0x10/0x10 [ 453.140664][ T7051] ? ioctl_has_perm+0x1aa/0x4d0 [ 453.140685][ T7051] ? __asan_memcpy+0x5a/0x80 [ 453.140702][ T7051] ? ioctl_has_perm+0x3e0/0x4d0 [ 453.140722][ T7051] ? has_cap_mac_admin+0xd0/0xd0 [ 453.140744][ T7051] ? proc_fail_nth_write+0x17e/0x210 [ 453.140767][ T7051] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 453.140790][ T7051] ? selinux_file_ioctl+0x6e0/0x1360 [ 453.140811][ T7051] ? vfs_write+0x93e/0xf30 [ 453.140827][ T7051] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 453.140847][ T7051] ? __cfi_vfs_write+0x10/0x10 [ 453.140863][ T7051] ? __kasan_check_write+0x18/0x20 [ 453.140888][ T7051] ? mutex_unlock+0x8b/0x240 [ 453.140905][ T7051] ? __cfi_mutex_unlock+0x10/0x10 [ 453.140921][ T7051] ? __fget_files+0x2c5/0x340 [ 453.140941][ T7051] ? __fget_files+0x2c5/0x340 [ 453.140960][ T7051] ? bpf_lsm_file_ioctl+0xd/0x20 [ 453.140983][ T7051] ? security_file_ioctl+0x34/0xd0 [ 453.141003][ T7051] ? __cfi_kvm_vm_ioctl+0x10/0x10 [ 453.141025][ T7051] __se_sys_ioctl+0x135/0x1b0 [ 453.141045][ T7051] __x64_sys_ioctl+0x7f/0xa0 [ 453.141063][ T7051] x64_sys_call+0x1878/0x2ee0 [ 453.141087][ T7051] do_syscall_64+0x58/0xf0 [ 453.141109][ T7051] ? clear_bhb_loop+0x50/0xa0 [ 453.141128][ T7051] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 453.141147][ T7051] RIP: 0033:0x7f5e7058f6c9 [ 453.141162][ T7051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 453.141178][ T7051] RSP: 002b:00007f5e714ed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 453.141199][ T7051] RAX: ffffffffffffffda RBX: 00007f5e707e5fa0 RCX: 00007f5e7058f6c9 [ 453.141213][ T7051] RDX: 0000200000000040 RSI: 000000004010ae42 RDI: 0000000000000006 [ 453.141226][ T7051] RBP: 00007f5e714ed090 R08: 0000000000000000 R09: 0000000000000000 [ 453.141238][ T7051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 453.141250][ T7051] R13: 00007f5e707e6038 R14: 00007f5e707e5fa0 R15: 00007ffd1c400148 [ 453.141266][ T7051] [ 453.867415][ T7071] overlayfs: conflicting lowerdir path [ 454.352375][ T7081] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 454.515154][ T7098] overlayfs: failed to resolve './file1': -2 [ 454.563330][ T7083] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3293'. [ 454.657370][ T7130] overlayfs: conflicting lowerdir path [ 454.736605][ T7153] FAULT_INJECTION: forcing a failure. [ 454.736605][ T7153] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 454.749813][ T7153] CPU: 0 UID: 0 PID: 7153 Comm: syz.3.3325 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 454.749844][ T7153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 454.749855][ T7153] Call Trace: [ 454.749861][ T7153] [ 454.749868][ T7153] __dump_stack+0x21/0x30 [ 454.749897][ T7153] dump_stack_lvl+0x10c/0x190 [ 454.749919][ T7153] ? __cfi_dump_stack_lvl+0x10/0x10 [ 454.749942][ T7153] ? check_stack_object+0x12c/0x140 [ 454.749961][ T7153] dump_stack+0x19/0x20 [ 454.749982][ T7153] should_fail_ex+0x3d9/0x530 [ 454.750002][ T7153] should_fail+0xf/0x20 [ 454.750018][ T7153] should_fail_usercopy+0x1e/0x30 [ 454.750037][ T7153] _copy_to_user+0x24/0xa0 [ 454.750059][ T7153] simple_read_from_buffer+0xed/0x160 [ 454.750082][ T7153] proc_fail_nth_read+0x19e/0x210 [ 454.750105][ T7153] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 454.750127][ T7153] ? bpf_lsm_file_permission+0xd/0x20 [ 454.750151][ T7153] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 454.750179][ T7153] vfs_read+0x27d/0xc70 [ 454.750192][ T7153] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 454.750213][ T7153] ? __cfi_vfs_read+0x10/0x10 [ 454.750227][ T7153] ? __kasan_check_write+0x18/0x20 [ 454.750250][ T7153] ? mutex_lock+0x92/0x1c0 [ 454.750265][ T7153] ? __cfi_mutex_lock+0x10/0x10 [ 454.750283][ T7153] ? __fget_files+0x2c5/0x340 [ 454.750302][ T7153] ksys_read+0x141/0x250 [ 454.750317][ T7153] ? __cfi_ksys_read+0x10/0x10 [ 454.750333][ T7153] ? __kasan_check_read+0x15/0x20 [ 454.750358][ T7153] __x64_sys_read+0x7f/0x90 [ 454.750374][ T7153] x64_sys_call+0x2638/0x2ee0 [ 454.750397][ T7153] do_syscall_64+0x58/0xf0 [ 454.750420][ T7153] ? clear_bhb_loop+0x50/0xa0 [ 454.750439][ T7153] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 454.750458][ T7153] RIP: 0033:0x7f67b238e0dc [ 454.750474][ T7153] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 454.750490][ T7153] RSP: 002b:00007f67b3164030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 454.750511][ T7153] RAX: ffffffffffffffda RBX: 00007f67b25e5fa0 RCX: 00007f67b238e0dc [ 454.750525][ T7153] RDX: 000000000000000f RSI: 00007f67b31640a0 RDI: 0000000000000006 [ 454.750538][ T7153] RBP: 00007f67b3164090 R08: 0000000000000000 R09: 0000000000000000 [ 454.750551][ T7153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 454.750563][ T7153] R13: 00007f67b25e6038 R14: 00007f67b25e5fa0 R15: 00007ffd7bca5de8 [ 454.750579][ T7153] [ 454.777018][ T7161] overlayfs: conflicting lowerdir path [ 455.018233][ T36] audit: type=1400 audit(1763091829.520:209): avc: denied { mount } for pid=7198 comm="syz.0.3348" name="/" dev="overlay" ino=1716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 455.020052][ T7201] FAULT_INJECTION: forcing a failure. [ 455.020052][ T7201] name failslab, interval 1, probability 0, space 0, times 0 [ 455.048872][ T36] audit: type=1400 audit(1763091829.550:210): avc: denied { unmount } for pid=5078 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 455.053481][ T7201] CPU: 0 UID: 0 PID: 7201 Comm: syz.1.3349 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 455.053511][ T7201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 455.053522][ T7201] Call Trace: [ 455.053528][ T7201] [ 455.053535][ T7201] __dump_stack+0x21/0x30 [ 455.053564][ T7201] dump_stack_lvl+0x10c/0x190 [ 455.053586][ T7201] ? __cfi_dump_stack_lvl+0x10/0x10 [ 455.053608][ T7201] ? __kasan_check_write+0x18/0x20 [ 455.053633][ T7201] dump_stack+0x19/0x20 [ 455.053653][ T7201] should_fail_ex+0x3d9/0x530 [ 455.053672][ T7201] should_failslab+0xac/0x100 [ 455.053691][ T7201] kmem_cache_alloc_noprof+0x42/0x430 [ 455.053708][ T7201] ? getname_flags+0xc6/0x710 [ 455.053725][ T7201] ? __cfi_ksys_write+0x10/0x10 [ 455.053740][ T7201] getname_flags+0xc6/0x710 [ 455.053757][ T7201] __x64_sys_link+0x61/0xa0 [ 455.053779][ T7201] x64_sys_call+0x1cf5/0x2ee0 [ 455.053803][ T7201] do_syscall_64+0x58/0xf0 [ 455.053824][ T7201] ? clear_bhb_loop+0x50/0xa0 [ 455.053843][ T7201] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 455.053860][ T7201] RIP: 0033:0x7f5e7058f6c9 [ 455.053875][ T7201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 455.053890][ T7201] RSP: 002b:00007f5e714ed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000056 [ 455.053909][ T7201] RAX: ffffffffffffffda RBX: 00007f5e707e5fa0 RCX: 00007f5e7058f6c9 [ 455.053923][ T7201] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000200000000940 [ 455.053935][ T7201] RBP: 00007f5e714ed090 R08: 0000000000000000 R09: 0000000000000000 [ 455.053946][ T7201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 455.053957][ T7201] R13: 00007f5e707e6038 R14: 00007f5e707e5fa0 R15: 00007ffd1c400148 [ 455.053972][ T7201] [ 455.275073][ T7205] 9pnet_fd: Insufficient options for proto=fd [ 455.324281][ T7220] overlayfs: failed to resolve './file0': -2 [ 455.443315][ T7247] overlayfs: failed to resolve './file1': -2 [ 455.660334][ T66] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 455.831395][ T66] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 455.852523][ T66] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 455.872452][ T66] usb 1-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 455.891357][ T66] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 455.909153][ T66] usb 1-1: config 0 descriptor?? [ 456.226859][ T7284] FAULT_INJECTION: forcing a failure. [ 456.226859][ T7284] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 456.240135][ T7284] CPU: 0 UID: 0 PID: 7284 Comm: syz.1.3389 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 456.240167][ T7284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 456.240179][ T7284] Call Trace: [ 456.240186][ T7284] [ 456.240193][ T7284] __dump_stack+0x21/0x30 [ 456.240223][ T7284] dump_stack_lvl+0x10c/0x190 [ 456.240246][ T7284] ? __cfi_dump_stack_lvl+0x10/0x10 [ 456.240269][ T7284] dump_stack+0x19/0x20 [ 456.240295][ T7284] should_fail_ex+0x3d9/0x530 [ 456.240314][ T7284] should_fail+0xf/0x20 [ 456.240330][ T7284] should_fail_usercopy+0x1e/0x30 [ 456.240350][ T7284] _copy_from_user+0x22/0xb0 [ 456.240371][ T7284] vhost_dev_ioctl+0x1cd/0x1060 [ 456.240401][ T7284] ? __cfi_vhost_dev_ioctl+0x10/0x10 [ 456.240425][ T7284] ? mutex_lock+0x92/0x1c0 [ 456.240442][ T7284] ? __cfi_mutex_lock+0x10/0x10 [ 456.240459][ T7284] ? __cfi_vfs_write+0x10/0x10 [ 456.240477][ T7284] vhost_vsock_dev_ioctl+0x21e/0xdb0 [ 456.240500][ T7284] ? __cfi_vhost_vsock_dev_ioctl+0x10/0x10 [ 456.240522][ T7284] ? __fget_files+0x2c5/0x340 [ 456.240542][ T7284] ? bpf_lsm_file_ioctl+0xd/0x20 [ 456.240566][ T7284] ? security_file_ioctl+0x34/0xd0 [ 456.240586][ T7284] ? __cfi_vhost_vsock_dev_ioctl+0x10/0x10 [ 456.240608][ T7284] __se_sys_ioctl+0x135/0x1b0 [ 456.240627][ T7284] __x64_sys_ioctl+0x7f/0xa0 [ 456.240646][ T7284] x64_sys_call+0x1878/0x2ee0 [ 456.240671][ T7284] do_syscall_64+0x58/0xf0 [ 456.240692][ T7284] ? clear_bhb_loop+0x50/0xa0 [ 456.240712][ T7284] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 456.240731][ T7284] RIP: 0033:0x7f5e7058f6c9 [ 456.240747][ T7284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 456.240799][ T7284] RSP: 002b:00007f5e714ed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 456.240819][ T7284] RAX: ffffffffffffffda RBX: 00007f5e707e5fa0 RCX: 00007f5e7058f6c9 [ 456.240834][ T7284] RDX: 0000000000000000 RSI: 000000004008af04 RDI: 0000000000000005 [ 456.240846][ T7284] RBP: 00007f5e714ed090 R08: 0000000000000000 R09: 0000000000000000 [ 456.240858][ T7284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 456.240870][ T7284] R13: 00007f5e707e6038 R14: 00007f5e707e5fa0 R15: 00007ffd1c400148 [ 456.240886][ T7284] [ 456.526396][ T66] usbhid 1-1:0.0: can't add hid device: -71 [ 456.532454][ T66] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 456.547630][ T66] usb 1-1: USB disconnect, device number 10 [ 456.590351][ T330] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 456.741366][ T330] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 456.760335][ T330] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 456.770211][ T330] usb 4-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 456.790535][ T330] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 456.810650][ T330] usb 4-1: config 0 descriptor?? [ 457.160849][ T7306] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3399'. [ 457.477650][ T330] usbhid 4-1:0.0: can't add hid device: -71 [ 457.484493][ T330] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 457.500338][ T330] usb 4-1: USB disconnect, device number 11 [ 457.580196][ T7315] overlayfs: failed to resolve './file1': -2 [ 458.932227][ T7350] netlink: 'syz.0.3420': attribute type 4 has an invalid length. [ 458.943988][ T7350] netlink: 17 bytes leftover after parsing attributes in process `syz.0.3420'. [ 459.814872][ T7376] overlayfs: conflicting lowerdir path [ 460.369225][ T7388] overlayfs: failed to resolve './file1': -2 [ 460.791958][ T36] audit: type=1400 audit(1763091835.300:211): avc: denied { create } for pid=7395 comm="syz.0.3442" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 462.151643][ T7456] overlayfs: failed to resolve './file1': -2 [ 462.660351][ T66] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 462.811368][ T66] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 462.822788][ T66] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 462.833559][ T66] usb 1-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 462.843011][ T66] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.862705][ T66] usb 1-1: config 0 descriptor?? [ 463.049409][ T7538] overlayfs: conflicting lowerdir path [ 463.100696][ T7544] overlayfs: failed to resolve './file1': -2 [ 463.134706][ T7548] overlayfs: failed to resolve './file1': -2 [ 463.396241][ T7568] overlayfs: conflicting lowerdir path [ 463.476011][ T66] usbhid 1-1:0.0: can't add hid device: -71 [ 463.490369][ T66] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 463.501415][ T66] usb 1-1: USB disconnect, device number 11 [ 463.667552][ T36] audit: type=1400 audit(1763091838.170:212): avc: denied { ioctl } for pid=7579 comm="syz.2.3535" path="/dev/input/event0" dev="devtmpfs" ino=192 ioctlcmd=0x4519 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 464.672797][ T7660] netlink: 'syz.2.3574': attribute type 4 has an invalid length. [ 464.689372][ T7660] netlink: 17 bytes leftover after parsing attributes in process `syz.2.3574'. [ 464.714349][ T36] audit: type=1400 audit(1763091839.220:213): avc: denied { read write } for pid=7661 comm="syz.0.3575" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 464.749829][ T36] audit: type=1400 audit(1763091839.220:214): avc: denied { open } for pid=7661 comm="syz.0.3575" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 464.906791][ T7680] netlink: 'syz.1.3585': attribute type 4 has an invalid length. [ 464.920312][ T7680] netlink: 17 bytes leftover after parsing attributes in process `syz.1.3585'. [ 465.119526][ T7710] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3599'. [ 465.156960][ T7735] FAULT_INJECTION: forcing a failure. [ 465.156960][ T7735] name failslab, interval 1, probability 0, space 0, times 0 [ 465.169686][ T7735] CPU: 0 UID: 0 PID: 7735 Comm: syz.3.3611 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 465.169717][ T7735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 465.169728][ T7735] Call Trace: [ 465.169734][ T7735] [ 465.169741][ T7735] __dump_stack+0x21/0x30 [ 465.169768][ T7735] dump_stack_lvl+0x10c/0x190 [ 465.169789][ T7735] ? __cfi_dump_stack_lvl+0x10/0x10 [ 465.169812][ T7735] dump_stack+0x19/0x20 [ 465.169832][ T7735] should_fail_ex+0x3d9/0x530 [ 465.169850][ T7735] ? bitmap_alloc+0x37/0xd0 [ 465.169865][ T7735] should_failslab+0xac/0x100 [ 465.169884][ T7735] __kmalloc_noprof+0x69/0x530 [ 465.169907][ T7735] ? bitmap_alloc+0x37/0xd0 [ 465.169922][ T7735] ? _parse_integer+0x2e/0x40 [ 465.169947][ T7735] bitmap_alloc+0x37/0xd0 [ 465.169963][ T7735] evdev_handle_get_val+0x3f/0x9e0 [ 465.170180][ T7735] ? __cfi_mutex_lock_interruptible+0x10/0x10 [ 465.170199][ T7735] evdev_ioctl_handler+0x1209/0x1e50 [ 465.170225][ T7735] ? evdev_fasync+0x70/0x70 [ 465.170249][ T7735] ? selinux_file_ioctl+0x6e0/0x1360 [ 465.170269][ T7735] ? vfs_write+0x93e/0xf30 [ 465.170288][ T7735] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 465.170307][ T7735] ? __cfi_vfs_write+0x10/0x10 [ 465.170320][ T7735] ? __kasan_check_write+0x18/0x20 [ 465.170343][ T7735] ? mutex_unlock+0x8b/0x240 [ 465.170358][ T7735] ? __fget_files+0x2c5/0x340 [ 465.170375][ T7735] ? __fget_files+0x2c5/0x340 [ 465.170392][ T7735] evdev_ioctl+0x2b/0x40 [ 465.170414][ T7735] ? __cfi_evdev_ioctl+0x10/0x10 [ 465.170437][ T7735] __se_sys_ioctl+0x135/0x1b0 [ 465.170456][ T7735] __x64_sys_ioctl+0x7f/0xa0 [ 465.170474][ T7735] x64_sys_call+0x1878/0x2ee0 [ 465.170499][ T7735] do_syscall_64+0x58/0xf0 [ 465.170519][ T7735] ? clear_bhb_loop+0x50/0xa0 [ 465.170538][ T7735] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 465.170557][ T7735] RIP: 0033:0x7f67b238f6c9 [ 465.170572][ T7735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 465.170587][ T7735] RSP: 002b:00007f67b3164038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 465.170613][ T7735] RAX: ffffffffffffffda RBX: 00007f67b25e5fa0 RCX: 00007f67b238f6c9 [ 465.170626][ T7735] RDX: 0000000000000000 RSI: 0000000080404519 RDI: 0000000000000005 [ 465.170638][ T7735] RBP: 00007f67b3164090 R08: 0000000000000000 R09: 0000000000000000 [ 465.170650][ T7735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 465.170662][ T7735] R13: 00007f67b25e6038 R14: 00007f67b25e5fa0 R15: 00007ffd7bca5de8 [ 465.170678][ T7735] [ 465.198023][ T7743] overlayfs: conflicting lowerdir path [ 465.460230][ T7751] netlink: 'syz.0.3619': attribute type 4 has an invalid length. [ 465.468101][ T7751] netlink: 17 bytes leftover after parsing attributes in process `syz.0.3619'. [ 465.480341][ T66] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 465.631384][ T66] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 465.642364][ T66] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 465.660329][ T66] usb 2-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 465.679522][ T66] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 465.698400][ T66] usb 2-1: config 0 descriptor?? [ 466.260353][ T330] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 466.402289][ T66] usbhid 2-1:0.0: can't add hid device: -71 [ 466.408803][ T66] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 466.419876][ T66] usb 2-1: USB disconnect, device number 8 [ 466.421813][ T330] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 466.437026][ T330] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 466.447280][ T330] usb 1-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 466.456630][ T330] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 466.467490][ T330] usb 1-1: config 0 descriptor?? [ 466.828313][ T7799] netlink: 'syz.3.3644': attribute type 4 has an invalid length. [ 466.836175][ T7799] netlink: 17 bytes leftover after parsing attributes in process `syz.3.3644'. [ 466.875115][ T330] usbhid 1-1:0.0: can't add hid device: -71 [ 466.881307][ T330] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 466.890647][ T330] usb 1-1: USB disconnect, device number 12 [ 467.280358][ T66] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 467.431781][ T66] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 467.442749][ T66] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 467.452556][ T66] usb 2-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 467.461637][ T66] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 467.470400][ T66] usb 2-1: config 0 descriptor?? [ 467.841190][ T7863] netlink: 'syz.0.3671': attribute type 4 has an invalid length. [ 467.848996][ T7863] netlink: 17 bytes leftover after parsing attributes in process `syz.0.3671'. [ 467.873888][ T7867] overlayfs: failed to resolve './file1': -2 [ 468.135088][ T66] usbhid 2-1:0.0: can't add hid device: -71 [ 468.150369][ T66] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 468.165817][ T66] usb 2-1: USB disconnect, device number 9 [ 468.656124][ T7908] overlayfs: conflicting lowerdir path [ 468.770369][ T330] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 468.910471][ T330] usb 4-1: device descriptor read/64, error -71 [ 469.022782][ T7930] overlayfs: conflicting lowerdir path [ 469.150347][ T330] usb 4-1: device descriptor read/64, error -71 [ 469.410334][ T330] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 469.550326][ T330] usb 4-1: device descriptor read/64, error -71 [ 469.800342][ T330] usb 4-1: device descriptor read/64, error -71 [ 469.910425][ T330] usb usb4-port1: attempt power cycle [ 470.260374][ T330] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 470.301484][ T330] usb 4-1: device descriptor read/8, error -71 [ 470.442610][ T330] usb 4-1: device descriptor read/8, error -71 [ 470.690357][ T330] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 470.720068][ T8030] overlayfs: conflicting lowerdir path [ 470.731318][ T330] usb 4-1: device descriptor read/8, error -71 [ 470.881332][ T330] usb 4-1: device descriptor read/8, error -71 [ 470.932641][ T8056] overlayfs: conflicting lowerdir path [ 470.990453][ T330] usb usb4-port1: unable to enumerate USB device [ 472.050361][ T66] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 472.190347][ T66] usb 3-1: device descriptor read/64, error -71 [ 472.200337][ T330] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 472.326927][ T8114] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3800'. [ 472.370328][ T330] usb 2-1: Using ep0 maxpacket: 8 [ 472.377276][ T330] usb 2-1: unable to get BOS descriptor or descriptor too short [ 472.391080][ T330] usb 2-1: config 8 interface 0 altsetting 7 endpoint 0x83 has invalid maxpacket 2560, setting to 1024 [ 472.406411][ T330] usb 2-1: config 8 interface 0 altsetting 7 bulk endpoint 0x83 has invalid maxpacket 1024 [ 472.416846][ T330] usb 2-1: config 8 interface 0 has no altsetting 0 [ 472.425141][ T330] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 472.430340][ T66] usb 3-1: device descriptor read/64, error -71 [ 472.434660][ T330] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.460324][ T330] usb 2-1: Product: syz [ 472.464525][ T330] usb 2-1: Manufacturer: syz [ 472.469249][ T330] usb 2-1: SerialNumber: syz [ 472.680373][ T66] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 472.694009][ T330] usb 2-1: selecting invalid altsetting 0 [ 472.722481][ T330] usb 2-1: USB disconnect, device number 10 [ 472.824656][ T66] usb 3-1: device descriptor read/64, error -71 [ 473.070564][ T66] usb 3-1: device descriptor read/64, error -71 [ 473.183383][ T66] usb usb3-port1: attempt power cycle [ 473.520442][ T66] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 473.541386][ T66] usb 3-1: device descriptor read/8, error -71 [ 473.671440][ T66] usb 3-1: device descriptor read/8, error -71 [ 473.910406][ T66] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 473.931547][ T66] usb 3-1: device descriptor read/8, error -71 [ 474.061446][ T66] usb 3-1: device descriptor read/8, error -71 [ 474.170524][ T66] usb usb3-port1: unable to enumerate USB device [ 477.480839][ T8149] overlayfs: conflicting lowerdir path [ 477.544740][ T8169] overlayfs: conflicting lowerdir path [ 478.367543][ T8181] overlayfs: failed to resolve './file1': -2 [ 480.882568][ T8345] overlayfs: conflicting lowerdir path [ 481.148446][ T8400] overlayfs: conflicting lowerdir path [ 481.173726][ T8403] overlayfs: failed to resolve './file1': -2 [ 481.360410][ T538] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 481.451152][ T8451] overlayfs: failed to resolve './file1': -2 [ 481.482662][ T8455] overlayfs: conflicting lowerdir path [ 481.511410][ T538] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 481.532298][ T538] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 481.545505][ T538] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 481.560883][ T538] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 481.579793][ T538] usb 3-1: config 0 descriptor?? [ 481.988011][ T538] usbhid 3-1:0.0: can't add hid device: -71 [ 481.995195][ T538] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 482.011919][ T538] usb 3-1: USB disconnect, device number 10 [ 482.410475][ T8581] overlayfs: failed to resolve './file1': -2 [ 482.829327][ T8597] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4042'. [ 483.340348][ T66] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 483.511411][ T66] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 483.525711][ T66] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 483.535795][ T66] usb 4-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 483.545078][ T66] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 483.556567][ T66] usb 4-1: config 0 descriptor?? [ 483.964051][ T66] usbhid 4-1:0.0: can't add hid device: -71 [ 483.970132][ T66] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 483.981437][ T66] usb 4-1: USB disconnect, device number 16 [ 484.027557][ T8632] overlayfs: conflicting lowerdir path [ 484.174100][ T8646] overlayfs: conflicting lowerdir path [ 484.750570][ T8672] overlayfs: conflicting lowerdir path [ 484.787980][ T8674] overlayfs: conflicting lowerdir path [ 486.919153][ T8802] overlayfs: conflicting lowerdir path [ 487.171881][ T8822] overlayfs: conflicting lowerdir path [ 487.462640][ T8872] overlayfs: failed to resolve './file1': -2 [ 487.670926][ T8876] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4180'. [ 487.780518][ T538] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 487.960333][ T538] usb 1-1: Using ep0 maxpacket: 8 [ 487.971653][ T538] usb 1-1: unable to get BOS descriptor or descriptor too short [ 487.980095][ T538] usb 1-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 488.000352][ T538] usb 1-1: config 8 has 0 interfaces, different from the descriptor's value: 1 [ 488.013412][ T538] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 488.022610][ T538] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 488.032108][ T538] usb 1-1: Product: syz [ 488.036734][ T538] usb 1-1: Manufacturer: syz [ 488.041583][ T538] usb 1-1: SerialNumber: syz [ 488.251253][ T538] usb 1-1: USB disconnect, device number 13 [ 488.715532][ T8937] overlayfs: failed to resolve './file1': -2 [ 488.818765][ T8933] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4205'. [ 489.042286][ T8970] overlayfs: conflicting lowerdir path [ 489.161910][ T8981] overlayfs: failed to resolve './file1': -2 [ 489.308182][ T8990] overlayfs: conflicting lowerdir path [ 490.500867][ T9034] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4260'. [ 491.133450][ T9113] overlayfs: conflicting lowerdir path [ 491.303328][ T9131] overlayfs: conflicting lowerdir path [ 491.657102][ T9157] overlayfs: conflicting lowerdir path [ 492.100342][ T66] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 492.270336][ T66] usb 1-1: Using ep0 maxpacket: 8 [ 492.281772][ T66] usb 1-1: unable to get BOS descriptor or descriptor too short [ 492.300342][ T66] usb 1-1: config 8 interface 0 altsetting 7 endpoint 0x83 has invalid maxpacket 2560, setting to 1024 [ 492.320331][ T66] usb 1-1: config 8 interface 0 altsetting 7 bulk endpoint 0x83 has invalid maxpacket 1024 [ 492.340497][ T66] usb 1-1: config 8 interface 0 has no altsetting 0 [ 492.351632][ T66] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 492.361036][ T66] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 492.369034][ T66] usb 1-1: Product: syz [ 492.390327][ T66] usb 1-1: Manufacturer: syz [ 492.394975][ T66] usb 1-1: SerialNumber: syz [ 492.616247][ T66] usb 1-1: selecting invalid altsetting 0 [ 492.628268][ T66] usb 1-1: USB disconnect, device number 14 [ 493.525443][ T9215] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4349'. [ 493.793123][ T9250] overlayfs: conflicting lowerdir path [ 493.938103][ T9248] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4364'. [ 495.219965][ T9321] overlayfs: failed to resolve './file1': -2 [ 495.440358][ T330] usb 1-1: new full-speed USB device number 15 using dummy_hcd [ 495.591031][ T330] usb 1-1: not running at top speed; connect to a high speed hub [ 495.611029][ T330] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 495.622220][ T330] usb 1-1: config 0 has no interfaces? [ 495.631947][ T330] usb 1-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40 [ 495.650325][ T330] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 495.670217][ T330] usb 1-1: Product: syz [ 495.674531][ T330] usb 1-1: Manufacturer: syz [ 495.679127][ T330] usb 1-1: SerialNumber: syz [ 495.695253][ T330] usb 1-1: config 0 descriptor?? [ 495.902676][ T330] usb 1-1: USB disconnect, device number 15 [ 496.773229][ T12] bridge_slave_1: left allmulticast mode [ 496.779012][ T12] bridge_slave_1: left promiscuous mode [ 496.789398][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 496.800160][ T36] audit: type=1400 audit(1763091871.310:215): avc: denied { mounton } for pid=9427 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 496.821862][ T12] bridge_slave_0: left allmulticast mode [ 496.827532][ T12] bridge_slave_0: left promiscuous mode [ 496.847803][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 496.900389][ T538] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 496.982382][ T12] veth1_macvtap: left promiscuous mode [ 496.987935][ T12] veth0_vlan: left promiscuous mode [ 497.060365][ T538] usb 1-1: Using ep0 maxpacket: 8 [ 497.077935][ T538] usb 1-1: unable to get BOS descriptor or descriptor too short [ 497.091140][ T538] usb 1-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 497.101562][ T538] usb 1-1: config 8 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 497.134057][ T538] usb 1-1: config 8 interface 0 has no altsetting 0 [ 497.151130][ T9427] bridge0: port 1(bridge_slave_0) entered blocking state [ 497.158189][ T9427] bridge0: port 1(bridge_slave_0) entered disabled state [ 497.171376][ T538] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 497.180612][ T538] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 497.188602][ T538] usb 1-1: Product: syz [ 497.193100][ T9427] bridge_slave_0: entered allmulticast mode [ 497.199466][ T9427] bridge_slave_0: entered promiscuous mode [ 497.205391][ T538] usb 1-1: Manufacturer: syz [ 497.209998][ T538] usb 1-1: SerialNumber: syz [ 497.215757][ T9427] bridge0: port 2(bridge_slave_1) entered blocking state [ 497.223807][ T9427] bridge0: port 2(bridge_slave_1) entered disabled state [ 497.231327][ T9427] bridge_slave_1: entered allmulticast mode [ 497.237765][ T9427] bridge_slave_1: entered promiscuous mode [ 497.325831][ T9427] bridge0: port 2(bridge_slave_1) entered blocking state [ 497.332925][ T9427] bridge0: port 2(bridge_slave_1) entered forwarding state [ 497.340215][ T9427] bridge0: port 1(bridge_slave_0) entered blocking state [ 497.347285][ T9427] bridge0: port 1(bridge_slave_0) entered forwarding state [ 497.411626][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 497.419148][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 497.432947][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 497.440027][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 497.448249][ T538] usb 1-1: selecting invalid altsetting 0 [ 497.456699][ T538] usb 1-1: USB disconnect, device number 16 [ 497.472034][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 497.479116][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 497.489758][ T909] udevd[909]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:8.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 497.534013][ T9427] veth0_vlan: entered promiscuous mode [ 497.545964][ T9427] veth1_macvtap: entered promiscuous mode [ 497.762277][ T9456] overlayfs: failed to resolve './file1': -2 [ 499.220405][ T9569] overlayfs: failed to resolve './file1': -2 [ 499.230957][ T9544] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4507'. [ 500.573416][ T9643] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4554'. [ 501.080905][ T9672] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4569'. [ 501.171875][ T9687] overlayfs: missing 'lowerdir' [ 501.440336][ T509] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 501.590366][ T509] usb 4-1: Using ep0 maxpacket: 8 [ 501.605978][ T509] usb 4-1: unable to get BOS descriptor or descriptor too short [ 501.614399][ T509] usb 4-1: config 8 interface 0 altsetting 7 endpoint 0x83 has invalid wMaxPacketSize 0 [ 501.626339][ T509] usb 4-1: config 8 interface 0 has no altsetting 0 [ 501.635099][ T509] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 501.644406][ T509] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 501.660344][ T509] usb 4-1: Product: syz [ 501.664545][ T509] usb 4-1: Manufacturer: syz [ 501.680549][ T509] usb 4-1: SerialNumber: syz [ 501.766832][ T9719] overlayfs: missing 'lowerdir' [ 501.896067][ T509] usb 4-1: selecting invalid altsetting 0 [ 501.927180][ T509] usb 4-1: USB disconnect, device number 17 [ 502.551451][ T9754] overlayfs: missing 'lowerdir' [ 502.675754][ T9755] bridge0: port 1(bridge_slave_0) entered blocking state [ 502.700365][ T9755] bridge0: port 1(bridge_slave_0) entered disabled state [ 502.730376][ T9755] bridge_slave_0: entered allmulticast mode [ 502.736753][ T9755] bridge_slave_0: entered promiscuous mode [ 502.776973][ T9755] bridge0: port 2(bridge_slave_1) entered blocking state [ 502.800685][ T9755] bridge0: port 2(bridge_slave_1) entered disabled state [ 502.807799][ T9755] bridge_slave_1: entered allmulticast mode [ 502.817191][ T9755] bridge_slave_1: entered promiscuous mode [ 502.866331][ T12] bridge_slave_1: left allmulticast mode [ 502.872070][ T12] bridge_slave_1: left promiscuous mode [ 502.878000][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 502.887646][ T12] bridge_slave_0: left allmulticast mode [ 502.900325][ T12] bridge_slave_0: left promiscuous mode [ 502.905985][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 503.047019][ T12] veth1_macvtap: left promiscuous mode [ 503.053218][ T12] veth0_vlan: left promiscuous mode [ 503.060031][ T9779] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 503.079006][ T9779] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 503.152836][ T9772] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4610'. [ 503.204238][ T9755] bridge0: port 2(bridge_slave_1) entered blocking state [ 503.211328][ T9755] bridge0: port 2(bridge_slave_1) entered forwarding state [ 503.222450][ T9795] overlayfs: missing 'lowerdir' [ 503.248504][ T9797] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 503.262488][ T343] bridge0: port 2(bridge_slave_1) entered disabled state [ 503.264963][ T9797] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 503.287573][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 503.294655][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 503.312889][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 503.319959][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 503.403005][ T9755] veth0_vlan: entered promiscuous mode [ 503.436269][ T9755] veth1_macvtap: entered promiscuous mode [ 503.436439][ T9813] overlayfs: missing 'lowerdir' [ 503.492788][ T9818] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 503.508281][ T9818] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 503.642264][ T9838] overlayfs: missing 'lowerdir' [ 504.232912][ T9891] overlayfs: missing 'lowerdir' [ 504.454626][ T9903] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 504.480443][ T9903] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 504.909940][ T9923] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4677'. [ 504.973150][ T9962] overlayfs: failed to resolve './file1': -2 [ 505.514168][ T9982] overlayfs: failed to resolve './file1': -2 [ 505.671120][ T9990] overlayfs: missing 'workdir' [ 506.294100][T10036] overlayfs: conflicting lowerdir path [ 506.593893][T10042] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4747'. [ 508.538334][T10225] overlayfs: missing 'lowerdir' [ 510.010355][ T509] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 510.205082][ T509] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 510.212771][ T509] usb 3-1: can't read configurations, error -71 [ 510.632919][T10319] overlayfs: missing 'lowerdir' [ 512.581484][T10425] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 512.604556][T10425] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 512.662037][T10434] overlayfs: missing 'lowerdir' [ 512.692077][T10439] overlayfs: missing 'workdir' [ 512.755456][T10456] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 512.770691][T10456] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 512.932497][T10488] overlayfs: missing 'workdir' [ 512.960354][T10492] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 512.969594][T10453] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4952'. [ 512.984996][T10492] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 513.362648][ T46] bridge_slave_1: left allmulticast mode [ 513.368338][ T46] bridge_slave_1: left promiscuous mode [ 513.374238][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 513.390776][ T46] bridge_slave_0: left allmulticast mode [ 513.406666][ T46] bridge_slave_0: left promiscuous mode [ 513.416783][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 513.600592][ T46] veth1_macvtap: left promiscuous mode [ 513.606155][ T46] veth0_vlan: left promiscuous mode [ 513.747294][T10520] bridge0: port 1(bridge_slave_0) entered blocking state [ 513.754449][T10520] bridge0: port 1(bridge_slave_0) entered disabled state [ 513.780369][T10520] bridge_slave_0: entered allmulticast mode [ 513.788175][T10520] bridge_slave_0: entered promiscuous mode [ 513.815096][T10520] bridge0: port 2(bridge_slave_1) entered blocking state [ 513.830349][T10520] bridge0: port 2(bridge_slave_1) entered disabled state [ 513.837497][T10520] bridge_slave_1: entered allmulticast mode [ 513.844176][T10520] bridge_slave_1: entered promiscuous mode [ 513.981448][T10520] bridge0: port 2(bridge_slave_1) entered blocking state [ 513.988833][T10520] bridge0: port 2(bridge_slave_1) entered forwarding state [ 513.996167][T10520] bridge0: port 1(bridge_slave_0) entered blocking state [ 514.003268][T10520] bridge0: port 1(bridge_slave_0) entered forwarding state [ 514.096756][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 514.114574][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 514.161583][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 514.168742][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 514.190717][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 514.197783][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 514.242418][T10520] veth0_vlan: entered promiscuous mode [ 514.264218][T10520] veth1_macvtap: entered promiscuous mode [ 514.730752][T10563] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5002'. [ 514.889156][T10578] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 514.908261][T10578] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 515.223956][T10598] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 515.250344][T10598] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 515.807222][T10616] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5028'. [ 515.924327][T10657] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 515.940409][T10657] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 516.136979][T10673] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 516.155921][T10673] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 516.278429][T10681] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 516.298537][T10681] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 517.652553][T10723] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 517.680372][T10723] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 517.942460][T10745] overlayfs: missing 'lowerdir' [ 520.150383][ T538] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 520.330428][ T538] usb 3-1: Using ep0 maxpacket: 8 [ 520.341319][ T538] usb 3-1: unable to get BOS descriptor or descriptor too short [ 520.349721][ T538] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 520.370369][ T538] usb 3-1: config 8 has 0 interfaces, different from the descriptor's value: 1 [ 520.391644][ T538] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 520.401225][ T538] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 520.417039][ T538] usb 3-1: Product: syz [ 520.421474][ T538] usb 3-1: Manufacturer: syz [ 520.426080][ T538] usb 3-1: SerialNumber: syz [ 520.649571][ T538] usb 3-1: USB disconnect, device number 13 [ 521.330940][T10927] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 521.360008][T10927] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 522.080571][T11000] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 522.109674][T11000] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 522.437670][T11043] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 522.459558][T11043] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 523.382245][ T5305] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 523.414945][T11097] overlayfs: missing 'workdir' [ 523.550366][ T5305] usb 2-1: Using ep0 maxpacket: 8 [ 523.556991][ T5305] usb 2-1: unable to get BOS descriptor or descriptor too short [ 523.565573][ T5305] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 523.580428][ T5305] usb 2-1: config 8 interface 0 altsetting 7 endpoint 0x88 has invalid wMaxPacketSize 0 [ 523.590799][ T5305] usb 2-1: config 8 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 523.615469][ T5305] usb 2-1: config 8 interface 0 has no altsetting 0 [ 523.624028][ T5305] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 523.642081][ T5305] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 523.650106][ T5305] usb 2-1: Product: syz [ 523.672344][ T5305] usb 2-1: Manufacturer: syz [ 523.677081][ T5305] usb 2-1: SerialNumber: syz [ 523.894458][ T5305] usb 2-1: selecting invalid altsetting 0 [ 523.912590][ T5305] snd-usb-audio 2-1:8.0: probe with driver snd-usb-audio failed with error -2 [ 523.931536][ T5305] usb 2-1: USB disconnect, device number 11 [ 523.940995][ T908] udevd[908]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:8.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 525.120625][T11203] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5320'. [ 526.042527][T11277] overlayfs: missing 'workdir' [ 526.095115][ T46] bridge_slave_1: left allmulticast mode [ 526.100843][ T46] bridge_slave_1: left promiscuous mode [ 526.106550][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 526.133926][ T46] bridge_slave_0: left allmulticast mode [ 526.150326][ T46] bridge_slave_0: left promiscuous mode [ 526.156008][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 526.281719][ T46] veth1_macvtap: left promiscuous mode [ 526.287262][ T46] veth0_vlan: left promiscuous mode [ 526.394776][T11278] bridge0: port 1(bridge_slave_0) entered blocking state [ 526.412225][T11278] bridge0: port 1(bridge_slave_0) entered disabled state [ 526.419319][T11278] bridge_slave_0: entered allmulticast mode [ 526.443760][T11278] bridge_slave_0: entered promiscuous mode [ 526.450780][T11278] bridge0: port 2(bridge_slave_1) entered blocking state [ 526.457842][T11278] bridge0: port 2(bridge_slave_1) entered disabled state [ 526.465384][T11278] bridge_slave_1: entered allmulticast mode [ 526.473933][T11278] bridge_slave_1: entered promiscuous mode [ 526.481855][T11301] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 526.500360][T11301] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 526.616585][T11278] bridge0: port 2(bridge_slave_1) entered blocking state [ 526.623688][T11278] bridge0: port 2(bridge_slave_1) entered forwarding state [ 526.631003][T11278] bridge0: port 1(bridge_slave_0) entered blocking state [ 526.638037][T11278] bridge0: port 1(bridge_slave_0) entered forwarding state [ 526.683169][T11331] overlayfs: missing 'lowerdir' [ 526.688144][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 526.699437][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 526.722345][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 526.729420][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 526.740652][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 526.747702][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 526.799914][T11278] veth0_vlan: entered promiscuous mode [ 526.828669][T11278] veth1_macvtap: entered promiscuous mode [ 527.137292][T11385] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 527.160527][T11385] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 527.672534][T11421] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 527.700345][T11421] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 527.968348][T11433] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 527.979544][T11433] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 528.099849][T11453] overlayfs: missing 'lowerdir' [ 528.181533][T11461] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 528.200862][T11461] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 528.570597][T11473] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5450'. [ 529.764056][T11530] overlayfs: missing 'lowerdir' [ 530.057072][T11548] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 530.070384][T11548] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 530.900444][ T36] audit: type=1400 audit(1763091905.400:216): avc: denied { create } for pid=11559 comm="syz.0.5494" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 530.950748][ T36] audit: type=1400 audit(1763091905.400:217): avc: denied { accept } for pid=11559 comm="syz.0.5494" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 531.000343][ T36] audit: type=1400 audit(1763091905.400:218): avc: denied { map } for pid=11559 comm="syz.0.5494" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 531.060347][ T36] audit: type=1400 audit(1763091905.430:219): avc: denied { write } for pid=11559 comm="syz.0.5494" path="socket:[63475]" dev="sockfs" ino=63475 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 531.215952][T11588] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 531.240354][T11588] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 531.492463][T11610] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 531.510389][T11610] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 531.900899][T11622] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5523'. [ 531.962468][T11635] FAULT_INJECTION: forcing a failure. [ 531.962468][T11635] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 531.990473][T11635] CPU: 0 UID: 0 PID: 11635 Comm: syz.3.5529 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 531.990507][T11635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 531.990519][T11635] Call Trace: [ 531.990526][T11635] [ 531.990548][T11635] __dump_stack+0x21/0x30 [ 531.990579][T11635] dump_stack_lvl+0x10c/0x190 [ 531.990601][T11635] ? __cfi_dump_stack_lvl+0x10/0x10 [ 531.990626][T11635] dump_stack+0x19/0x20 [ 531.990647][T11635] should_fail_ex+0x3d9/0x530 [ 531.990668][T11635] should_fail+0xf/0x20 [ 531.990684][T11635] should_fail_usercopy+0x1e/0x30 [ 531.990703][T11635] _copy_from_user+0x22/0xb0 [ 531.990725][T11635] do_tcp_setsockopt+0x541/0x1f60 [ 531.990881][T11635] ? __cfi_do_tcp_setsockopt+0x10/0x10 [ 531.990907][T11635] ? selinux_socket_setsockopt+0x2ea/0x390 [ 531.990936][T11635] ? __cfi_selinux_socket_setsockopt+0x10/0x10 [ 531.990965][T11635] tcp_setsockopt+0x58/0x110 [ 531.990982][T11635] sock_common_setsockopt+0xb5/0xd0 [ 531.991004][T11635] ? __cfi_sock_common_setsockopt+0x10/0x10 [ 531.991025][T11635] do_sock_setsockopt+0x26d/0x400 [ 531.991051][T11635] ? __cfi_do_sock_setsockopt+0x10/0x10 [ 531.991078][T11635] __x64_sys_setsockopt+0x1b8/0x250 [ 531.991103][T11635] x64_sys_call+0x2adc/0x2ee0 [ 531.991129][T11635] do_syscall_64+0x58/0xf0 [ 531.991153][T11635] ? clear_bhb_loop+0x50/0xa0 [ 531.991173][T11635] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 531.991193][T11635] RIP: 0033:0x7fabb858f6c9 [ 531.991210][T11635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 531.991226][T11635] RSP: 002b:00007fabb94a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 531.991248][T11635] RAX: ffffffffffffffda RBX: 00007fabb87e5fa0 RCX: 00007fabb858f6c9 [ 531.991263][T11635] RDX: 0000000000000013 RSI: 0000000000000006 RDI: 0000000000000007 [ 531.991275][T11635] RBP: 00007fabb94a7090 R08: 0000000000000004 R09: 0000000000000000 [ 531.991287][T11635] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 531.991299][T11635] R13: 00007fabb87e6038 R14: 00007fabb87e5fa0 R15: 00007ffd675a91f8 [ 531.991315][T11635] [ 532.288015][T11647] overlayfs: missing 'workdir' [ 532.714966][T11653] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5539'. [ 532.890937][T11682] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 532.906827][T11680] overlayfs: missing 'workdir' [ 532.910338][T11682] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 533.021440][T11694] binder: Unknown parameter 'defcontext01777777777777777777777' [ 533.158032][T11690] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5556'. [ 533.300345][ T5305] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 533.470324][ T5305] usb 2-1: Using ep0 maxpacket: 8 [ 533.492676][ T5305] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 17, changing to 8 [ 533.510331][ T5305] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 533.530323][ T5305] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024 [ 533.551678][ T5305] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 533.561247][ T5305] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 533.571062][ T5305] usb 2-1: Product: syz [ 533.575309][ T5305] usb 2-1: Manufacturer: syz [ 533.579909][ T5305] usb 2-1: SerialNumber: syz [ 533.596951][T11713] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 533.610350][T11713] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 533.752074][T11719] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5569'. [ 533.788993][ T5305] cdc_ncm 2-1:1.0: bind() failure [ 533.799054][ T5305] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 533.807293][ T5305] cdc_ncm 2-1:1.1: bind() failure [ 533.821832][ T5305] usb 2-1: USB disconnect, device number 12 [ 533.880350][ T538] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 534.040332][ T538] usb 3-1: Using ep0 maxpacket: 8 [ 534.051647][ T538] usb 3-1: unable to get BOS descriptor or descriptor too short [ 534.070240][ T538] usb 3-1: config 8 interface 0 altsetting 7 endpoint 0x83 has invalid wMaxPacketSize 0 [ 534.090026][ T538] usb 3-1: config 8 interface 0 has no altsetting 0 [ 534.098295][ T538] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 534.117572][ T538] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 534.137787][ T538] usb 3-1: Product: syz [ 534.142030][ T538] usb 3-1: Manufacturer: syz [ 534.146630][ T538] usb 3-1: SerialNumber: syz [ 534.366559][ T538] usb 3-1: selecting invalid altsetting 0 [ 534.383455][ T538] usb 3-1: USB disconnect, device number 14 [ 534.412474][ T909] udevd[909]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:8.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 534.520788][T11742] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5580'. [ 534.658456][T11749] overlayfs: missing 'workdir' [ 535.600333][ T5305] usb 2-1: new full-speed USB device number 13 using dummy_hcd [ 535.781385][ T5305] usb 2-1: config 0 has an invalid interface number: 41 but max is 0 [ 535.786615][T11826] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 535.789508][ T5305] usb 2-1: config 0 has no interface number 0 [ 535.798536][T11826] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 535.818367][ T36] audit: type=1400 audit(1763091910.330:220): avc: denied { ioctl } for pid=11827 comm="syz.0.5622" path="socket:[64491]" dev="sockfs" ino=64491 ioctlcmd=0xae9c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 535.820331][ T5305] usb 2-1: config 0 interface 41 has no altsetting 0 [ 535.855332][ T5305] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 535.864641][ T5305] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 535.877619][ T5305] usb 2-1: Product: syz [ 535.884954][ T36] audit: type=1400 audit(1763091910.390:221): avc: denied { ioctl } for pid=11829 comm="syz.2.5624" path="socket:[65238]" dev="sockfs" ino=65238 ioctlcmd=0xae9c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 535.914786][ T5305] usb 2-1: Manufacturer: syz [ 535.919794][ T5305] usb 2-1: SerialNumber: syz [ 535.927708][ T5305] usb 2-1: config 0 descriptor?? [ 535.967017][T11840] overlayfs: missing 'lowerdir' [ 536.006021][T11848] FAULT_INJECTION: forcing a failure. [ 536.006021][T11848] name failslab, interval 1, probability 0, space 0, times 0 [ 536.030122][T11848] CPU: 1 UID: 0 PID: 11848 Comm: syz.2.5631 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 536.030157][T11848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 536.030169][T11848] Call Trace: [ 536.030176][T11848] [ 536.030184][T11848] __dump_stack+0x21/0x30 [ 536.030218][T11848] dump_stack_lvl+0x10c/0x190 [ 536.030241][T11848] ? __cfi_dump_stack_lvl+0x10/0x10 [ 536.030267][T11848] dump_stack+0x19/0x20 [ 536.030287][T11848] should_fail_ex+0x3d9/0x530 [ 536.030305][T11848] should_failslab+0xac/0x100 [ 536.030324][T11848] kmem_cache_alloc_lru_noprof+0x44/0x430 [ 536.030341][T11848] ? sock_alloc_inode+0x48/0x150 [ 536.030360][T11848] sock_alloc_inode+0x48/0x150 [ 536.030377][T11848] ? __cfi_sock_alloc_inode+0x10/0x10 [ 536.030396][T11848] alloc_inode+0x7a/0x270 [ 536.030416][T11848] new_inode_pseudo+0x19/0x40 [ 536.030435][T11848] do_accept+0x15a/0x6b0 [ 536.030456][T11848] ? _raw_spin_lock+0x8c/0x120 [ 536.030480][T11848] ? __cfi_do_accept+0x10/0x10 [ 536.030503][T11848] __sys_accept4+0x11e/0x1c0 [ 536.030523][T11848] ? __cfi___sys_accept4+0x10/0x10 [ 536.030545][T11848] __x64_sys_accept4+0x9e/0xb0 [ 536.030565][T11848] x64_sys_call+0x2527/0x2ee0 [ 536.030591][T11848] do_syscall_64+0x58/0xf0 [ 536.030612][T11848] ? clear_bhb_loop+0x50/0xa0 [ 536.030633][T11848] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 536.030653][T11848] RIP: 0033:0x7fe0b5d8f6c9 [ 536.030669][T11848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 536.030686][T11848] RSP: 002b:00007fe0b6c71038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120 [ 536.030707][T11848] RAX: ffffffffffffffda RBX: 00007fe0b5fe5fa0 RCX: 00007fe0b5d8f6c9 [ 536.030722][T11848] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 536.030735][T11848] RBP: 00007fe0b6c71090 R08: 0000000000000000 R09: 0000000000000000 [ 536.030748][T11848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 536.030760][T11848] R13: 00007fe0b5fe6038 R14: 00007fe0b5fe5fa0 R15: 00007fffa64df498 [ 536.030777][T11848] [ 536.500334][ T538] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 536.650319][ T538] usb 4-1: Using ep0 maxpacket: 32 [ 536.659707][ T538] usb 4-1: config 0 has an invalid interface number: 188 but max is 0 [ 536.667956][ T538] usb 4-1: config 0 has no interface number 0 [ 536.676665][T11868] FAULT_INJECTION: forcing a failure. [ 536.676665][T11868] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 536.680333][ T538] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 536.710342][T11868] CPU: 0 UID: 0 PID: 11868 Comm: syz.0.5640 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 536.710375][T11868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 536.710388][T11868] Call Trace: [ 536.710394][T11868] [ 536.710403][T11868] __dump_stack+0x21/0x30 [ 536.710433][T11868] dump_stack_lvl+0x10c/0x190 [ 536.710456][T11868] ? __cfi_dump_stack_lvl+0x10/0x10 [ 536.710480][T11868] ? check_stack_object+0x12c/0x140 [ 536.710500][T11868] dump_stack+0x19/0x20 [ 536.710522][T11868] should_fail_ex+0x3d9/0x530 [ 536.710541][T11868] should_fail+0xf/0x20 [ 536.710558][T11868] should_fail_usercopy+0x1e/0x30 [ 536.710578][T11868] _copy_to_user+0x24/0xa0 [ 536.710601][T11868] simple_read_from_buffer+0xed/0x160 [ 536.710624][T11868] proc_fail_nth_read+0x19e/0x210 [ 536.710648][T11868] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 536.710672][T11868] ? bpf_lsm_file_permission+0xd/0x20 [ 536.710696][T11868] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 536.710719][T11868] vfs_read+0x27d/0xc70 [ 536.710735][T11868] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 536.710757][T11868] ? __cfi_vfs_read+0x10/0x10 [ 536.710773][T11868] ? __kasan_check_write+0x18/0x20 [ 536.710799][T11868] ? mutex_lock+0x92/0x1c0 [ 536.710816][T11868] ? __cfi_mutex_lock+0x10/0x10 [ 536.710840][T11868] ? __fget_files+0x2c5/0x340 [ 536.710862][T11868] ksys_read+0x141/0x250 [ 536.710879][T11868] ? __cfi_ksys_read+0x10/0x10 [ 536.710896][T11868] ? __kasan_check_read+0x15/0x20 [ 536.710921][T11868] __x64_sys_read+0x7f/0x90 [ 536.710939][T11868] x64_sys_call+0x2638/0x2ee0 [ 536.710964][T11868] do_syscall_64+0x58/0xf0 [ 536.710986][T11868] ? clear_bhb_loop+0x50/0xa0 [ 536.711007][T11868] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 536.711027][T11868] RIP: 0033:0x7f9fde58e0dc [ 536.711043][T11868] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 536.711059][T11868] RSP: 002b:00007f9fdf4dc030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 536.711080][T11868] RAX: ffffffffffffffda RBX: 00007f9fde7e5fa0 RCX: 00007f9fde58e0dc [ 536.711095][T11868] RDX: 000000000000000f RSI: 00007f9fdf4dc0a0 RDI: 0000000000000006 [ 536.711108][T11868] RBP: 00007f9fdf4dc090 R08: 0000000000000000 R09: 0000000000000000 [ 536.711120][T11868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 536.711133][T11868] R13: 00007f9fde7e6038 R14: 00007f9fde7e5fa0 R15: 00007ffcd62332f8 [ 536.711150][T11868] [ 536.721361][ T538] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 536.853565][T11872] overlayfs: missing 'lowerdir' [ 536.855237][ T538] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 536.986396][ T538] usb 4-1: Product: syz [ 536.996323][ T538] usb 4-1: Manufacturer: syz [ 537.001644][ T538] usb 4-1: SerialNumber: syz [ 537.008815][ T538] usb 4-1: config 0 descriptor?? [ 537.016008][T11853] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 537.232399][T11853] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 537.650982][ T538] asix 4-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 537.665363][ T538] asix 4-1:0.188: probe with driver asix failed with error -61 [ 538.203166][T11926] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 538.212017][T11926] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 538.255187][T11934] FAULT_INJECTION: forcing a failure. [ 538.255187][T11934] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 538.268560][T11934] CPU: 0 UID: 0 PID: 11934 Comm: syz.2.5670 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 538.268593][T11934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 538.268605][T11934] Call Trace: [ 538.268610][T11934] [ 538.268617][T11934] __dump_stack+0x21/0x30 [ 538.268644][T11934] dump_stack_lvl+0x10c/0x190 [ 538.268664][T11934] ? __cfi_dump_stack_lvl+0x10/0x10 [ 538.268685][T11934] ? __x64_sys_openat+0x13a/0x170 [ 538.268709][T11934] ? do_syscall_64+0x58/0xf0 [ 538.268730][T11934] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 538.268748][T11934] dump_stack+0x19/0x20 [ 538.268768][T11934] should_fail_ex+0x3d9/0x530 [ 538.268786][T11934] should_fail+0xf/0x20 [ 538.268801][T11934] should_fail_usercopy+0x1e/0x30 [ 538.268818][T11934] _copy_from_iter+0x3bb/0x14d0 [ 538.268841][T11934] ? __cfi__copy_from_iter+0x10/0x10 [ 538.268859][T11934] ? __cfi_avc_has_perm+0x10/0x10 [ 538.268880][T11934] ? kasan_save_alloc_info+0x40/0x50 [ 538.268903][T11934] tun_get_user+0x201/0x3450 [ 538.268931][T11934] ? ptr_ring_consume+0x430/0x430 [ 538.268949][T11934] ? is_bpf_text_address+0x17b/0x1a0 [ 538.268971][T11934] ? __kasan_check_write+0x18/0x20 [ 538.268994][T11934] ? ref_tracker_alloc+0x308/0x540 [ 538.269012][T11934] ? __cfi_ref_tracker_alloc+0x10/0x10 [ 538.269032][T11934] ? _parse_integer+0x2e/0x40 [ 538.269055][T11934] tun_chr_write_iter+0x1fc/0x310 [ 538.269071][T11934] do_iter_readv_writev+0x628/0x810 [ 538.269089][T11934] ? vfs_iter_read+0x5f0/0x5f0 [ 538.269107][T11934] ? bpf_lsm_file_permission+0xd/0x20 [ 538.269129][T11934] vfs_writev+0x485/0xcf0 [ 538.269149][T11934] ? do_writev+0x2d0/0x2d0 [ 538.269165][T11934] ? vfs_write+0x93e/0xf30 [ 538.269184][T11934] do_writev+0x14d/0x2d0 [ 538.269201][T11934] ? vfs_readv+0xa50/0xa50 [ 538.269220][T11934] ? __kasan_check_read+0x15/0x20 [ 538.269244][T11934] __x64_sys_writev+0x81/0x90 [ 538.269260][T11934] x64_sys_call+0x1fbb/0x2ee0 [ 538.269281][T11934] do_syscall_64+0x58/0xf0 [ 538.269301][T11934] ? clear_bhb_loop+0x50/0xa0 [ 538.269319][T11934] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 538.269335][T11934] RIP: 0033:0x7fe0b5d8f6c9 [ 538.269350][T11934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 538.269365][T11934] RSP: 002b:00007fe0b6c71038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 538.269385][T11934] RAX: ffffffffffffffda RBX: 00007fe0b5fe5fa0 RCX: 00007fe0b5d8f6c9 [ 538.269398][T11934] RDX: 0000000000000003 RSI: 0000200000000180 RDI: 0000000000000005 [ 538.269409][T11934] RBP: 00007fe0b6c71090 R08: 0000000000000000 R09: 0000000000000000 [ 538.269420][T11934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 538.269431][T11934] R13: 00007fe0b5fe6038 R14: 00007fe0b5fe5fa0 R15: 00007fffa64df498 [ 538.269446][T11934] [ 538.558325][ T5305] CoreChips 2-1:0.41: probe with driver CoreChips failed with error -71 [ 538.577096][ T5305] usb 2-1: USB disconnect, device number 13 [ 538.810519][T11955] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 538.820847][T11955] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 539.411052][T11979] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 539.419777][T11979] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 539.483135][T11982] FAULT_INJECTION: forcing a failure. [ 539.483135][T11982] name failslab, interval 1, probability 0, space 0, times 0 [ 539.513693][T11982] CPU: 0 UID: 0 PID: 11982 Comm: syz.1.5692 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 539.513726][T11982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 539.513738][T11982] Call Trace: [ 539.513744][T11982] [ 539.513753][T11982] __dump_stack+0x21/0x30 [ 539.513783][T11982] dump_stack_lvl+0x10c/0x190 [ 539.513806][T11982] ? __cfi_dump_stack_lvl+0x10/0x10 [ 539.513840][T11982] ? __kasan_check_write+0x18/0x20 [ 539.513866][T11982] ? proc_fail_nth_write+0x17e/0x210 [ 539.513891][T11982] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 539.513916][T11982] dump_stack+0x19/0x20 [ 539.513940][T11982] should_fail_ex+0x3d9/0x530 [ 539.513960][T11982] should_failslab+0xac/0x100 [ 539.513978][T11982] kmem_cache_alloc_noprof+0x42/0x430 [ 539.513996][T11982] ? getname_flags+0xc6/0x710 [ 539.514015][T11982] getname_flags+0xc6/0x710 [ 539.514032][T11982] ? build_open_flags+0x487/0x600 [ 539.514058][T11982] getname+0x1b/0x30 [ 539.514076][T11982] do_sys_openat2+0xcb/0x1c0 [ 539.514100][T11982] ? fput+0x1a5/0x240 [ 539.514122][T11982] ? do_sys_open+0x100/0x100 [ 539.514144][T11982] ? ksys_write+0x1ef/0x250 [ 539.514162][T11982] ? __cfi_ksys_write+0x10/0x10 [ 539.514182][T11982] __x64_sys_openat+0x13a/0x170 [ 539.514208][T11982] x64_sys_call+0xe69/0x2ee0 [ 539.514234][T11982] do_syscall_64+0x58/0xf0 [ 539.514258][T11982] ? clear_bhb_loop+0x50/0xa0 [ 539.514280][T11982] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 539.514300][T11982] RIP: 0033:0x7f5400b8df10 [ 539.514318][T11982] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44 [ 539.514336][T11982] RSP: 002b:00007f5401a75f60 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 539.514360][T11982] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5400b8df10 [ 539.514376][T11982] RDX: 0000000000000000 RSI: 00007f5400c1207e RDI: 00000000ffffff9c [ 539.514391][T11982] RBP: 00007f5400c1207e R08: 0000000000000000 R09: 0000000000000000 [ 539.514405][T11982] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 539.514419][T11982] R13: 00007f5400de6038 R14: 00007f5400de5fa0 R15: 00007ffd7a6b4b38 [ 539.514437][T11982] [ 539.794941][ T36] audit: type=1400 audit(1763091914.300:222): avc: denied { connect } for pid=12016 comm="syz.0.5708" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 539.828972][ T36] audit: type=1400 audit(1763091914.310:223): avc: denied { bind } for pid=12013 comm="syz.2.5707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 539.849100][ T36] audit: type=1400 audit(1763091914.310:224): avc: denied { read } for pid=12013 comm="syz.2.5707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 539.869132][ T36] audit: type=1400 audit(1763091914.320:225): avc: denied { ioctl } for pid=12016 comm="syz.0.5708" path="socket:[66720]" dev="sockfs" ino=66720 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 539.914911][T12035] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 539.923748][T12035] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 539.996843][ T5305] usb 4-1: USB disconnect, device number 18 [ 540.070241][ T36] audit: type=1400 audit(1763091914.570:226): avc: denied { write } for pid=12068 comm="syz.3.5732" path="socket:[66062]" dev="sockfs" ino=66062 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 540.158679][T12082] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 540.173630][T12082] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 540.301255][T12110] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 540.310385][T12110] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 540.378167][T12120] overlayfs: missing 'lowerdir' [ 540.561152][T12137] kvm: pic: non byte read [ 540.570624][T12137] kvm: pic: non byte read [ 540.575188][T12137] kvm: pic: non byte read [ 540.590123][T12137] kvm: pic: non byte read [ 540.600234][T12137] kvm: pic: non byte read [ 540.610395][T12137] kvm: pic: non byte read [ 540.620342][T12137] kvm: pic: non byte read [ 540.625183][T12137] kvm: pic: non byte read [ 540.640106][T12137] kvm: pic: non byte read [ 540.644888][T12137] kvm: pic: non byte read [ 541.391230][T12174] FAULT_INJECTION: forcing a failure. [ 541.391230][T12174] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 541.432805][T12174] CPU: 0 UID: 0 PID: 12174 Comm: syz.3.5781 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 541.432835][T12174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 541.432847][T12174] Call Trace: [ 541.432853][T12174] [ 541.432861][T12174] __dump_stack+0x21/0x30 [ 541.432888][T12174] dump_stack_lvl+0x10c/0x190 [ 541.432911][T12174] ? __cfi_dump_stack_lvl+0x10/0x10 [ 541.432934][T12174] ? check_stack_object+0x12c/0x140 [ 541.432953][T12174] dump_stack+0x19/0x20 [ 541.432974][T12174] should_fail_ex+0x3d9/0x530 [ 541.432993][T12174] should_fail+0xf/0x20 [ 541.433010][T12174] should_fail_usercopy+0x1e/0x30 [ 541.433028][T12174] _copy_to_user+0x24/0xa0 [ 541.433049][T12174] simple_read_from_buffer+0xed/0x160 [ 541.433072][T12174] proc_fail_nth_read+0x19e/0x210 [ 541.433094][T12174] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 541.433116][T12174] ? bpf_lsm_file_permission+0xd/0x20 [ 541.433140][T12174] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 541.433163][T12174] vfs_read+0x27d/0xc70 [ 541.433180][T12174] ? __cfi_vfs_read+0x10/0x10 [ 541.433196][T12174] ? __kasan_check_write+0x18/0x20 [ 541.433222][T12174] ? mutex_lock+0x92/0x1c0 [ 541.433239][T12174] ? __cfi_mutex_lock+0x10/0x10 [ 541.433256][T12174] ? __fget_files+0x2c5/0x340 [ 541.433276][T12174] ksys_read+0x141/0x250 [ 541.433291][T12174] ? __cfi_ksys_read+0x10/0x10 [ 541.433306][T12174] ? ovl_dir_llseek+0x3b0/0x4e0 [ 541.433455][T12174] ? __kasan_check_read+0x15/0x20 [ 541.433481][T12174] __x64_sys_read+0x7f/0x90 [ 541.433498][T12174] x64_sys_call+0x2638/0x2ee0 [ 541.433525][T12174] do_syscall_64+0x58/0xf0 [ 541.433553][T12174] ? clear_bhb_loop+0x50/0xa0 [ 541.433574][T12174] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 541.433593][T12174] RIP: 0033:0x7fabb858e0dc [ 541.433609][T12174] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 541.433624][T12174] RSP: 002b:00007fabb94a7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 541.433645][T12174] RAX: ffffffffffffffda RBX: 00007fabb87e5fa0 RCX: 00007fabb858e0dc [ 541.433659][T12174] RDX: 000000000000000f RSI: 00007fabb94a70a0 RDI: 0000000000000007 [ 541.433669][T12174] RBP: 00007fabb94a7090 R08: 0000000000000000 R09: 0000000000000000 [ 541.433679][T12174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 541.433690][T12174] R13: 00007fabb87e6038 R14: 00007fabb87e5fa0 R15: 00007ffd675a91f8 [ 541.433703][T12174] [ 541.735826][T12193] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 541.744635][T12193] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 541.753391][T12194] FAULT_INJECTION: forcing a failure. [ 541.753391][T12194] name failslab, interval 1, probability 0, space 0, times 0 [ 541.797206][T12194] CPU: 1 UID: 0 PID: 12194 Comm: syz.3.5792 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 541.797243][T12194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 541.797255][T12194] Call Trace: [ 541.797271][T12194] [ 541.797279][T12194] __dump_stack+0x21/0x30 [ 541.797310][T12194] dump_stack_lvl+0x10c/0x190 [ 541.797333][T12194] ? __cfi_dump_stack_lvl+0x10/0x10 [ 541.797359][T12194] dump_stack+0x19/0x20 [ 541.797381][T12194] should_fail_ex+0x3d9/0x530 [ 541.797402][T12194] should_failslab+0xac/0x100 [ 541.797424][T12194] __kmalloc_cache_noprof+0x41/0x490 [ 541.797442][T12194] ? __kasan_check_write+0x18/0x20 [ 541.797468][T12194] ? ovl_iterate+0xf22/0x1f00 [ 541.797494][T12194] ? override_creds+0x83/0x120 [ 541.797515][T12194] ovl_iterate+0xf22/0x1f00 [ 541.797540][T12194] ? _parse_integer+0x2e/0x40 [ 541.797567][T12194] ? __cfi_ovl_iterate+0x10/0x10 [ 541.797591][T12194] ? kstrtouint+0x78/0xf0 [ 541.797608][T12194] ? kstrtouint_from_user+0xfb/0x150 [ 541.797626][T12194] ? __x64_sys_openat+0x13a/0x170 [ 541.797649][T12194] ? x64_sys_call+0xe69/0x2ee0 [ 541.797675][T12194] ? __cfi_kstrtouint_from_user+0x10/0x10 [ 541.797693][T12194] ? selinux_file_permission+0x309/0xb30 [ 541.797718][T12194] ? __kasan_check_write+0x18/0x20 [ 541.797744][T12194] ? rwsem_read_trylock+0x2b1/0x660 [ 541.797873][T12194] ? __kasan_check_write+0x18/0x20 [ 541.797899][T12194] ? down_write+0xe9/0x2a0 [ 541.797918][T12194] ? __cfi_down_write+0x10/0x10 [ 541.797937][T12194] ? vfs_write+0x93e/0xf30 [ 541.797955][T12194] ? __kasan_check_write+0x18/0x20 [ 541.797981][T12194] wrap_directory_iterator+0xa7/0xf0 [ 541.798002][T12194] ? __cfi_ovl_iterate+0x10/0x10 [ 541.798027][T12194] shared_ovl_iterate+0x28/0x40 [ 541.798050][T12194] iterate_dir+0x203/0x5e0 [ 541.798071][T12194] __se_sys_getdents64+0xe9/0x240 [ 541.798092][T12194] ? fput+0x1a5/0x240 [ 541.798113][T12194] ? __x64_sys_getdents64+0xa0/0xa0 [ 541.798134][T12194] ? ksys_write+0x1ef/0x250 [ 541.798150][T12194] ? __cfi_filldir64+0x10/0x10 [ 541.798170][T12194] ? __cfi_ksys_write+0x10/0x10 [ 541.798188][T12194] ? __kasan_check_read+0x15/0x20 [ 541.798214][T12194] __x64_sys_getdents64+0x7f/0xa0 [ 541.798235][T12194] x64_sys_call+0x27d0/0x2ee0 [ 541.798270][T12194] do_syscall_64+0x58/0xf0 [ 541.798292][T12194] ? clear_bhb_loop+0x50/0xa0 [ 541.798313][T12194] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 541.798332][T12194] RIP: 0033:0x7fabb858f6c9 [ 541.798349][T12194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 541.798366][T12194] RSP: 002b:00007fabb94a7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 541.798388][T12194] RAX: ffffffffffffffda RBX: 00007fabb87e5fa0 RCX: 00007fabb858f6c9 [ 541.798403][T12194] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 541.798415][T12194] RBP: 00007fabb94a7090 R08: 0000000000000000 R09: 0000000000000000 [ 541.798428][T12194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 541.798440][T12194] R13: 00007fabb87e6038 R14: 00007fabb87e5fa0 R15: 00007ffd675a91f8 [ 541.798457][T12194] [ 541.866698][T12201] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 541.880381][T12204] overlayfs: missing 'lowerdir' [ 541.884761][T12201] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 541.920199][T12206] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 542.138159][T12206] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 543.120316][ T36] audit: type=1400 audit(1763091917.620:227): avc: denied { write } for pid=12247 comm="syz.1.5821" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 543.190324][ T36] audit: type=1400 audit(1763091917.620:228): avc: denied { nlmsg_write } for pid=12247 comm="syz.1.5821" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 543.405264][ T36] audit: type=1400 audit(1763091917.910:229): avc: denied { create } for pid=12288 comm="syz.3.5837" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 543.451240][T12291] overlayfs: missing 'workdir' [ 543.500337][ T5305] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 543.510574][T12303] capability: warning: `syz.3.5843' uses 32-bit capabilities (legacy support in use) [ 543.566243][ T36] audit: type=1400 audit(1763091918.070:230): avc: denied { lock } for pid=12311 comm="syz.3.5848" path="socket:[68650]" dev="sockfs" ino=68650 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 543.670328][ T5305] usb 2-1: Using ep0 maxpacket: 8 [ 543.681666][ T5305] usb 2-1: unable to get BOS descriptor or descriptor too short [ 543.690212][ T5305] usb 2-1: config 8 interface 0 altsetting 7 endpoint 0x83 has invalid wMaxPacketSize 0 [ 543.710189][ T5305] usb 2-1: config 8 interface 0 altsetting 7 bulk endpoint 0x83 has invalid maxpacket 0 [ 543.720175][ T5305] usb 2-1: config 8 interface 0 has no altsetting 0 [ 543.730033][ T5305] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 543.730619][T12327] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 543.739432][ T5305] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 543.762130][T12327] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 543.776129][ T5305] usb 2-1: Product: syz [ 543.786315][ T5305] usb 2-1: Manufacturer: syz [ 543.796450][ T5305] usb 2-1: SerialNumber: syz [ 543.877127][T12336] overlayfs: missing 'workdir' [ 543.918308][ T36] audit: type=1400 audit(1763091918.420:231): avc: denied { ioctl } for pid=12340 comm="syz.2.5861" path="cgroup:[4026532316]" dev="nsfs" ino=4026532316 ioctlcmd=0xb704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 544.013993][ T5305] usb 2-1: selecting invalid altsetting 0 [ 544.039618][ T5305] snd-usb-audio 2-1:8.0: probe with driver snd-usb-audio failed with error -12 [ 544.053194][ T5305] usb 2-1: USB disconnect, device number 14 [ 544.060837][ T909] udevd[909]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:8.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 544.842147][T12374] overlayfs: missing 'workdir' [ 545.043199][ T36] audit: type=1400 audit(1763091919.550:232): avc: denied { read write } for pid=12397 comm="syz.3.5889" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 545.100324][ T36] audit: type=1400 audit(1763091919.580:233): avc: denied { open } for pid=12397 comm="syz.3.5889" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 545.203203][ T36] audit: type=1400 audit(1763091919.710:234): avc: denied { bind } for pid=12403 comm="syz.3.5892" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 546.372277][T12453] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 546.400451][T12453] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 546.576861][T12464] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 546.610353][T12464] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 547.912147][T12535] overlayfs: missing 'lowerdir' [ 547.960355][ T5305] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 548.120333][ T5305] usb 3-1: Using ep0 maxpacket: 32 [ 548.140481][ T5305] usb 3-1: config 0 has an invalid interface number: 188 but max is 0 [ 548.148698][ T5305] usb 3-1: config 0 has no interface number 0 [ 548.160348][ T5305] usb 3-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 548.181699][ T5305] usb 3-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 548.193059][ T5305] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 548.210324][ T5305] usb 3-1: Product: syz [ 548.214528][ T5305] usb 3-1: Manufacturer: syz [ 548.219127][ T5305] usb 3-1: SerialNumber: syz [ 548.241026][ T5305] usb 3-1: config 0 descriptor?? [ 548.246655][T12510] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 548.461497][T12510] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 548.886764][ T5305] asix 3-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 548.908264][ T5305] asix 3-1:0.188: probe with driver asix failed with error -61 [ 548.986566][T12580] overlayfs: missing 'workdir' [ 549.116027][ T36] audit: type=1400 audit(1763091923.620:235): avc: denied { map } for pid=12612 comm="syz.0.5992" path="socket:[69579]" dev="sockfs" ino=69579 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 549.150617][ T36] audit: type=1400 audit(1763091923.650:236): avc: denied { read accept } for pid=12612 comm="syz.0.5992" path="socket:[69579]" dev="sockfs" ino=69579 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 549.196871][T12628] rust_binder: 833: no such ref 1 [ 549.276731][T12640] overlayfs: missing 'lowerdir' [ 549.621656][T12661] overlayfs: missing 'lowerdir' [ 551.169799][ T5305] usb 3-1: USB disconnect, device number 15 [ 551.436096][T12771] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 551.449572][T12771] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 551.612371][T12794] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 551.630431][T12794] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 551.691119][T12804] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=24866 sclass=netlink_route_socket pid=12804 comm=syz.0.6080 [ 552.264083][T12877] overlayfs: missing 'workdir' [ 552.890803][T12949] overlayfs: missing 'lowerdir' [ 553.538093][T13041] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 553.567797][T13041] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 553.581069][T13051] FAULT_INJECTION: forcing a failure. [ 553.581069][T13051] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 553.596598][T13051] CPU: 1 UID: 0 PID: 13051 Comm: syz.0.6196 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 553.596632][T13051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 553.596644][T13051] Call Trace: [ 553.596650][T13051] [ 553.596659][T13051] __dump_stack+0x21/0x30 [ 553.596689][T13051] dump_stack_lvl+0x10c/0x190 [ 553.596713][T13051] ? __cfi_dump_stack_lvl+0x10/0x10 [ 553.596737][T13051] ? __kasan_check_write+0x18/0x20 [ 553.596763][T13051] ? check_stack_object+0x107/0x140 [ 553.596782][T13051] dump_stack+0x19/0x20 [ 553.596804][T13051] should_fail_ex+0x3d9/0x530 [ 553.596824][T13051] should_fail+0xf/0x20 [ 553.596840][T13051] should_fail_usercopy+0x1e/0x30 [ 553.596860][T13051] _copy_from_user+0x22/0xb0 [ 553.596883][T13051] __sys_sendto+0x29e/0x6f0 [ 553.596908][T13051] ? __cfi___sys_sendto+0x10/0x10 [ 553.596933][T13051] ? __kasan_check_write+0x18/0x20 [ 553.596960][T13051] ? __cfi_ksys_write+0x10/0x10 [ 553.596979][T13051] __x64_sys_sendto+0xe9/0x100 [ 553.597003][T13051] x64_sys_call+0x2c2c/0x2ee0 [ 553.597028][T13051] do_syscall_64+0x58/0xf0 [ 553.597051][T13051] ? clear_bhb_loop+0x50/0xa0 [ 553.597071][T13051] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 553.597091][T13051] RIP: 0033:0x7f9fde58f6c9 [ 553.597116][T13051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 553.597134][T13051] RSP: 002b:00007f9fdf4dc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 553.597156][T13051] RAX: ffffffffffffffda RBX: 00007f9fde7e5fa0 RCX: 00007f9fde58f6c9 [ 553.597171][T13051] RDX: 0000000000000026 RSI: 0000200000000240 RDI: 0000000000000005 [ 553.597184][T13051] RBP: 00007f9fdf4dc090 R08: 0000200000000540 R09: 0000000000000014 [ 553.597198][T13051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 553.597215][T13051] R13: 00007f9fde7e6038 R14: 00007f9fde7e5fa0 R15: 00007ffcd62332f8 [ 553.597232][T13051] [ 553.964882][T13067] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=13067 comm=syz.3.6203 [ 554.148356][T13085] overlayfs: missing 'workdir' [ 554.287647][T13104] overlayfs: missing 'workdir' [ 554.327919][T13108] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 554.369604][T13118] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 554.379281][T13118] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 555.633613][T13248] overlayfs: failed to resolve './file1': -2 [ 555.764373][T13268] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 555.774042][T13268] overlayfs: missing 'lowerdir' [ 556.094134][T13325] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 556.106530][T13325] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 556.193994][T13352] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 556.220328][T13352] overlayfs: missing 'lowerdir' [ 557.832352][T13473] overlayfs: missing 'lowerdir' [ 558.359456][T13497] overlayfs: missing 'lowerdir' [ 559.512818][T13543] overlayfs: missing 'lowerdir' [ 562.666253][ T36] audit: type=1400 audit(1763091937.170:237): avc: denied { listen } for pid=13642 comm="syz.1.6481" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 563.572342][ T36] audit: type=1400 audit(1763091938.080:238): avc: denied { getopt } for pid=13696 comm="syz.2.6508" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 563.692964][ T36] audit: type=1400 audit(1763091938.200:239): avc: denied { shutdown } for pid=13704 comm="syz.1.6513" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 566.671222][T13830] FAULT_INJECTION: forcing a failure. [ 566.671222][T13830] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 566.700362][T13830] CPU: 0 UID: 0 PID: 13830 Comm: syz.0.6570 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 566.700395][T13830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 566.700406][T13830] Call Trace: [ 566.700413][T13830] [ 566.700421][T13830] __dump_stack+0x21/0x30 [ 566.700453][T13830] dump_stack_lvl+0x10c/0x190 [ 566.700476][T13830] ? __cfi_dump_stack_lvl+0x10/0x10 [ 566.700501][T13830] dump_stack+0x19/0x20 [ 566.700523][T13830] should_fail_ex+0x3d9/0x530 [ 566.700543][T13830] should_fail+0xf/0x20 [ 566.700560][T13830] should_fail_usercopy+0x1e/0x30 [ 566.700580][T13830] _copy_from_user+0x22/0xb0 [ 566.700603][T13830] kvm_arch_dev_ioctl+0x252/0x890 [ 566.700629][T13830] ? __cfi_kvm_arch_dev_ioctl+0x10/0x10 [ 566.700656][T13830] ? selinux_file_ioctl+0x6e0/0x1360 [ 566.700678][T13830] ? vfs_write+0x93e/0xf30 [ 566.700696][T13830] ? __cfi_vfs_write+0x10/0x10 [ 566.700713][T13830] ? __kasan_check_write+0x18/0x20 [ 566.700738][T13830] ? mutex_unlock+0x8b/0x240 [ 566.700757][T13830] kvm_dev_ioctl+0x48d/0x14d0 [ 566.700783][T13830] ? __fget_files+0x2c5/0x340 [ 566.700802][T13830] ? __cfi_kvm_dev_ioctl+0x10/0x10 [ 566.700826][T13830] ? bpf_lsm_file_ioctl+0xd/0x20 [ 566.700850][T13830] ? security_file_ioctl+0x34/0xd0 [ 566.700870][T13830] ? __cfi_kvm_dev_ioctl+0x10/0x10 [ 566.700894][T13830] __se_sys_ioctl+0x135/0x1b0 [ 566.700914][T13830] __x64_sys_ioctl+0x7f/0xa0 [ 566.700933][T13830] x64_sys_call+0x1878/0x2ee0 [ 566.700958][T13830] do_syscall_64+0x58/0xf0 [ 566.700981][T13830] ? clear_bhb_loop+0x50/0xa0 [ 566.701001][T13830] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 566.701021][T13830] RIP: 0033:0x7f9fde58f6c9 [ 566.701038][T13830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 566.701063][T13830] RSP: 002b:00007f9fdf4dc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 566.701084][T13830] RAX: ffffffffffffffda RBX: 00007f9fde7e5fa0 RCX: 00007f9fde58f6c9 [ 566.701099][T13830] RDX: 0000200000000080 RSI: 00000000c004ae0a RDI: 0000000000000005 [ 566.701113][T13830] RBP: 00007f9fdf4dc090 R08: 0000000000000000 R09: 0000000000000000 [ 566.701126][T13830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 566.701138][T13830] R13: 00007f9fde7e6038 R14: 00007f9fde7e5fa0 R15: 00007ffcd62332f8 [ 566.701155][T13830] [ 567.288461][T13844] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 567.290328][ T36] audit: type=1400 audit(1763091941.790:240): avc: denied { ioctl } for pid=13843 comm="syz.1.6578" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 567.389727][ T36] audit: type=1400 audit(1763091941.790:241): avc: denied { mounton } for pid=13843 comm="syz.1.6578" path="/syzcgroup/unified/syz1" dev="cgroup2" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 567.806235][T13888] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 568.637723][T13930] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 568.986250][T13950] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 569.930770][T13976] FAULT_INJECTION: forcing a failure. [ 569.930770][T13976] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 569.945578][T13976] CPU: 1 UID: 0 PID: 13976 Comm: syz.3.6643 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 569.945611][T13976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 569.945623][T13976] Call Trace: [ 569.945630][T13976] [ 569.945638][T13976] __dump_stack+0x21/0x30 [ 569.945669][T13976] dump_stack_lvl+0x10c/0x190 [ 569.945692][T13976] ? __cfi_dump_stack_lvl+0x10/0x10 [ 569.945716][T13976] ? __kasan_check_write+0x18/0x20 [ 569.945744][T13976] ? kvm_arch_vcpu_load+0x650/0x8c0 [ 569.945772][T13976] dump_stack+0x19/0x20 [ 569.945794][T13976] should_fail_ex+0x3d9/0x530 [ 569.945815][T13976] should_fail+0xf/0x20 [ 569.945833][T13976] should_fail_usercopy+0x1e/0x30 [ 569.945853][T13976] _copy_from_user+0x22/0xb0 [ 569.945876][T13976] kvm_arch_vcpu_ioctl+0x9e2/0x2e50 [ 569.945894][T13976] ? avc_has_perm+0x144/0x220 [ 569.945919][T13976] ? __cfi_kvm_arch_vcpu_ioctl+0x10/0x10 [ 569.945936][T13976] ? kasan_save_alloc_info+0x40/0x50 [ 569.945962][T13976] ? selinux_file_open+0x457/0x610 [ 569.945985][T13976] ? __cfi_selinux_file_open+0x10/0x10 [ 569.946009][T13976] ? is_bpf_text_address+0x17b/0x1a0 [ 569.946032][T13976] ? kernel_text_address+0xa9/0xe0 [ 569.946055][T13976] ? __kernel_text_address+0x11/0x40 [ 569.946077][T13976] ? do_vfs_ioctl+0xeda/0x1e30 [ 569.946098][T13976] ? arch_stack_walk+0x10b/0x170 [ 569.946116][T13976] ? __ia32_compat_sys_ioctl+0x850/0x850 [ 569.946137][T13976] ? _parse_integer_limit+0x195/0x1e0 [ 569.946164][T13976] ? _parse_integer+0x2e/0x40 [ 569.946189][T13976] ? kstrtoull+0x13b/0x1e0 [ 569.946206][T13976] ? kstrtouint+0x78/0xf0 [ 569.946223][T13976] ? ioctl_has_perm+0x1aa/0x4d0 [ 569.946244][T13976] ? __asan_memcpy+0x5a/0x80 [ 569.946261][T13976] ? ioctl_has_perm+0x3e0/0x4d0 [ 569.946282][T13976] ? has_cap_mac_admin+0xd0/0xd0 [ 569.946303][T13976] ? __kasan_check_write+0x18/0x20 [ 569.946327][T13976] ? mutex_lock_killable+0x92/0x1c0 [ 569.946348][T13976] ? __cfi_mutex_lock_killable+0x10/0x10 [ 569.946366][T13976] ? proc_fail_nth_write+0x17e/0x210 [ 569.946391][T13976] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 569.946414][T13976] kvm_vcpu_ioctl+0x77c/0xee0 [ 569.946442][T13976] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 569.946460][T13976] ? __cfi_vfs_write+0x10/0x10 [ 569.946483][T13976] ? __kasan_check_write+0x18/0x20 [ 569.946507][T13976] ? mutex_unlock+0x8b/0x240 [ 569.946524][T13976] ? __cfi_mutex_unlock+0x10/0x10 [ 569.946541][T13976] ? __fget_files+0x2c5/0x340 [ 569.946562][T13976] ? __fget_files+0x2c5/0x340 [ 569.946581][T13976] ? bpf_lsm_file_ioctl+0xd/0x20 [ 569.946605][T13976] ? security_file_ioctl+0x34/0xd0 [ 569.946625][T13976] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 569.946642][T13976] __se_sys_ioctl+0x135/0x1b0 [ 569.946662][T13976] __x64_sys_ioctl+0x7f/0xa0 [ 569.946682][T13976] x64_sys_call+0x1878/0x2ee0 [ 569.946707][T13976] do_syscall_64+0x58/0xf0 [ 569.946729][T13976] ? clear_bhb_loop+0x50/0xa0 [ 569.946749][T13976] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 569.946768][T13976] RIP: 0033:0x7fabb858f6c9 [ 569.946784][T13976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 569.946802][T13976] RSP: 002b:00007fabb94a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 569.946824][T13976] RAX: ffffffffffffffda RBX: 00007fabb87e5fa0 RCX: 00007fabb858f6c9 [ 569.946839][T13976] RDX: 0000200000000000 RSI: 000000004040ae9e RDI: 0000000000000007 [ 569.946853][T13976] RBP: 00007fabb94a7090 R08: 0000000000000000 R09: 0000000000000000 [ 569.946867][T13976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 569.946879][T13976] R13: 00007fabb87e6038 R14: 00007fabb87e5fa0 R15: 00007ffd675a91f8 [ 569.946896][T13976] [ 570.765620][T14018] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 570.780362][T14018] overlayfs: missing 'lowerdir' [ 571.690630][T14063] FAULT_INJECTION: forcing a failure. [ 571.690630][T14063] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 571.713440][T14063] CPU: 0 UID: 0 PID: 14063 Comm: syz.1.6683 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 571.713476][T14063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 571.713488][T14063] Call Trace: [ 571.713495][T14063] [ 571.713502][T14063] __dump_stack+0x21/0x30 [ 571.713532][T14063] dump_stack_lvl+0x10c/0x190 [ 571.713555][T14063] ? __cfi_dump_stack_lvl+0x10/0x10 [ 571.713580][T14063] dump_stack+0x19/0x20 [ 571.713601][T14063] should_fail_ex+0x3d9/0x530 [ 571.713621][T14063] should_fail+0xf/0x20 [ 571.713638][T14063] should_fail_usercopy+0x1e/0x30 [ 571.713656][T14063] __kvm_read_guest_page+0x177/0x210 [ 571.713676][T14063] kvm_vcpu_read_guest_page+0x31a/0x400 [ 571.713696][T14063] kvm_fetch_guest_virt+0x146/0x190 [ 571.713723][T14063] ? __cfi_kvm_fetch_guest_virt+0x10/0x10 [ 571.713747][T14063] __do_insn_fetch_bytes+0x321/0x730 [ 571.713768][T14063] ? x86_decode_insn+0x4fb0/0x4fb0 [ 571.713786][T14063] ? tdp_iter_restart+0x1c4/0x360 [ 571.713807][T14063] ? kvm_tdp_mmu_fast_pf_get_last_sptep+0x290/0x290 [ 571.713831][T14063] ? tdp_iter_next+0x362/0xa30 [ 571.713850][T14063] x86_decode_insn+0x33b/0x4fb0 [ 571.713868][T14063] ? trace_mark_mmio_spte+0x22/0x130 [ 571.713894][T14063] ? __cfi_x86_decode_insn+0x10/0x10 [ 571.713911][T14063] ? __kasan_check_write+0x18/0x20 [ 571.713936][T14063] ? vmx_read_guest_seg_ar+0x1c8/0x350 [ 571.713958][T14063] ? __asan_memset+0x39/0x50 [ 571.713974][T14063] ? init_decode_cache+0x7c/0x90 [ 571.713992][T14063] ? init_emulate_ctxt+0x410/0x540 [ 571.714012][T14063] ? kvm_inject_realmode_interrupt+0x2e0/0x2e0 [ 571.714033][T14063] ? kvm_mmu_do_page_fault+0x4b0/0x5f0 [ 571.714055][T14063] x86_decode_emulated_instruction+0x66/0x190 [ 571.714081][T14063] x86_emulate_instruction+0x2d3/0x1870 [ 571.714103][T14063] ? nested_vmx_reflect_vmexit+0x153/0x3a60 [ 571.714127][T14063] ? __kernel_text_address+0x11/0x40 [ 571.714150][T14063] kvm_mmu_page_fault+0x336/0x970 [ 571.714172][T14063] handle_ept_violation+0x21c/0x440 [ 571.714191][T14063] ? vmx_vcpu_run+0x10d5/0x2000 [ 571.714216][T14063] ? __cfi_handle_ept_violation+0x10/0x10 [ 571.714235][T14063] vmx_handle_exit+0x12c2/0x1b40 [ 571.714260][T14063] ? __cfi_vmx_vcpu_run+0x10/0x10 [ 571.714285][T14063] ? kasan_save_track+0x4f/0x80 [ 571.714304][T14063] ? vmx_handle_exit_irqoff+0xe9/0x7a0 [ 571.714329][T14063] vcpu_run+0x4bd0/0x7830 [ 571.714350][T14063] ? x64_sys_call+0xe69/0x2ee0 [ 571.714387][T14063] ? signal_pending+0xc0/0xc0 [ 571.714414][T14063] ? __kasan_check_write+0x18/0x20 [ 571.714439][T14063] ? xfd_validate_state+0x68/0x150 [ 571.714463][T14063] ? fpu_swap_kvm_fpstate+0x93/0x5f0 [ 571.714482][T14063] ? __kasan_check_write+0x18/0x20 [ 571.714509][T14063] ? fpregs_mark_activate+0x69/0x160 [ 571.714529][T14063] ? fpu_swap_kvm_fpstate+0x44d/0x5f0 [ 571.714548][T14063] ? fpu_swap_kvm_fpstate+0x93/0x5f0 [ 571.714569][T14063] kvm_arch_vcpu_ioctl_run+0x101a/0x1aa0 [ 571.714594][T14063] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 571.714617][T14063] ? kstrtoull+0x13b/0x1e0 [ 571.714635][T14063] ? kstrtouint+0x78/0xf0 [ 571.714651][T14063] ? ioctl_has_perm+0x1aa/0x4d0 [ 571.714672][T14063] ? __asan_memcpy+0x5a/0x80 [ 571.714689][T14063] ? ioctl_has_perm+0x3e0/0x4d0 [ 571.714709][T14063] ? has_cap_mac_admin+0xd0/0xd0 [ 571.714731][T14063] ? __kasan_check_write+0x18/0x20 [ 571.714756][T14063] ? mutex_lock_killable+0x92/0x1c0 [ 571.714779][T14063] ? __cfi_mutex_lock_killable+0x10/0x10 [ 571.714797][T14063] ? proc_fail_nth_write+0x17e/0x210 [ 571.714821][T14063] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 571.714845][T14063] kvm_vcpu_ioctl+0x96f/0xee0 [ 571.714862][T14063] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 571.714880][T14063] ? __cfi_vfs_write+0x10/0x10 [ 571.714897][T14063] ? __kasan_check_write+0x18/0x20 [ 571.714921][T14063] ? mutex_unlock+0x8b/0x240 [ 571.714938][T14063] ? __cfi_mutex_unlock+0x10/0x10 [ 571.714954][T14063] ? __fget_files+0x2c5/0x340 [ 571.714975][T14063] ? __fget_files+0x2c5/0x340 [ 571.714995][T14063] ? bpf_lsm_file_ioctl+0xd/0x20 [ 571.715019][T14063] ? security_file_ioctl+0x34/0xd0 [ 571.715040][T14063] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 571.715056][T14063] __se_sys_ioctl+0x135/0x1b0 [ 571.715077][T14063] __x64_sys_ioctl+0x7f/0xa0 [ 571.715096][T14063] x64_sys_call+0x1878/0x2ee0 [ 571.715121][T14063] do_syscall_64+0x58/0xf0 [ 571.715144][T14063] ? clear_bhb_loop+0x50/0xa0 [ 571.715164][T14063] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 571.715184][T14063] RIP: 0033:0x7f5400b8f6c9 [ 571.715200][T14063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 571.715216][T14063] RSP: 002b:00007f5401a76038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 571.715237][T14063] RAX: ffffffffffffffda RBX: 00007f5400de5fa0 RCX: 00007f5400b8f6c9 [ 571.715253][T14063] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009 [ 571.715266][T14063] RBP: 00007f5401a76090 R08: 0000000000000000 R09: 0000000000000000 [ 571.715280][T14063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 571.715292][T14063] R13: 00007f5400de6038 R14: 00007f5400de5fa0 R15: 00007ffd7a6b4b38 [ 571.715310][T14063] [ 572.381765][T14094] FAULT_INJECTION: forcing a failure. [ 572.381765][T14094] name failslab, interval 1, probability 0, space 0, times 0 [ 572.419614][T14094] CPU: 1 UID: 0 PID: 14094 Comm: syz.1.6692 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 572.419649][T14094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 572.419662][T14094] Call Trace: [ 572.419669][T14094] [ 572.419677][T14094] __dump_stack+0x21/0x30 [ 572.419708][T14094] dump_stack_lvl+0x10c/0x190 [ 572.419731][T14094] ? __cfi_dump_stack_lvl+0x10/0x10 [ 572.419755][T14094] ? avc_has_perm+0x144/0x220 [ 572.419779][T14094] dump_stack+0x19/0x20 [ 572.419801][T14094] should_fail_ex+0x3d9/0x530 [ 572.419821][T14094] should_failslab+0xac/0x100 [ 572.419843][T14094] __kmalloc_cache_noprof+0x41/0x490 [ 572.419863][T14094] ? vhost_task_create+0x101/0x350 [ 572.419883][T14094] ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 572.419905][T14094] vhost_task_create+0x101/0x350 [ 572.419923][T14094] ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 572.419944][T14094] ? __cfi_vhost_task_create+0x10/0x10 [ 572.419964][T14094] ? __cfi_vhost_task_fn+0x10/0x10 [ 572.419982][T14094] ? __kasan_check_write+0x18/0x20 [ 572.420007][T14094] ? mutex_lock+0x92/0x1c0 [ 572.420025][T14094] ? __cfi_mutex_lock+0x10/0x10 [ 572.420042][T14094] ? kernel_text_address+0xa9/0xe0 [ 572.420066][T14094] kvm_mmu_post_init_vm+0x156/0x2d0 [ 572.420092][T14094] kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0 [ 572.420116][T14094] ? _parse_integer_limit+0x195/0x1e0 [ 572.420144][T14094] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 572.420166][T14094] ? kstrtoull+0x13b/0x1e0 [ 572.420183][T14094] ? kstrtouint+0x78/0xf0 [ 572.420199][T14094] ? ioctl_has_perm+0x1aa/0x4d0 [ 572.420221][T14094] ? __asan_memcpy+0x5a/0x80 [ 572.420244][T14094] ? ioctl_has_perm+0x3e0/0x4d0 [ 572.420265][T14094] ? has_cap_mac_admin+0xd0/0xd0 [ 572.420288][T14094] ? __kasan_check_write+0x18/0x20 [ 572.420311][T14094] ? mutex_lock_killable+0x92/0x1c0 [ 572.420330][T14094] ? __cfi_mutex_lock_killable+0x10/0x10 [ 572.420348][T14094] ? proc_fail_nth_write+0x17e/0x210 [ 572.420373][T14094] kvm_vcpu_ioctl+0x96f/0xee0 [ 572.420391][T14094] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 572.420408][T14094] ? __cfi_vfs_write+0x10/0x10 [ 572.420426][T14094] ? __kasan_check_write+0x18/0x20 [ 572.420451][T14094] ? mutex_unlock+0x8b/0x240 [ 572.420467][T14094] ? __cfi_mutex_unlock+0x10/0x10 [ 572.420484][T14094] ? __fget_files+0x2c5/0x340 [ 572.420505][T14094] ? __fget_files+0x2c5/0x340 [ 572.420526][T14094] ? bpf_lsm_file_ioctl+0xd/0x20 [ 572.420550][T14094] ? security_file_ioctl+0x34/0xd0 [ 572.420570][T14094] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 572.420587][T14094] __se_sys_ioctl+0x135/0x1b0 [ 572.420608][T14094] __x64_sys_ioctl+0x7f/0xa0 [ 572.420627][T14094] x64_sys_call+0x1878/0x2ee0 [ 572.420652][T14094] do_syscall_64+0x58/0xf0 [ 572.420674][T14094] ? clear_bhb_loop+0x50/0xa0 [ 572.420694][T14094] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 572.420714][T14094] RIP: 0033:0x7f5400b8f6c9 [ 572.420731][T14094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 572.420747][T14094] RSP: 002b:00007f5401a55038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 572.420769][T14094] RAX: ffffffffffffffda RBX: 00007f5400de6090 RCX: 00007f5400b8f6c9 [ 572.420784][T14094] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009 [ 572.420797][T14094] RBP: 00007f5401a55090 R08: 0000000000000000 R09: 0000000000000000 [ 572.420811][T14094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 572.420823][T14094] R13: 00007f5400de6128 R14: 00007f5400de6090 R15: 00007ffd7a6b4b38 [ 572.420839][T14094] [ 575.505716][T14197] FAULT_INJECTION: forcing a failure. [ 575.505716][T14197] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 575.537741][T14197] CPU: 1 UID: 0 PID: 14197 Comm: syz.3.6742 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 575.537773][T14197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 575.537783][T14197] Call Trace: [ 575.537789][T14197] [ 575.537796][T14197] __dump_stack+0x21/0x30 [ 575.537823][T14197] dump_stack_lvl+0x10c/0x190 [ 575.537843][T14197] ? __cfi_dump_stack_lvl+0x10/0x10 [ 575.537863][T14197] ? kernel_text_address+0xa9/0xe0 [ 575.537885][T14197] dump_stack+0x19/0x20 [ 575.537904][T14197] should_fail_ex+0x3d9/0x530 [ 575.537922][T14197] should_fail+0xf/0x20 [ 575.537938][T14197] should_fail_usercopy+0x1e/0x30 [ 575.537956][T14197] _copy_from_user+0x22/0xb0 [ 575.537978][T14197] ___sys_sendmsg+0x159/0x2a0 [ 575.538012][T14197] ? __sys_sendmsg+0x280/0x280 [ 575.538034][T14197] ? kstrtouint+0x78/0xf0 [ 575.538053][T14197] __sys_sendmmsg+0x271/0x470 [ 575.538075][T14197] ? __cfi___sys_sendmmsg+0x10/0x10 [ 575.538102][T14197] ? __cfi_ksys_write+0x10/0x10 [ 575.538119][T14197] __x64_sys_sendmmsg+0xa4/0xc0 [ 575.538140][T14197] x64_sys_call+0xfec/0x2ee0 [ 575.538163][T14197] do_syscall_64+0x58/0xf0 [ 575.538185][T14197] ? clear_bhb_loop+0x50/0xa0 [ 575.538204][T14197] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 575.538222][T14197] RIP: 0033:0x7fabb858f6c9 [ 575.538238][T14197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 575.538254][T14197] RSP: 002b:00007fabb94a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 575.538274][T14197] RAX: ffffffffffffffda RBX: 00007fabb87e5fa0 RCX: 00007fabb858f6c9 [ 575.538287][T14197] RDX: 0000000000000001 RSI: 0000200000003c00 RDI: 0000000000000008 [ 575.538297][T14197] RBP: 00007fabb94a7090 R08: 0000000000000000 R09: 0000000000000000 [ 575.538309][T14197] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 575.538320][T14197] R13: 00007fabb87e6038 R14: 00007fabb87e5fa0 R15: 00007ffd675a91f8 [ 575.538337][T14197] [ 576.170632][T14253] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 576.221138][T14252] bridge0: port 1(bridge_slave_0) entered blocking state [ 576.228212][T14252] bridge0: port 1(bridge_slave_0) entered disabled state [ 576.264461][T14252] bridge_slave_0: entered allmulticast mode [ 576.286348][T14252] bridge_slave_0: entered promiscuous mode [ 576.292274][ T36] audit: type=1400 audit(1763091950.790:242): avc: denied { ioctl } for pid=14267 comm="syz.3.6772" path="socket:[78473]" dev="sockfs" ino=78473 ioctlcmd=0x943c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 576.321116][T14252] bridge0: port 2(bridge_slave_1) entered blocking state [ 576.328182][T14252] bridge0: port 2(bridge_slave_1) entered disabled state [ 576.338432][T14252] bridge_slave_1: entered allmulticast mode [ 576.344580][ T36] audit: type=1400 audit(1763091950.810:243): avc: denied { read } for pid=14267 comm="syz.3.6772" path="socket:[78473]" dev="sockfs" ino=78473 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 576.369832][T14252] bridge_slave_1: entered promiscuous mode [ 576.398741][ T46] bridge_slave_1: left allmulticast mode [ 576.404452][ T46] bridge_slave_1: left promiscuous mode [ 576.413897][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 576.422094][ T46] bridge_slave_0: left allmulticast mode [ 576.429712][ T46] bridge_slave_0: left promiscuous mode [ 576.436276][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 576.564826][ T46] veth1_macvtap: left promiscuous mode [ 576.583673][ T46] veth0_vlan: left promiscuous mode [ 576.784620][T14252] bridge0: port 2(bridge_slave_1) entered blocking state [ 576.791716][T14252] bridge0: port 2(bridge_slave_1) entered forwarding state [ 576.799006][T14252] bridge0: port 1(bridge_slave_0) entered blocking state [ 576.806158][T14252] bridge0: port 1(bridge_slave_0) entered forwarding state [ 576.842483][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 576.849779][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 576.870134][ T343] bridge0: port 1(bridge_slave_0) entered blocking state [ 576.877249][ T343] bridge0: port 1(bridge_slave_0) entered forwarding state [ 576.887482][ T343] bridge0: port 2(bridge_slave_1) entered blocking state [ 576.894568][ T343] bridge0: port 2(bridge_slave_1) entered forwarding state [ 576.942273][T14252] veth0_vlan: entered promiscuous mode [ 576.978278][T14252] veth1_macvtap: entered promiscuous mode [ 577.250374][T14346] FAULT_INJECTION: forcing a failure. [ 577.250374][T14346] name failslab, interval 1, probability 0, space 0, times 0 [ 577.289033][T14346] CPU: 1 UID: 0 PID: 14346 Comm: syz.3.6804 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 577.289073][T14346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 577.289085][T14346] Call Trace: [ 577.289092][T14346] [ 577.289100][T14346] __dump_stack+0x21/0x30 [ 577.289130][T14346] dump_stack_lvl+0x10c/0x190 [ 577.289153][T14346] ? __cfi_dump_stack_lvl+0x10/0x10 [ 577.289176][T14346] ? __cfi_vfs_write+0x10/0x10 [ 577.289195][T14346] dump_stack+0x19/0x20 [ 577.289217][T14346] should_fail_ex+0x3d9/0x530 [ 577.289236][T14346] should_failslab+0xac/0x100 [ 577.289257][T14346] kmem_cache_alloc_noprof+0x42/0x430 [ 577.289274][T14346] ? ksys_write+0x1ef/0x250 [ 577.289290][T14346] ? getname_flags+0xc6/0x710 [ 577.289309][T14346] getname_flags+0xc6/0x710 [ 577.289326][T14346] __x64_sys_mknodat+0x9a/0xc0 [ 577.289348][T14346] x64_sys_call+0x21b9/0x2ee0 [ 577.289372][T14346] do_syscall_64+0x58/0xf0 [ 577.289396][T14346] ? clear_bhb_loop+0x50/0xa0 [ 577.289416][T14346] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 577.289434][T14346] RIP: 0033:0x7fabb858f6c9 [ 577.289450][T14346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 577.289466][T14346] RSP: 002b:00007fabb94a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000103 [ 577.289487][T14346] RAX: ffffffffffffffda RBX: 00007fabb87e5fa0 RCX: 00007fabb858f6c9 [ 577.289502][T14346] RDX: 00000000000021c0 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 577.289516][T14346] RBP: 00007fabb94a7090 R08: 0000000000000000 R09: 0000000000000000 [ 577.289529][T14346] R10: 0000000000000103 R11: 0000000000000246 R12: 0000000000000001 [ 577.289541][T14346] R13: 00007fabb87e6038 R14: 00007fabb87e5fa0 R15: 00007ffd675a91f8 [ 577.289558][T14346] [ 577.683682][T14352] rust_binder: Error while translating object. [ 577.683755][T14352] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 577.690000][T14352] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:946 [ 577.700392][T14347] bridge0: port 1(bridge_slave_0) entered blocking state [ 577.717200][T14347] bridge0: port 1(bridge_slave_0) entered disabled state [ 577.725951][T14347] bridge_slave_0: entered allmulticast mode [ 577.732681][T14347] bridge_slave_0: entered promiscuous mode [ 577.741026][T14347] bridge0: port 2(bridge_slave_1) entered blocking state [ 577.748142][T14347] bridge0: port 2(bridge_slave_1) entered disabled state [ 577.755829][T14347] bridge_slave_1: entered allmulticast mode [ 577.762649][T14347] bridge_slave_1: entered promiscuous mode [ 577.804623][ T13] bridge_slave_1: left allmulticast mode [ 577.810470][ T13] bridge_slave_1: left promiscuous mode [ 577.816080][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 577.831075][ T13] bridge_slave_0: left allmulticast mode [ 577.836749][ T13] bridge_slave_0: left promiscuous mode [ 577.855316][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 577.986587][ T13] veth1_macvtap: left promiscuous mode [ 578.000652][ T13] veth0_vlan: left promiscuous mode [ 578.125727][T14347] bridge0: port 2(bridge_slave_1) entered blocking state [ 578.132814][T14347] bridge0: port 2(bridge_slave_1) entered forwarding state [ 578.140092][T14347] bridge0: port 1(bridge_slave_0) entered blocking state [ 578.147167][T14347] bridge0: port 1(bridge_slave_0) entered forwarding state [ 578.202727][ T343] bridge0: port 1(bridge_slave_0) entered disabled state [ 578.210093][ T343] bridge0: port 2(bridge_slave_1) entered disabled state [ 578.249981][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 578.257053][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 578.280842][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 578.287915][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 578.325030][T14347] veth0_vlan: entered promiscuous mode [ 578.351261][T14347] veth1_macvtap: entered promiscuous mode [ 578.416082][T14420] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 578.438247][T14420] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 578.468677][ T36] audit: type=1400 audit(1763091952.970:244): avc: denied { create } for pid=14419 comm="syz.0.6805" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 578.628091][T14447] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 578.740644][T14466] FAULT_INJECTION: forcing a failure. [ 578.740644][T14466] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 578.769909][T14466] CPU: 1 UID: 0 PID: 14466 Comm: syz.0.6856 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 578.769945][T14466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 578.769957][T14466] Call Trace: [ 578.769964][T14466] [ 578.769972][T14466] __dump_stack+0x21/0x30 [ 578.770003][T14466] dump_stack_lvl+0x10c/0x190 [ 578.770026][T14466] ? __cfi_dump_stack_lvl+0x10/0x10 [ 578.770052][T14466] dump_stack+0x19/0x20 [ 578.770074][T14466] should_fail_ex+0x3d9/0x530 [ 578.770094][T14466] should_fail+0xf/0x20 [ 578.770111][T14466] should_fail_usercopy+0x1e/0x30 [ 578.770131][T14466] _copy_from_user+0x22/0xb0 [ 578.770154][T14466] __snd_timer_user_ioctl+0x179c/0x4190 [ 578.770293][T14466] ? ioctl_has_perm+0x384/0x4d0 [ 578.770312][T14466] ? snd_timer_user_fasync+0x70/0x70 [ 578.770329][T14466] ? has_cap_mac_admin+0xd0/0xd0 [ 578.770347][T14466] ? proc_fail_nth_write+0x17e/0x210 [ 578.770371][T14466] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 578.770393][T14466] ? selinux_file_ioctl+0x6e0/0x1360 [ 578.770414][T14466] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 578.770435][T14466] ? __cfi_vfs_write+0x10/0x10 [ 578.770452][T14466] ? __kasan_check_write+0x18/0x20 [ 578.770475][T14466] ? mutex_unlock+0x8b/0x240 [ 578.770492][T14466] ? __cfi_mutex_unlock+0x10/0x10 [ 578.770510][T14466] ? __kasan_check_write+0x18/0x20 [ 578.770533][T14466] ? mutex_lock+0x92/0x1c0 [ 578.770549][T14466] ? __cfi_mutex_lock+0x10/0x10 [ 578.770565][T14466] ? __fget_files+0x2c5/0x340 [ 578.770586][T14466] snd_timer_user_ioctl+0x5f/0x80 [ 578.770604][T14466] ? __cfi_snd_timer_user_ioctl+0x10/0x10 [ 578.770622][T14466] __se_sys_ioctl+0x135/0x1b0 [ 578.770642][T14466] __x64_sys_ioctl+0x7f/0xa0 [ 578.770662][T14466] x64_sys_call+0x1878/0x2ee0 [ 578.770687][T14466] do_syscall_64+0x58/0xf0 [ 578.770709][T14466] ? clear_bhb_loop+0x50/0xa0 [ 578.770728][T14466] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 578.770744][T14466] RIP: 0033:0x7fc82338f6c9 [ 578.770760][T14466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 578.770775][T14466] RSP: 002b:00007fc8242ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 578.770794][T14466] RAX: ffffffffffffffda RBX: 00007fc8235e5fa0 RCX: 00007fc82338f6c9 [ 578.770808][T14466] RDX: 0000000000000000 RSI: 0000000040345410 RDI: 0000000000000005 [ 578.770821][T14466] RBP: 00007fc8242ad090 R08: 0000000000000000 R09: 0000000000000000 [ 578.770831][T14466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 578.770850][T14466] R13: 00007fc8235e6038 R14: 00007fc8235e5fa0 R15: 00007fff0c2069d8 [ 578.770868][T14466] [ 580.040012][ T36] audit: type=1400 audit(1763091954.540:245): avc: denied { accept } for pid=14572 comm="syz.1.6893" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 580.101191][ T36] audit: type=1400 audit(1763091954.600:246): avc: denied { setattr } for pid=14571 comm="syz.0.6906" path="pipe:[80297]" dev="pipefs" ino=80297 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 580.798951][ T36] audit: type=1400 audit(1763091955.300:247): avc: denied { map } for pid=14648 comm="syz.3.6932" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 580.848960][ T36] audit: type=1400 audit(1763091955.340:248): avc: denied { name_bind } for pid=14648 comm="syz.3.6932" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 581.026841][T14671] FAULT_INJECTION: forcing a failure. [ 581.026841][T14671] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 581.060459][T14671] CPU: 1 UID: 0 PID: 14671 Comm: syz.2.6954 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 581.060490][T14671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 581.060501][T14671] Call Trace: [ 581.060507][T14671] [ 581.060515][T14671] __dump_stack+0x21/0x30 [ 581.060542][T14671] dump_stack_lvl+0x10c/0x190 [ 581.060562][T14671] ? __cfi_dump_stack_lvl+0x10/0x10 [ 581.060585][T14671] ? check_stack_object+0x12c/0x140 [ 581.060602][T14671] dump_stack+0x19/0x20 [ 581.060623][T14671] should_fail_ex+0x3d9/0x530 [ 581.060641][T14671] should_fail+0xf/0x20 [ 581.060657][T14671] should_fail_usercopy+0x1e/0x30 [ 581.060684][T14671] _copy_to_user+0x24/0xa0 [ 581.060704][T14671] simple_read_from_buffer+0xed/0x160 [ 581.060724][T14671] proc_fail_nth_read+0x19e/0x210 [ 581.060747][T14671] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 581.060768][T14671] ? bpf_lsm_file_permission+0xd/0x20 [ 581.060789][T14671] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 581.060809][T14671] vfs_read+0x27d/0xc70 [ 581.060824][T14671] ? __cfi_vfs_read+0x10/0x10 [ 581.060838][T14671] ? __kasan_check_write+0x18/0x20 [ 581.060863][T14671] ? mutex_lock+0x92/0x1c0 [ 581.060879][T14671] ? __cfi_mutex_lock+0x10/0x10 [ 581.060893][T14671] ? __fget_files+0x2c5/0x340 [ 581.060910][T14671] ksys_read+0x141/0x250 [ 581.060925][T14671] ? __cfi_ksys_read+0x10/0x10 [ 581.060941][T14671] ? __kasan_check_read+0x15/0x20 [ 581.060964][T14671] __x64_sys_read+0x7f/0x90 [ 581.060979][T14671] x64_sys_call+0x2638/0x2ee0 [ 581.061004][T14671] do_syscall_64+0x58/0xf0 [ 581.061027][T14671] ? clear_bhb_loop+0x50/0xa0 [ 581.061048][T14671] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 581.061067][T14671] RIP: 0033:0x7fe0b5d8e0dc [ 581.061083][T14671] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 581.061100][T14671] RSP: 002b:00007fe0b6c71030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 581.061120][T14671] RAX: ffffffffffffffda RBX: 00007fe0b5fe5fa0 RCX: 00007fe0b5d8e0dc [ 581.061134][T14671] RDX: 000000000000000f RSI: 00007fe0b6c710a0 RDI: 0000000000000006 [ 581.061147][T14671] RBP: 00007fe0b6c71090 R08: 0000000000000000 R09: 0000000000000000 [ 581.061159][T14671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 581.061171][T14671] R13: 00007fe0b5fe6038 R14: 00007fe0b5fe5fa0 R15: 00007fffa64df498 [ 581.061187][T14671] [ 581.995512][T14740] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 584.750357][ T538] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 584.900323][ T538] usb 2-1: Using ep0 maxpacket: 32 [ 584.911428][ T538] usb 2-1: config 0 has an invalid interface number: 188 but max is 0 [ 584.929851][ T538] usb 2-1: config 0 has no interface number 0 [ 584.936271][ T538] usb 2-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 584.957909][ T538] usb 2-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 584.977272][ T538] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 584.990315][ T538] usb 2-1: Product: syz [ 584.994510][ T538] usb 2-1: Manufacturer: syz [ 585.009572][ T538] usb 2-1: SerialNumber: syz [ 585.020313][ T538] usb 2-1: config 0 descriptor?? [ 585.029884][T14808] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 585.250397][T14808] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 585.658355][ T538] asix 2-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 585.678724][ T538] asix 2-1:0.188: probe with driver asix failed with error -61 [ 586.533686][T14915] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 586.540325][ T36] audit: type=1400 audit(1763091961.040:249): avc: denied { execute } for pid=14914 comm="syz.2.7074" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 586.573317][ T36] audit: type=1400 audit(1763091961.080:250): avc: denied { bind } for pid=14912 comm="syz.0.7073" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 587.348458][T14939] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 587.934109][ T538] usb 2-1: USB disconnect, device number 15 [ 588.444961][T15093] FAULT_INJECTION: forcing a failure. [ 588.444961][T15093] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 588.474444][T15093] CPU: 1 UID: 0 PID: 15093 Comm: syz.3.7158 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 588.474477][T15093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 588.474490][T15093] Call Trace: [ 588.474497][T15093] [ 588.474505][T15093] __dump_stack+0x21/0x30 [ 588.474534][T15093] dump_stack_lvl+0x10c/0x190 [ 588.474556][T15093] ? __cfi_dump_stack_lvl+0x10/0x10 [ 588.474580][T15093] ? vfs_write+0x93e/0xf30 [ 588.474598][T15093] dump_stack+0x19/0x20 [ 588.474620][T15093] should_fail_ex+0x3d9/0x530 [ 588.474640][T15093] should_fail+0xf/0x20 [ 588.474657][T15093] should_fail_usercopy+0x1e/0x30 [ 588.474677][T15093] _copy_from_user+0x22/0xb0 [ 588.474699][T15093] do_sock_getsockopt+0x1d7/0x6d0 [ 588.474725][T15093] ? __cfi_do_sock_getsockopt+0x10/0x10 [ 588.474747][T15093] ? __fget_files+0x2c5/0x340 [ 588.474767][T15093] __x64_sys_getsockopt+0x1d5/0x280 [ 588.474791][T15093] x64_sys_call+0x10db/0x2ee0 [ 588.474815][T15093] do_syscall_64+0x58/0xf0 [ 588.474836][T15093] ? clear_bhb_loop+0x50/0xa0 [ 588.474855][T15093] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 588.474873][T15093] RIP: 0033:0x7fabb858f6c9 [ 588.474896][T15093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 588.474913][T15093] RSP: 002b:00007fabb94a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 588.474934][T15093] RAX: ffffffffffffffda RBX: 00007fabb87e5fa0 RCX: 00007fabb858f6c9 [ 588.474950][T15093] RDX: 0000000000000011 RSI: 0000000000000000 RDI: 0000000000000005 [ 588.474963][T15093] RBP: 00007fabb94a7090 R08: 0000200000000140 R09: 0000000000000000 [ 588.474977][T15093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 588.474990][T15093] R13: 00007fabb87e6038 R14: 00007fabb87e5fa0 R15: 00007ffd675a91f8 [ 588.475008][T15093] [ 588.723630][ T36] audit: type=1400 audit(1763091963.220:251): avc: denied { write } for pid=15125 comm="syz.1.7175" name="bus" dev="incremental-fs" ino=546 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 588.749255][T14252] ------------[ cut here ]------------ [ 588.753753][ T36] audit: type=1400 audit(1763091963.220:252): avc: denied { add_name } for pid=15125 comm="syz.1.7175" name="blkio.bfq.group_wait_time" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 588.754794][T14252] WARNING: CPU: 0 PID: 14252 at fs/inode.c:340 drop_nlink+0xce/0x110 [ 588.777215][ T36] audit: type=1400 audit(1763091963.220:253): avc: denied { create } for pid=15125 comm="syz.1.7175" name="blkio.bfq.group_wait_time" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 588.777243][ T36] audit: type=1400 audit(1763091963.220:254): avc: denied { associate } for pid=15125 comm="syz.1.7175" name="blkio.bfq.group_wait_time" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 588.830853][T14252] Modules linked in: [ 588.834769][T14252] CPU: 0 UID: 0 PID: 14252 Comm: syz-executor Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 588.846846][T14252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 588.857110][T14252] RIP: 0010:drop_nlink+0xce/0x110 [ 588.862197][T14252] Code: 04 00 00 be 08 00 00 00 e8 cf 54 ee ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 32 e4 97 ff <0f> 0b eb 81 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 59 ff ff ff 4c [ 588.881847][T14252] RSP: 0018:ffffc900064cfc60 EFLAGS: 00010293 [ 588.887927][T14252] RAX: ffffffff81ee1a7e RBX: ffff88812f1ef0c8 RCX: ffff88811906a600 [ 588.895933][T14252] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 588.903947][T14252] RBP: ffffc900064cfc88 R08: 0000000000000003 R09: 0000000000000004 [ 588.911952][T14252] R10: dffffc0000000000 R11: fffff52000c99f7c R12: dffffc0000000000 [ 588.919940][T14252] R13: 1ffff11025e3de22 R14: ffff88812f1ef110 R15: 0000000000000000 [ 588.927968][T14252] FS: 000055556380e500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 588.937032][T14252] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 588.943649][T14252] CR2: 00007fffa64ddf78 CR3: 000000011ee74000 CR4: 00000000003526b0 [ 588.951674][T14252] Call Trace: [ 588.954956][T14252] [ 588.957891][T14252] shmem_rmdir+0x5f/0x90 [ 588.962183][T14252] vfs_rmdir+0x3dd/0x560 [ 588.966440][T14252] incfs_kill_sb+0x109/0x230 [ 588.971161][T14252] deactivate_locked_super+0xd5/0x2a0 [ 588.976555][T14252] deactivate_super+0xb8/0xe0 [ 588.981298][T14252] cleanup_mnt+0x3f1/0x480 [ 588.985721][T14252] __cleanup_mnt+0x1d/0x40 [ 588.990147][T14252] task_work_run+0x1e0/0x250 [ 588.994959][T14252] ? __cfi_task_work_run+0x10/0x10 [ 589.000091][T14252] ? __x64_sys_umount+0x126/0x170 [ 589.005235][T14252] ? __cfi___x64_sys_umount+0x10/0x10 [ 589.010648][T14252] ? __kasan_check_read+0x15/0x20 [ 589.015688][T14252] resume_user_mode_work+0x36/0x50 [ 589.020845][T14252] syscall_exit_to_user_mode+0x64/0xb0 [ 589.026315][T14252] do_syscall_64+0x64/0xf0 [ 589.030785][T14252] ? clear_bhb_loop+0x50/0xa0 [ 589.035479][T14252] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 589.041434][T14252] RIP: 0033:0x7f0cbe3909f7 [ 589.045859][T14252] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 589.065513][T14252] RSP: 002b:00007ffd569f6518 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 589.073979][T14252] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0cbe3909f7 [ 589.081998][T14252] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd569f65d0 [ 589.089975][T14252] RBP: 00007ffd569f65d0 R08: 0000000000000000 R09: 0000000000000000 [ 589.098083][T14252] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd569f7660 [ 589.106096][T14252] R13: 00007f0cbe411d7d R14: 000000000008fb94 R15: 00007ffd569f76a0 [ 589.114112][T14252] [ 589.117133][T14252] ---[ end trace 0000000000000000 ]--- [ 589.123761][T14252] ================================================================== [ 589.131849][T14252] BUG: KASAN: null-ptr-deref in ihold+0x24/0x70 [ 589.138101][T14252] Write of size 4 at addr 0000000000000168 by task syz-executor/14252 [ 589.146257][T14252] [ 589.148592][T14252] CPU: 0 UID: 0 PID: 14252 Comm: syz-executor Tainted: G W syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 589.148624][T14252] Tainted: [W]=WARN [ 589.148630][T14252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 589.148641][T14252] Call Trace: [ 589.148647][T14252] [ 589.148655][T14252] __dump_stack+0x21/0x30 [ 589.148684][T14252] dump_stack_lvl+0x10c/0x190 [ 589.148706][T14252] ? __cfi_dump_stack_lvl+0x10/0x10 [ 589.148730][T14252] print_report+0x3d/0x70 [ 589.148750][T14252] kasan_report+0x163/0x1a0 [ 589.148771][T14252] ? ihold+0x24/0x70 [ 589.148791][T14252] ? _raw_spin_unlock+0x45/0x60 [ 589.148815][T14252] ? ihold+0x24/0x70 [ 589.148834][T14252] kasan_check_range+0x299/0x2a0 [ 589.148863][T14252] __kasan_check_write+0x18/0x20 [ 589.148887][T14252] ihold+0x24/0x70 [ 589.148904][T14252] vfs_rmdir+0x26a/0x560 [ 589.148926][T14252] incfs_kill_sb+0x109/0x230 [ 589.148952][T14252] deactivate_locked_super+0xd5/0x2a0 [ 589.148976][T14252] deactivate_super+0xb8/0xe0 [ 589.148999][T14252] cleanup_mnt+0x3f1/0x480 [ 589.149019][T14252] __cleanup_mnt+0x1d/0x40 [ 589.149038][T14252] task_work_run+0x1e0/0x250 [ 589.149060][T14252] ? __cfi_task_work_run+0x10/0x10 [ 589.149080][T14252] ? __x64_sys_umount+0x126/0x170 [ 589.149104][T14252] ? __cfi___x64_sys_umount+0x10/0x10 [ 589.149128][T14252] ? __kasan_check_read+0x15/0x20 [ 589.149154][T14252] resume_user_mode_work+0x36/0x50 [ 589.149177][T14252] syscall_exit_to_user_mode+0x64/0xb0 [ 589.149196][T14252] do_syscall_64+0x64/0xf0 [ 589.149217][T14252] ? clear_bhb_loop+0x50/0xa0 [ 589.149237][T14252] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 589.149257][T14252] RIP: 0033:0x7f0cbe3909f7 [ 589.149274][T14252] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 589.149291][T14252] RSP: 002b:00007ffd569f6518 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 589.149311][T14252] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0cbe3909f7 [ 589.149325][T14252] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd569f65d0 [ 589.149338][T14252] RBP: 00007ffd569f65d0 R08: 0000000000000000 R09: 0000000000000000 [ 589.149352][T14252] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd569f7660 [ 589.149367][T14252] R13: 00007f0cbe411d7d R14: 000000000008fb94 R15: 00007ffd569f76a0 [ 589.149384][T14252] [ 589.149392][T14252] ================================================================== [ 589.400436][T14252] Disabling lock debugging due to kernel taint [ 589.406625][T14252] BUG: kernel NULL pointer dereference, address: 0000000000000168 [ 589.414420][T14252] #PF: supervisor write access in kernel mode [ 589.415246][ T36] audit: type=1400 audit(1763091963.910:255): avc: denied { read } for pid=92 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 589.420472][T14252] #PF: error_code(0x0002) - not-present page [ 589.420486][T14252] PGD 800000011ef5b067 P4D 800000011ef5b067 PUD 0 [ 589.443130][ T36] audit: type=1400 audit(1763091963.910:256): avc: denied { search } for pid=92 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 589.448122][T14252] [ 589.448130][T14252] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI [ 589.448153][T14252] CPU: 0 UID: 0 PID: 14252 Comm: syz-executor Tainted: G B W syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 589.454939][ T36] audit: type=1400 audit(1763091963.910:257): avc: denied { write } for pid=92 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 589.475863][T14252] Tainted: [B]=BAD_PAGE, [W]=WARN [ 589.475872][T14252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 589.475883][T14252] RIP: 0010:ihold+0x2a/0x70 [ 589.478546][ T36] audit: type=1400 audit(1763091963.910:258): avc: denied { add_name } for pid=92 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 589.484326][T14252] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d [ 589.484344][T14252] RSP: 0018:ffffc900064cfca0 EFLAGS: 00010246 [ 589.484361][T14252] RAX: ffff88811906a600 RBX: 0000000000000000 RCX: ffff88811906a600 [ 589.484375][T14252] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 589.600179][T14252] RBP: ffffc900064cfcb0 R08: ffffffff88972947 R09: 1ffffffff112e528 [ 589.608134][T14252] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff88812f1ef0d4 [ 589.616086][T14252] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 589.624036][T14252] FS: 000055556380e500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 589.632943][T14252] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 589.639508][T14252] CR2: 0000000000000168 CR3: 000000011ee74000 CR4: 00000000003526b0 [ 589.647465][T14252] Call Trace: [ 589.650745][T14252] [ 589.653657][T14252] vfs_rmdir+0x26a/0x560 [ 589.657902][T14252] incfs_kill_sb+0x109/0x230 [ 589.662477][T14252] deactivate_locked_super+0xd5/0x2a0 [ 589.667832][T14252] deactivate_super+0xb8/0xe0 [ 589.672515][T14252] cleanup_mnt+0x3f1/0x480 [ 589.676937][T14252] __cleanup_mnt+0x1d/0x40 [ 589.681338][T14252] task_work_run+0x1e0/0x250 [ 589.685917][T14252] ? __cfi_task_work_run+0x10/0x10 [ 589.691011][T14252] ? __x64_sys_umount+0x126/0x170 [ 589.696069][T14252] ? __cfi___x64_sys_umount+0x10/0x10 [ 589.701428][T14252] ? __kasan_check_read+0x15/0x20 [ 589.706445][T14252] resume_user_mode_work+0x36/0x50 [ 589.711539][T14252] syscall_exit_to_user_mode+0x64/0xb0 [ 589.716978][T14252] do_syscall_64+0x64/0xf0 [ 589.721375][T14252] ? clear_bhb_loop+0x50/0xa0 [ 589.726121][T14252] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 589.732000][T14252] RIP: 0033:0x7f0cbe3909f7 [ 589.736397][T14252] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 589.755987][T14252] RSP: 002b:00007ffd569f6518 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 589.764405][T14252] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0cbe3909f7 [ 589.772361][T14252] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd569f65d0 [ 589.780322][T14252] RBP: 00007ffd569f65d0 R08: 0000000000000000 R09: 0000000000000000 [ 589.788281][T14252] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd569f7660 [ 589.796239][T14252] R13: 00007f0cbe411d7d R14: 000000000008fb94 R15: 00007ffd569f76a0 [ 589.804206][T14252] [ 589.807209][T14252] Modules linked in: [ 589.811083][T14252] CR2: 0000000000000168 [ 589.815216][T14252] ---[ end trace 0000000000000000 ]--- [ 589.820668][T14252] RIP: 0010:ihold+0x2a/0x70 [ 589.825157][T14252] Code: f3 0f 1e fa 55 48 89 e5 41 56 53 48 89 fb e8 1d db 97 ff 48 8d bb 68 01 00 00 be 04 00 00 00 e8 8c 4b ee ff 41 be 01 00 00 00 44 0f c1 b3 68 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 2d [ 589.844747][T14252] RSP: 0018:ffffc900064cfca0 EFLAGS: 00010246 [ 589.850810][T14252] RAX: ffff88811906a600 RBX: 0000000000000000 RCX: ffff88811906a600 [ 589.858765][T14252] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 589.866725][T14252] RBP: ffffc900064cfcb0 R08: ffffffff88972947 R09: 1ffffffff112e528 [ 589.874680][T14252] R10: dffffc0000000000 R11: fffffbfff112e529 R12: ffff88812f1ef0d4 [ 589.882642][T14252] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 589.890596][T14252] FS: 000055556380e500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 589.899508][T14252] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 589.906080][T14252] CR2: 0000000000000168 CR3: 000000011ee74000 CR4: 00000000003526b0 [ 589.914563][T14252] Kernel panic - not syncing: Fatal exception [ 589.920956][T14252] Kernel Offset: disabled [ 589.925271][T14252] Rebooting in 86400 seconds..